Jump to content

Browser Hijacker (Chrome and Edge) not removed by Malwarebytes


Go to solution Solved by Maurice Naggar,

Recommended Posts

Searches are redirected (from Edge and Chrome) to Bing, yahoo, etc. There is an "app" extension showing in both browsers called "apps+4.0+extension+adakfdcjddkdjolfgopncdandijkdlde which seems suspicious. It doesn't allow deletion. I've tried resetting both Chrome and Edge, and clearing DNS... Help appreciated! Attached is a screenshot of the extension detail from Chrome.

Apps extension.pdf

Link to post
Share on other sites

Hello :welcome:  @kirkp

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

I would like a report set for review. This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished.
Attach the mbst-grab-results.zip from the Desktop to your reply..

Link to post
Share on other sites

Hi. Thanks for the support-tool report. We will be doing a number of procedures, over separate sessions. Please have much patiences. We will start with these. Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article
Please use this Guide

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it
guide & download link

Then be sure to close all web browsers after the download & before launching the tool.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

Guide article

Attach the clean log from Adwcleaner when all completed.

Link to post
Share on other sites

Thank you. When you get caught up, these are important steps to do.

1. Press & hold  the Windows key on keyboard & then tap the R key   to open the Run box-window.
2. Type

appwiz.cpl


and tap Enter.
The Programs and Features window will appear.   Locate on the list "X-Rite Device Services Manager".

Do a right-click on it.  Then choose Uninstall.   Let it proceed.
This add-on has some extremly odd & questionable scheduled tasks on this machine.

Locate on the installed Programs list list "Adobe Flash Player 32 NPAPI"
Do a right-click on it.  Then choose Uninstall.   Let it proceed.  This program is very obsolete & a security risk to have around. 

Locate on the installed Programs list list "Adobe Flash Player 32 PPAPI"
Do a right-click on it.  Then choose Uninstall.   Let it proceed.  This program is very obsolete & a security risk to have around. 
Exit Programs and Features, when done.
Now do a Windows Restart.
 

Link to post
Share on other sites

  • Solution

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

Close Malwarebytes.

>

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will attempt to remove the rogue browser extensions on Edge & on Chrome browsers. It will reset the Winsock file. It will get selected readouts on some Windows services. It will attempt to clear temporary cache files on web browsers. Depending on the speed of your computer this fix may take 50-55 minutes or more.

This next job will end all open applications and then do its work. Please read all of this.

The tool FRSTENGLISH.exe tool  is already on this machine on your  Downloads folder   ( keep that in mind )

Please download the attached fixlist.txt file and save it to  folder Downloads

Fixlist.txt<-- - - - -

 

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the C:\Users\Kirk\Downloads folder

RIGHT-Click on   FRSTENGLISH and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. We will do more, later.

Please have much patience. I am a volunteer. I am not on all the time. on your next reply, after these steps, let me know if your browsers are once more back to normal.

Link to post
Share on other sites

The custom-run is good. The Windows System File Checker has made some corrections.

Windows Resource Protection found corrupt files and successfully repaired them.


This last run has completed what was originally intended. 
By the way, the Microsoft Defender antivirus is up-to-date, and is on, and is in good state.

The rogue browser Extensions ( hijacker so called) should no longer be on Edge or on Chrome.

Link to post
Share on other sites

You are very very welcome. 😃 This next part just checks if certain applications are out of date. Report only.

Temporarily disable Microsoft SmartScreen to download the next software below 

I would recommend getting a readout report as to update status of some key apps.
Download SecurityCheck by glax24 from here

and save the tool on the desktop.

                   If Windows's  SmartScreen block that with a message-window, then
                         Click on the MORE INFO spot and over-ride that and allow it to proceed.

                             This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

When all done, you may go back to turn ON the EDGE Smartscreen protection.

Link to post
Share on other sites

Thank you for the report from SecurityCheck. Here are what need your attention and follow-up.
Microsoft 365 Apps for business - en-us v.16.0.15128.20224 Warning! Download Update
How Install Office updates?

Microsoft Silverlight v.5.1.50918.0 Warning! This software is no longer supported. Very old technology. Uninstall Silverlight

Foxit Reader v.8.1.4.1208 Warning! Download Update

Microsoft Office 2007 Primary Interop Assemblies v.12.0.4518.1014 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice

Microsoft Works 6-9 Converter v.14.0.6120.5002 Warning! This software is no longer supported.

Microsoft SQL Server 2005 Compact Edition [ENU] v.3.1.0000 Warning! This software is no longer supported.
 
Google Drive v.1.32.4066.7445 Warning! Download Update
 
7-Zip 22.01 (x64) v.22.01 Warning! Download Update
Uninstall old version and install new one.
 
paint.net v.4.0.10 Warning! Download Update

Microsoft Teams v.1.4.00.4167 Warning! Download Update

Zoom v.5.11.9 (8040) Warning! Download Update

Skype version 8.51 v.8.51 Warning! Download Update

Skype™ 7.40 v.7.40.151 Warning! Uninstall old version. You only need 1 version of this
 
Java 8 Update 211 (64-bit) v.8.0.2110.12 Warning! Download Update
Uninstall old version and install new one (jre-8u371-windows-x64.exe).

Java 8 Update 211 v.8.0.2110.12 Warning! Uninstall this obsolete version.

Audacity 2.1.2 v.2.1.2 Warning! Download Update

QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
 
Adobe AIR v.50.1.1.2 Warning! This software is no longer supported. Please uninstall it.

Adobe Shockwave Player 12.3 v.12.3.5.205 Warning! This software is no longer supported. Please uninstall it.
swMSM v.12.0.0.1 << Hidden Warning! This software is no longer supported. Please uninstall it.

Adobe Acrobat XI Standard v.11.0.23 Warning! Download Update
^Please run Acrobat Reader DC and go Help - Check for updates...^

Adobe Acrobat Reader DC v.20.012.20041 Warning! Download Update
^Please run Acrobat Reader DC and go Help - Check for updates...^

Opera Stable 47.0.2631.39 v.47.0.2631.39 Warning! Download Update

Windows Live Essentials v.16.4.3528.0331 Warning! This software is no longer supported.

Bonjour v.3.1.0.1 Warning! Your pc does not need it. Uninstall Bonjour.

Let me know if you need other help. I believe the system is good-to-go.

Let's go ahead and do some clean-up work and remove the tools and logs we've run.
Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_2-14.exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • You may attach that file to your next reply. (not compulsory)
  • Delete mb-support-1.9.1.977.exe
  • Delete mbst-grab-results.zip on the Desktop.


Sincerely.

Edited by Maurice Naggar
Link to post
Share on other sites

Delete mb-support-1.9.1.977.exe
Delete mbst-grab-results.zip on the Desktop.

The KPRM is good. Your system is good-to-go.

Let me suggest that you get your browsers each, ( EDGE + CHROME + FIREFOX ) as applicable, to have the Malwarebytes Browser Guard.

See Support article how-to

See Support article how-to for Firefox

For the EDGE browser

Note: If the pc also has Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate).
 

Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

I am marking this case for closure.
I wish you all the best. Stay safe.
Sincerely.

Maurice

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

  • Like 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.