Around 3 days ago, I was on my administrator account and went on a shaddy blogspot and download what they told me to to get Microsoft office 2016 and crack it using kmsauto or something like that, I got warning from chrome and defender to not download those but I did anyway, Then shortly after chrome was hijacked trying to get extensions, ads were popping all over my screen and popups saying to upgrade antivirus or get virus help etc, my computer was going crazy. I could scan with Malwarebytes premium that I just downloaded while having the virus and I scanned, and tried to get rid of the virus by deleting the downloads. In malware bytes the logs said something like Hijack 50 times and Rootkit.Komodia or something like that. There was like 200 detections in total and many viruses and malware/adware. I tried to clean it with Malwarebytes and I think the popups stopped and chrome reset losing my bookmarks, extensions, etc. I shutdown my computer and went to sleep. Then I woke up next day and tried going in safe mode, using Rkill, then using Malwarebytes, then scanning with Avira, HitmanPro, TDSSkiller and It seemed I was fine. I reset my pc ( delete files and start over) and then I also tried to do a clean reinstall of windows using a usb. The thing is when I got the virus and malware I had the usb plugged in so I don't know if it was infected and after that I also plugged in the usb to 2 other computers. After reinstalling windows 10, I did all the steps again, using Rkill, Malwarebytes, Avira,Hitmanpro, and TDSSkiller. They didn't seem to find any threats. I also then used Malwarebytes anti rootkit, Sophos Virus removal tool, Junkware removal tool, and adwcleaner. adwcleaner keeps finding Chrome things, 4 things that keep coming even after I clean and restart, I scan again and they are not cleaned The values are 2 search providers, ask.com and aol.com which are web data and a weird extension whos data is fkjlohfdjcjhmfcabomglnciodlnplhk which is secure preferences and 4th one is homepage they are all in users/pinfo/appdata/local/google/chrome/User Data/Default. I will have a picture of it attached. I think I have a rootkit and adware/malware still on my computer.
Chrome Extension adware and Rootkit/hijack
- Thread starter Dima Mardari
- Start date
also I forgot to add this I tried to uninstall many programs that seemed weird when I got the Virus, this was before reseting and reinstalling windows 10
- Mar 8, 2013
- 22,627
Hello,
Please download Zemana AntiMalware and save it to your Desktop.
Please download Zemana AntiMalware and save it to your Desktop.
- Install the program and once the installation is complete it will start automatically.
- Without changing any options, press Scan to begin.
- After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
- Open Zemana AntiMalware again.
- Click on
icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
- The only left thing is to attach saved report in your next message.
Thank you for coming to my aid quicker than I thought, I did the steps you asked and uploaded the latest report.
- Mar 8, 2013
- 22,627
Also I would like to add that before I scanned with Zemana Antimalware, I uninstalled chrome and deleted google folder from local appdata, then I reinstalled chrome and logged in to get my account bookmarks and it also synced my extensions, I removed adblock and adblock plus and I also removed Avira extentions like Avira web security and Avira password manager in case it was those things. I now have adblock extension added again after scanning with Zemana so maybe that's why Adwcleaner is finding those things, It could be adblock but I'm not sure
- Mar 8, 2013
- 22,627
Can you reinstall Chrome and delete %localappdata% folder and scan with Adwcleaner without logging into your Google account?
when you say delete %localappdata% folder do you mean the Local folder in Appdata containing stuff like Avira,CEF,Chromium,Comms,Comodo, etc? or just a certain folders in local folder
- Mar 8, 2013
- 22,627
Alright, I uninstalled chrome and deleted Google folder inside %localappdata%
Then I went on Microsoft edge and chrome website to download google chrome
Whats weird is when chrome opened, my Eset nod32 gave me a warning saying to either block the connection or continue, not sure why ( some sort of connection thing) and I pressed continue
and also avira password manager and avira browser safety are adding themselves to extensions even though I'm pretty sure I uninstalled Avira.
Anyways, I didnt log in or change anything other than removing the 2 extensions from Avira i was talking about
and scanned with adwcleaner and the result will be uploaded as a file
Then I went on Microsoft edge and chrome website to download google chrome
Whats weird is when chrome opened, my Eset nod32 gave me a warning saying to either block the connection or continue, not sure why ( some sort of connection thing) and I pressed continue
and also avira password manager and avira browser safety are adding themselves to extensions even though I'm pretty sure I uninstalled Avira.
Anyways, I didnt log in or change anything other than removing the 2 extensions from Avira i was talking about
and scanned with adwcleaner and the result will be uploaded as a file
Attachments
Similar threads
- Locked
- Locked
