Solved "Discover Treasure" infection affecting chrome and performance

[Tewma2]

Have listed most information above, please let me know what else I can/should do to help expedite this process for you. None of the above was done on safemode (just occurred to me).

A few of the above programs are on a trial basis as I currently don't have any active recurring subscriptions with any antivirus program, but rather a free version of AVAST. It would seem this needs to change, however I'm not willing to choose one of these programs if they're unable to detect and remove, unless their job is to help prevent the initial issue.

Have provided as much detail as I can, hopefully too much is better than not enough.

Thank you in advance for any help you can provide. Feel free to ask for additional information which I will provide if I can.

Attached please find scan logs from FRST and HitmanPro.

N.B. rather gutted that "infection date and initial symptoms, current issues and symptoms, and steps taken in order to remove the infection" weren't saved in drafts when hitmanpro closed my browser after scanning while cleaning. <-- Set me back half an hour. A small price to pay for a clean and secure laptop.

 

[Tewma2]

EDIT -- current symptoms include 5 ads by Discover Treasure as the first 5 results of any google search.

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.

Can you attach Zemana AntiMalware and MalwareBytes reports too?
.
.
.

 

[Tewma2]

Attached please find Zemana first and latest report, as well as Malware latest report.

On a side note, I used the program "uTorrent" to download the malware disguised as the program "Openoffice", has this compromised my laptop as well? I since uninstalled uTorrent from add remove programs in control panel but am not sure it's completely gone, but OpenOffice seems to work fine so haven't removed that yet. Ought I?

 

[TwinHeadedEagle]

So, you have problems only in Chrome?

 

[Tewma2]

Yes, the rest of the laptop seems to be working fine besides being incredibly slow, though some default apps keep resetting, but I think that's coz of the scans and fixes. Also when I tried to shut down last night the display turned off but the machine never truly turned off, alternating between different cpu speeds and fan turning on off ever now and then until I held the power button.

 

[TwinHeadedEagle]

Can you reinstall Google Chrome?

 

[Tewma2]

If it helps I could send you the original scan reports with what was found and quarantined?

 

[TwinHeadedEagle]

I asked you to send what was deleted.

 

[Tewma2]

Sorry I thought you needed latest to see what was still left. Attached find all first reports for Malwarebytes, Zemana and hitmanpro.

 

[Tewma2]

Should I also proceed with chrome reinstallation? If so do I complete remove before reinstalling or can I keep settings like bookmarks etc.?

 

[TwinHeadedEagle]

Yes, please reinstall Chrome, restart your PC and tell me how is it behaving now?

 

[Tewma2]

So glad google account remembered my bookmarks. Here is a report from Zemana after reinstalling chrome.

 

[TwinHeadedEagle]

It somehow removed legitimate extensions from Chrome. You'll need to install Google Chrome again. Not sure what happened, these extensions are on whitelist.

 

[Tewma2]

Also PC started up much more quickly and chrome doesn't appear to be infected anymore, though worried about the Zemana report. As of now no visible Malware effects besides the 11 extensions in the scan.

 

[Smith83]

though worried about the Zemana report.

@Tewma2 You changed the advanced settings in Zemana. You must have ticked include all browser extensions, so there is nothing to worry about in that aspect....

 

[TwinHeadedEagle]

@Tewma2

If you want my help, please stop with one-sided actions. You're running programs and checking options without prior consulting me.

Never understood why people like to check all possible available options thinking that this will do something better.

 

[Tewma2]

I'm sorry, did that a while ago, you're right. Uninstalled, reinstalled, and restarted, and the Zemana scan only picked up 4 extensions; chrome startup url, click and clean app, superblock adblocker and magic actions for youtube, the latter 2 of which I added myself. Shall I untick the option or just select exclude for those extensions? And does it also mean the laptop's clean!? If so you've been amazingly helpful and patient. Thankyou.

 

[TwinHeadedEagle]

If you recognize extensions, then do not remove them. If everything is running fine, then we're done here.

 

[Tewma2]

Not a single issue encountered throughout the rest of the evening, you have my gratitude! Left a small donation as most PC stores would charge a small fortune and have taken a couple of days. To avoid this problem in future I'll be a bit more cautious should I use a torrent downloader, however as you seem to be in the know, I was wondering what your suggestion for additional protection would be as a backup should my stupidity pull through. Preventative is always preferable to curative!

Problem resolved and 1 happy client to boot!