Solved Fuschia hybrida extension even after removing chromestera

[Craig12455]

a couple days ago i unknowingly installed the chromestera malware and even though I’ve went through with Malwarebytes and Rkill I still have this fuschia hybrida extension and it redirects my searches, blocks me from signing in to my adsense account and my account is now “managed by an organization” does anyone know how to remove it?

 

[icotonev]

Hello ..! Welcome to MalwareTips..!

Please follow the instruction below..:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

---------------------------------------------------

In your next reply, please include:

• FRST.txt
• Addition.txt

 

[Craig12455]

Hi, thank you so much for responding! I have to attend school right now but I’ll give it a try once I come back.

 

[Craig12455]

These files right?

 

[icotonev]

Yes, thank you ..! Looking them over now, dependant on how much I need to research this may (or may not) take some time.

 

[icotonev]

Hello ..!

Is this Proxy familiar to you..?

ProxyServer: [S-1-5-21-2058502296-3923866205-371166041-1001] => http=127.0.0.1:8888;https=127.0.0.1:8888

• Download the Revo Uninstaller (Free Download) and save it on your Desktop.
• Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
• Double click the program's icon to open it.
• Write in the search area, on the top left, the following program:

App Explorer
App Explorer

• Choose the Uninstall tab from the menu and let the program to create a Restore point.
• Choose Scan, and then the Advanced mode scan.
• Select all the Online Services items found, Delete and Next.
• Let the procedure be completed and click on Finish.
• Restart the computer.

Next ....:

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.

• Copy/paste the following in the Search: box

Searchall: iaboicckncdnlcimgnhhhehcejkhjfel , Chromstera Browser

• Click Search Files button
• When completed click OK and a Search.txt document will open on your desktop
• Аttach the report in your reply. If the file is too large zip and upload it here.

In your next reply, please include:

• Fixlog.txt
• Search report

 

[Craig12455]

Hi, yes, my FRST exe wasnt in any folder so I just made a new one and put the fixlist inside with it, I hope that was correct

 

[icotonev]

Very good..! How is the computer running..? I think we'll do more checks..!

Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now.
  • When the scan has finished, a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Filestab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

Run Malwarebytes (scan only)

• Download Malwarebytes and save it to your Desktop.
• Once downloaded, close all programs and Windows on your computer.
• Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
• Follow the instructions to install the program.
• When finished, double click the program's icon created on your Desktop.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:

Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Threat Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
  
  If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:

1. The AdwCleaner[S0*].txt
2. The Malwarebytes report

 

[Craig12455]

Sorry for the late reply, here they are

 

[icotonev]

Hi, Craig12455..! Thank you..!

AdwCleaner (Clean mode)

The section at the bottom under Pre-Installed Software is software that was apparently installed when the device was new by your PC manufacturer (in this case Acer). Personally, I don't keep anything from this software that I don't use/need. But it's your computer, so the decision is yours.

To proceed, please do the following:

• Double click AdwCleaner.exe on your Desktop, to run it as you did before.
• Click Scan Now.
• When the scan has finished a Scan Results window will open.
• Please check all the boxes and then click Quarantine.
• Click Next.
  • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
  • Check any pre-installed software items you want to remove.
  • Click Quarantine.
• A prompt to save your work will appear.
  • Click Continue when you're ready to proceed.
• A prompt to restart your computer will appear.
  • Click Restart Now.
• Once your computer has restarted:
  • If it doesn't open automatically, please start AdwCleaner.
  • Click the Log Files tab.
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

Fresh FRST logs

Please run FRST tool once more, and attach for me fresh logs:

• Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach these two logs in your next reply.

In your next reply, please post:

1. The AdwCleaner[C0*].txt
2. Fresh FRST logs
3. Feedback: let me know about how is the computer running. Please, include any issue and concern right now.

 

[Craig12455]

Here they are, it seems my accontisnt being managed by an organization anymore and it has stopped redirecting my searches!

 

[icotonev]

Here they are, it seems my accontisnt being managed by an organization anymore and it has stopped redirecting my searches!

Well done..! Great, looks like we are ll set..! The system looks clean..
Last question..Is this Proxy familiar to you..?

ProxyServer: [S-1-5-21-2058502296-3923866205-371166041-1001] => http=127.0.0.1:8888;https=127.0.0.1:8888

 

[Craig12455]

yep!

 

[icotonev]

Thank you...! Your computer is now clean..! Here is our final step..:

• Download KpRm and save it to your Desktop (see here if you must use Chrome)
• Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
• Right click on the icon and select Run as administrator
• Click Yes on the Disclaimer
• Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
• Click Run
• Click OK on All operations are completed
• KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
• You are free to remove any other tools/reports still remaining
• Please copy and paste its contents in your next reply.

 

[Craig12455]

Alright, here is the report! I'd just like to say thank you so much for guiding me through this, I really appreciate it

​

 

[icotonev]

Thank you..! I'm glad I could help you...That is all..! I mark the topic as SOLVED...!
Thank you for placing your trust in MalwareTips..!
Stay Safe...!