Jump to content

Detection of LevelDB and Webdata files from Chrome - infection?


Recommended Posts

Sorry, I'm not ESPECIALLY knowledgeable about antivirus technicalities but I am very careful what I download and to find the "right" download button

Anyway this morning I decided to run the free trial MB and do a scan and it found 28 'threats' all related to google chrome. I Quarantined and removed them and so far they haven't reappeared. They're all LDB or webdata files and so far I haven't been able to find on the web whether this kinda thing is actually a threat or just something that is flagged for certain characteristics. I haven't noticed any issues with my computer, no security breaches, no slowdowns (it's a self-built gaming PC)

If it is a threat, however, is the quarantine+remove method viable and safe or does this threat need me to format and reinstall windows?

---Report Output Below---

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/8/22
Scan Time: 7:19 AM
Log File: a4c8dcbe-b6a7-11ec-b93a-d45d640796b8.json

-Software Information-
Version: 4.5.7.186
Components Version: 1.0.1645
Update Package Version: 1.0.53353
License: Free

-System Information-
OS: Windows 10 (Build 19044.1586)
CPU: x64
File System: NTFS
User: DESKTOP-BDTD98M\harri

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 348635
Threats Detected: 28
Threats Quarantined: 28
Time Elapsed: 3 min, 24 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 6
PUP.Optional.MyStart, C:\USERS\BRIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 210, 492335, , , , , , 
PUP.Optional.MyStart, C:\USERS\HARRI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 210, 492335, , , , , , 
PUP.Optional.MyStart, C:\USERS\BRIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 210, 492335, , , , , , 
PUP.Optional.MyStart, C:\USERS\HARRI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 210, 492335, , , , , , 
PUP.Optional.MyStart, C:\USERS\BRIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 210, 492335, , , , , , 
PUP.Optional.MyStart, C:\USERS\HARRI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 210, 492335, , , , , , 

File: 22
PUP.Optional.MyStart, C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 210, 492335, , , , , 1B6FAD70291BE3F5DAA4204781FBCD4C, 5BE24E04E04A0B596DADD4348A299F29E10CD599DE09498DFC895249B888243D
PUP.Optional.MyStart, C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000006.log, Quarantined, 210, 492335, , , , , FF32F939A762E87DBD37CE904743F869, 2D840FD29539400F0C7620A8C6AEF4046E2036379028059665CEB3C5D557C06F
PUP.Optional.MyStart, C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.ldb, Quarantined, 210, 492335, , , , , DA5E17D2BEE9ADEB798DF8D3662EAC2E, 973F8250F4CAF4540DEF2C1429020C46EB1B8E3836EA603FCEBA289760221398
PUP.Optional.MyStart, C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 210, 492335, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.MyStart, C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 210, 492335, , , , , , 
PUP.Optional.MyStart, C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 210, 492335, , , , , AFAFB95B4DC9EE6CBE968A6384E03D3B, BDEFB6F4E08AAF5B170178AAF4E91B3EDED0792BAE6CD759E583D91A9249DC73
PUP.Optional.MyStart, C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 210, 492335, , , , , A4355884FC2971C95025DE04BB6BEF84, 8505BC50520461C0786CA5E77CC898D68FBC6628CBE139671222D5990EE6A157
PUP.Optional.MyStart, C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 210, 492335, , , , , DFD14A0B1F085D6F71D0AF044D08613E, 5D7A05D766F6C3595CAB6A778A3CEB1474569D4C7521E88E42CC177053D09104
PUP.Optional.MyStart, C:\Users\harri\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 210, 492335, , , , , 5B8CB3343BF4FEE09BEFF5AD87D29FBC, 6152135D19FBE5A6BB6A32980FA376F423BD9424E5E217F6D823E2F5F90A9638
PUP.Optional.MyStart, C:\Users\harri\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\033878.ldb, Quarantined, 210, 492335, , , , , ED1D86C9EE53815B7EB46418362A59CB, A360239C8D341B27B014EA772DF36EE36391FE269894E5522861B220E7386674
PUP.Optional.MyStart, C:\Users\harri\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\033880.ldb, Quarantined, 210, 492335, , , , , 42B56C2322169BF0157ED68A7AD56586, BA5A7D2C468AF0FC49C80E28FF770F949089F6743CB7CCB130A31D4ABBD00CF0
PUP.Optional.MyStart, C:\Users\harri\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\033882.ldb, Quarantined, 210, 492335, , , , , 5D0CF364BF71CC9211D5582B419460DD, CA49EF953BD3367BD447CCF6BA1D28A318F36D48D4424FCE6EEBB084F3BFB822
PUP.Optional.MyStart, C:\Users\harri\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\033883.log, Quarantined, 210, 492335, , , , , A3BE513334F040A31A8F2CAA660DEC6B, 03B3B6DCAF0D7E59F9D6A7353CA26CE0977EA7B1B14136F22B1C19FFD569AEDF
PUP.Optional.MyStart, C:\Users\harri\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\033884.ldb, Quarantined, 210, 492335, , , , , 055A074CB6B10B77205AD6B48AD4FA50, DCBA3F8D930EC89600AF8EE4F097DB4AA46EDBA625F3C6D41A4C1764C650B980
PUP.Optional.MyStart, C:\Users\harri\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 210, 492335, , , , , 3C4BFABD6655F9358CB79BC1FED82C48, 954AB0240341F33DFED2F74A0EB89ACA1BA235DF44404A026E183A15F8EF4542
PUP.Optional.MyStart, C:\Users\harri\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 210, 492335, , , , , , 
PUP.Optional.MyStart, C:\Users\harri\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 210, 492335, , , , , 78EDCEDC9489C5BAA8E2A55A76761EAF, 1FCD708F8DA001A5E38FED4C07B482C63E69569676E41778E0E77BB9FB46FB60
PUP.Optional.MyStart, C:\Users\harri\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 210, 492335, , , , , 99316AF637F74C8731EC26A59395440C, 507F13B908E0418074AD817383B52712B136715437547A391FF49FB9B97B7A7C
PUP.Optional.MyStart, C:\Users\harri\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-029197, Quarantined, 210, 492335, , , , , 1ACF75DF2AD25D12BDEFC61D76C4D812, 95F9C4AEDCB24041DC6037724E33A7DEBBE97F63065341186396D99FA2D35FFF
PUP.Optional.MyStart, C:\USERS\BRIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 210, 492335, 1.0.53353, , ame, , 0D4BCE92A2BAD85EA5B4EFB295D209F8, 1328C1D693838080BC7EC28D68DCA6BDB1E02BACA2F20C6C34B069DFC5FD6D6D
PUP.Optional.MyStart, C:\USERS\BRIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 210, 492335, 1.0.53353, , ame, , 0D4BCE92A2BAD85EA5B4EFB295D209F8, 1328C1D693838080BC7EC28D68DCA6BDB1E02BACA2F20C6C34B069DFC5FD6D6D
PUP.Optional.MyStart, C:\USERS\BRIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 210, 492335, 1.0.53353, , ame, , 0D4BCE92A2BAD85EA5B4EFB295D209F8, 1328C1D693838080BC7EC28D68DCA6BDB1E02BACA2F20C6C34B069DFC5FD6D6D

