Solved Chrome infection

[Dylan342]

Hello,

I am a member of a Vbulletin message board that was hacked a couple weeks ago (they hadn't updated their version in awhile, making them vulnerable). I logged in while it was hacked, and my Chrome is now infected. Have tried just about everything I know to remove the virus, but it remains undetected. Attaching ADW and FRST logs.

Thank you in advance for your help!

 

[TwinHeadedEagle]

Hello,


Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

 

[Dylan342]

See attached below. I ran this before I posted, and it removed some things but did not remove the infection.

 

[Dylan342]

here is a screenshot of the Avast warning that I have been getting as well. Note: Full Avast scan does not remove the virus.

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[Dylan342]

Thank you. Here you go:

 

[TwinHeadedEagle]

Can you reset Google Chrome?

https://support.google.com/chrome/answer/3296214?hl=en

 

[Dylan342]

Yes, I've done that already a few times.

 

[Dylan342]

One clarification: The malware is opening new browser windows, not tabs.

 

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

[Dylan342]

attached. I accidentally started it with Avast still running. The program ran for 40 minutes and did not stop, so I just rebooted my machine with it still running, and then disabled Avast and ran it normally.

 

[TwinHeadedEagle]

Do you still have the same issue?

 

[Dylan342]

I will let you know. Was that program supposed to eliminate the problem?

 

[Dylan342]

Yes, it is still happening.

 

[Dylan342]

Have done this, will report back with results

 

[Dylan342]

Still infected.

 

[Dylan342]

although the pop up browser windows appear to be less frequent

 

[Dylan342]

using avast right now and zemana running also.

 

[Dylan342]

Installing Kaspersky

 

[Dylan342]

Kapersky scan found no problems. It is running in the background and just blocked a rogue browser window trying to open by itself.