chrome try to access webcam and changed the search engine

Status
Not open for further replies.

awesomegil

New Member
Thread author
Dec 16, 2020
2
Hi friends,
Google chrome's search engine changed to yahoo and no matter how much I change it, it only uses yahoo. Also chrome and edge browser trying to open the webcam when I open it. I also feel the fans working harder. I scanned it with Malwarebytes and Kaspersky but nothing came out. Can you help me about it?
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer


  • Right-click on the MBAM icon and select Run as administrator to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*]
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.[/*]
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.[/*]
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button[/*]
  • Note: The scan may take some time to finish, so please be patient.[/*]
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.[/*]
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/*]
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.[/*]
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Click the LogFile button and the report will open in Notepad.[/*]
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.[/*]
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Check off the element(s) you wish to keep.[/*]
  • Click on the Clean button follow the prompts.[/*]
  • A log file will automatically open after the scan has finished.[/*]
  • Please post the content of that log file with your next answer.[/*]
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).[/*]
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

p.s.
The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====
 

awesomegil

New Member
Thread author
Dec 16, 2020
2
Thank you for caring about issue. I attached the malwarebytes log. It did not find anything.

Adwcleaner find 3 things and all of them looked suspicious so I cleaned them.

After using Adwcleaner, I restarted windows, and when it started the mouse cursor was moving differently, i don not why

Sorry, nothing has changed. By the way, when I tried to search in chrome, it closed chrome twice. In the other, first entered a site called newtablovel and then searched on yahoo. Thank you for helping.
 

Attachments

  • malware.txt
    1.2 KB · Views: 6
  • AdwCleaner[C00].txt
    1.9 KB · Views: 6
  • Addition.txt
    46.1 KB · Views: 6
  • FRST.txt
    59.2 KB · Views: 6

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hello, Welcome to BleepingComputer.

Hi,

ATTENTION: System Restore is disabled (Total:67.69 GB) (Free:0.97 GB) (1%)
Do to the low free space (Free:0.97 GB) on your hard drive you no longer can create a Restore point.

If you install a new program and something goes wrong you will not be able to restore your system.
This fix will you your temporary files that will help. Not sure if it will be enough. You should have close to 10% to make sure all is running smootly.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

Code:
start

CreateRestorePoint:
CloseProcesses:

FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com.tr/","hxxps://www.google.com/","hxxp://google.com/","hxxps://www.google.com/","hxxps://encrypted.google.com","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://search.conduit.com/?gd=&ctid=CT3320047&octid=EB_ORIGINAL_CTID&ISID=MA4414291-FC7D-4B82-93A1-DBF7816C0D1A&SearchSource=55&CUI=&UM=... (long line)

C:\Users\yerde\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1564603425-2573137015-3320418141-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\yerde\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\yerde\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\yerde\AppData\Roaming:iSpring Solutions [128]
FirewallRules: [TCP Query User{80F73343-97B2-4FEC-80C7-F8789BFB759D}C:\users\yerde\appdata\local\nvidia corporation\geforcenow\cef\geforcenow.exe] => (Allow) C:\users\yerde\appdata\local\nvidia corporation\geforcenow\cef\geforcenow.exe => No File
FirewallRules: [UDP Query User{A2102898-3DF0-49EC-AC7E-D74E7AC3D9F6}C:\users\yerde\appdata\local\nvidia corporation\geforcenow\cef\geforcenow.exe] => (Allow) C:\users\yerde\appdata\local\nvidia corporation\geforcenow\cef\geforcenow.exe => No File
FirewallRules: [{7FCC6453-C61C-43F9-9C5C-CA230BC996CF}] => (Allow) C:\Users\yerde\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{599996D4-3B43-453C-A446-D0677E8049AA}] => (Allow) C:\Users\yerde\AppData\Roaming\Zoom\bin\airhost.exe => No File

CMD: netsh int ip reset
CMD: ipconfig /flushDNS

CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R

EmptyTemp:

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

After the restart check the properties of you Hard Disk and find out how much space you now have.

Let me know if your problem is solved.
 
  • Like
Reactions: upnorth
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top