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

4 minutes ago, AdvancedSetup said:

Hello @Hazza223

 

Please follow the directions from the following topic and let us know if that corrects the issue for you.

 

Thank you

 

Hi,

Thank you for the reply, I haven't had it be a recurring issue yet. What I'm more worried about is if these things constitute an actual security threat to my PC and/or data, and if they are, is Malwarebytes' removal tool an effective solution or is it best to reformat? I'm a little paranoid.

Link to post
Share on other sites

  • Root Admin

Normally Malwarebytes can remove them just fine. However, there are some that are within the Google Chrome structure that Malwarebytes cannot access to fully remove due to Google not allowing 3rd party access to the data stream. In those cases you need to manually clean Google Chrome.

If you're no longer having an issue then things should be okay.

Try restarting the computer and then do another scan with Malwarebytes and see if it remains clean now.

 

Link to post
Share on other sites

10 minutes ago, AdvancedSetup said:

Normally Malwarebytes can remove them just fine. However, there are some that are within the Google Chrome structure that Malwarebytes cannot access to fully remove due to Google not allowing 3rd party access to the data stream. In those cases you need to manually clean Google Chrome.

If you're no longer having an issue then things should be okay.

Try restarting the computer and then do another scan with Malwarebytes and see if it remains clean now.

 

Restarted the computer, did a few scans about half hours apart while using chrome, also ran you guys' adware remover tool, nothing found. All seems good. 

I was hoping you could educate me on the kind of things this malware could be. Is it actually malware or just a chrome file that MB is flagging out of caution or some 'misunderstanding' with Chrome? And, can these types of chrome files infect other parts of my computer? 

Link to post
Share on other sites

  • Root Admin

Please go ahead and run a scan with ESET and let's see if it finds any issues

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g. their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Link to post
Share on other sites

  • Root Admin

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please attach that file to your next reply. (not compulsory)

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites

All done, that was pretty easy. Thanks. I'm already using LastPass premium to manage my passwords as someone in Russia attempted to hack my email 2 years ago and having one password for everything became unacceptably dangerous. Thank you so much for all the help.

Link to post
Share on other sites

  • Root Admin
Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.