Solved APP Extension for Chrome

[Danibell]

Like many others, I am having issues with the APP extension redirecting my google searches to bing and yahoo. I have tried everything I am capable of (including running mulitiple malware scans, resetting chrome to default and deleting what may be the concerning files).

Here are the files from the FRST scan. I would appreciate any help you can offer! Thank you!

 

[icotonev]

Hello..! Welcome to MalwareTips..!
A few things in advance that I see in your files..!

AV: ESET Security (Disabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton Security (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}

+

adaware antivirus
AdAwareInstaller
AntimalwareEngine

This is too much security software that installs a lot of files in your system. They can conflict at some point, leading to problems in the operation of your operating system. In addition, they all make the analysis of your system quite difficult.
Please keep only one antivirus program, uninstall the others in the standard way or in this way:

• Download the Revo Uninstaller Free and save it on your Desktop.
• Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
• Double click the program's icon to open it.
• Choose the Uninstall tab from the menu and let the program to create a Restore point.
• Choose Scan, and then the Advanced mode scan.
• Select all the Online Services items found, Delete and Next.
• Let the procedure be completed and click on Finish.
• Restart the computer.

Next ....:

Please run FRST tool once more, and attach for me fresh logs:

• Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach these two logs in your next reply.

 

[Danibell]

I understand, I just installed the other security software in an effort to remove the malware this week. I normally have and use Norton exclusively.
I am unable to remove the other Norton Security software, I am running Norton 360 now. The only uninstall option I have is to uninstall the entire Norton package.
Again, I appreciate the help!

 

[icotonev]

Hello..!

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:

• Fixlog.txt

 

[Danibell]

My Chrome no longer says it is run by an organization, and my google searches are staying in google and not redirecting! Thank you so much!!

 

[icotonev]

This is great news..!
Last check just to ensure everything is clean..:

• Double click Frst64.exe to launch it.
• FRSTwill start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box:

Searchall: pejhfhcoekcajgokallhmklcjkkeemgj

• Press the Search Files button.
• When finished searching a log will open on your Desktop ... Search.txt
• Please post it in your next reply.

Next ....:

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

[Danibell]

Farbar Recovery Scan Tool (x64) Version: 24-04-2023
Ran by ddsbe (24-04-2023 16:16:28)
Running from C:\Users\ddsbe\Downloads
Boot Mode: Normal

================== Search Files: "Searchall: pejhfhcoekcajgokallhmklcjkkeemgj" =============

File:
========

folder:
========

Registry:
========
[HKEY_USERS\S-1-5-21-1198700895-1132233002-3992213775-1001\Software\Google\Chrome\PreferenceMACs\Profile 1\extensions.settings]
"pejhfhcoekcajgokallhmklcjkkeemgj"="FD52D346E29DB5CE364989C877F38DD330A9FBFA3513E82CE5A947C0467FE962"


====== End of Search ======


4/24/2023 16:39:39 PM
Files scanned: 326735
Detected files: 2
Cleaned files: 2
Total scan time 00:34:23
Scan status: Finished
C:\Users\ddsbe\Downloads\downloads\Instal files\PhotoScape_V3.7.exe Win32/OpenCandy potentially unsafe application,Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting

C:\Users\ddsbe\Downloads\downloads\Instal files\rcsetup152.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting

 

[icotonev]

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:

• Fixlog.txt

 

[Danibell]

Alright I ran that as well, here is the fixlog from it.

 

[icotonev]

Your computer is now clean...! That's all I'm going to ask you to do...:

• Download KpRm and save it to your Desktop (see here if you must use Chrome)
• Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
• Right click on the icon and select Run as administrator
• Click Yes on the Disclaimer
• Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
• Click Run
• Click OK on All operations are completed
• KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
• You are free to remove any other tools/reports still remaining
• Please copy and paste its contents in your next reply.

 

[Danibell]

# Run at 4/27/2023 5:12:56 PM
# KpRm (Kernel-panik) version 2.12.0
# Website https://kernel-panik.me/tool/kprm/
# Run by ddsbe from C:\Users\ddsbe\Downloads
# Computer Name: MSI
# OS: Unsupported OS X64 (22621) (10.0.22621.0)
# Number of passes: 1

- Checked options -

~ Delete Tools
~ Create Restore Point
~ Delete Quarantines after 7 days

- Delete Tools -


## AdwCleaner
[OK] C:\Users\ddsbe\Downloads\adwcleaner.exe deleted

## ESET Online Scanner
[OK] C:\Users\ddsbe\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\ddsbe\Downloads\esetonlinescanner (1).exe deleted
[OK] C:\Users\ddsbe\Downloads\esetonlinescanner (2).exe deleted
[OK] C:\Users\ddsbe\Downloads\esetonlinescanner.exe deleted
[OK] C:\Users\ddsbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted

## FRST
[OK] C:\Users\ddsbe\Desktop\Addition.txt deleted
[OK] C:\Users\ddsbe\Desktop\Fixlog.txt deleted
[OK] C:\Users\ddsbe\Desktop\FRST.txt deleted
[OK] C:\Users\ddsbe\Downloads\Addition.txt deleted
[OK] C:\Users\ddsbe\Downloads\Fixlog.txt deleted
[OK] C:\Users\ddsbe\Downloads\FRST-OlderVersion deleted
[OK] C:\Users\ddsbe\Downloads\FRST.txt deleted
[OK] C:\Users\ddsbe\Downloads\FRST64.exe deleted
[OK] C:\Users\ddsbe\Downloads\Search.txt deleted

## Rkill
[OK] C:\Users\ddsbe\Desktop\Rkill.txt deleted
[OK] C:\Users\ddsbe\Downloads\iExplore.exe deleted

- Other Lines -


## Quarantines that will be deleted in 7 days (2023/05/04)
~ C:\AdwCleaner (AdwCleaner)
~ C:\Users\ddsbe\AppData\Local\ESET\ESETOnlineScanner (ESET Online Scanner)
~ C:\FRST (FRST)

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named AA11 created at 04/24/2023 17:01:34
~ RP named Revo Uninstaller's restore point - Heaven Benchmark version 4.0 created at 04/24/2023 17:23:23
~ RP named Restore Point Created by FRST created at 04/24/2023 18:20:47
~ RP named Restore Point Created by FRST created at 04/25/2023 17:32:26
~ RP named KpRm created at 04/27/2023 21:12:59

-- KPRM finished in 10.78s --




I just want to say I can't thank you enough for all your help with this!! In reading other posts about it, i saw where someone donated to another worthy cause in honor of your help, and I am planning to do something similar this week! Thank you again

 

[icotonev]

I just want to say I can't thank you enough for all your help with this!! In reading other posts about it, i saw where someone donated to another worthy cause in honor of your help, and I am planning to do something similar this week! Thank you again

Thank you for placing your trust in MalwareTips. It was my pleasure to help you..!
That is all..! I mark the topic as SOLVED...!

Stay Safe...!