Help - Google Chrome Extension Virus reinstalls itself every hour

Status
Not open for further replies.

ConfusedPCUser

New Member
Thread author
Apr 7, 2023
1
Hello. I've tried everything I can possibly think of in order to get rid of this virus. It showed up as a hijacked extension of my google chrome. It deleted all my other extensions and caused my chrome to constantly open and close. It repeatedly pinged pogothere.xyz but was blocked by my computer. I've completely wiped chrome multiple times and it keeps coming back. Finally, I just straight up wiped every essence of chrome off my computer, but it STILL continues to come back under a folder called Chrome_display in my app data folder. Chrome isn't even downloaded, but it just waits there until I reinstall it and then it hijacks my extensions again.

It recreates itself every hour 25 minutes after the hour. Same folder, same JS and JSON file. I've run hitmanpro, malware bytes, deleted every single program off my computer that I've installed in the last two weeks. Went through my registry and deleted anything to do with google or chrome. I'm completely at my wit's end.

The extension calls itself Shampoo. Here is a copy/paste of the json file it creates.

"name": "Shampoo", "version": "18.0", "description": "Shampoo", "action": { "default_icon": { "128": "settings.png" }, "default_title": "Shampoo" }, "icons": { "128": "settings.png" }, "permissions": [ "management", "privacy", "browsingData", "tabs", "webNavigation", "webRequest", "declarativeNetRequest", "storage", "alarms", "contextMenus" ], "host_permissions": [ "file:///chrome://*/*", "*://*/*" ], "content_security_policy": { "extension_page": "script-src 'self' 'unsafe-eval'; object-src 'self'" }, "background": { "service_worker": "background.js" }, "manifest_version": 3,


It comes with a png of a cog wheel called "settings.png" and a javascript file called "Background"

My antivirus will pick this file up and delete it, but it comes back. I delete it manually, it comes back. I have never had a virus like this before. I consider myself mildly tech savvy but this one has me completely scratching my head. Any advice would be much appreciated. Once I delete these files all antivirus software comes back clean.
 
  • Like
Reactions: Gaku992

Gaku992

New Member
Apr 8, 2023
1
Literally having the same problem. I suspect it has something to do with something i downloaded from steamunlocked. I uninstalled everything and followed different instructions I found online. But it keeps coming back.
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This topic is for @ConfusedPCUser


@Gaku992 Please see your topic and reply in it.​



My apologies for this late reply.
I leave in the Westend of Montreal, Quebec Canada and I lost the power to my home due to an Ice Storm from Wednesday night on the 5th of April . I stayed in a Hotel and got back when the power was restored late this Monday Afternoon.



  • Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*]
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.[/*]
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.[/*]
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button[/*]
  • Note: The scan may take some time to finish, so please be patient.[/*]
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.[/*]
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/*]
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.[/*]
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Click the LogFile button and the report will open in Notepad.[/*]
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.[/*]
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Check off the element(s) you wish to keep.[/*]
  • Click on the Clean button follow the prompts.[/*]
  • A log file will automatically open after the scan has finished.[/*]
  • Please post the content of that log file with your next answer.[/*]
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).[/*]
===


Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions


----- if needed ----
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

My apologies for this late reply.
I leave in the Westend of Montreal, Quebec Canada and I lost the power to my home due to an Ice Storm from Wednesday night on the 5th of April . I stayed in a Hotel and got back when the power was restored late this Monday Afternoon.



  • Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*]
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.[/*]
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.[/*]
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button[/*]
  • Note: The scan may take some time to finish, so please be patient.[/*]
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.[/*]
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/*]
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.[/*]
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Click the LogFile button and the report will open in Notepad.[/*]
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.[/*]
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Check off the element(s) you wish to keep.[/*]
  • Click on the Clean button follow the prompts.[/*]
  • A log file will automatically open after the scan has finished.[/*]
  • Please post the content of that log file with your next answer.[/*]
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).[/*]
===


Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions


----- if needed ----
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top