Removing the remains of Trovi Spam Virus from Google Chrome.

[Stupid-Idiot]

Yes!

That is the screen. All the green bold numbers with bookmarks, auto-fills etc. Pressed OK, and this time waited 48 hours to log back in.

Is there some type of perhaps stale cache that Chrome pulls data from that might be corrupted with bad data/bugs on this computer?
Because every time I re-sync, it gets alllll the same autofills, bookmarks, saved passwords, everything. Also I noted that when you do this your actual bookmarks do not go away, I guess they just stopped syncing. This bug has to have planted something somewhere else... I don't know.

 

[Stupid-Idiot]

Also, I sent Google Chrome a report about this so maybe they can flush it out for me. I'll let you know if they ever get back to me as well. What else else can I do now?

 

[Stupid-Idiot]

Ok, I tried it again, and this time went to the custom menu and unchecked all the sync options. Now when I log back in, nothing will sync. Now what I am going to do over the next few days is re-check one box at a time and run the scans to see what comes up and when.

As of now the preferences folder still comes up as bad from adw cleaner, but since I just did this stop sync hopefully it will go away in a few hours/a day. Only time will tell. If it never goes away then I cannot test to see when it comes back and all is lost.

 

[TwinHeadedEagle]

Okay, keep me updated about the progress.

 

[Stupid-Idiot]

So, today I logged in, and it has now gotten worse!

The ask.com, trovi.com, and aol.com links have popped back up in the adw cleaner search.

Those I have never seen on this HD before until now.

Also, when I logged back into Chrome, all the sync boxes were RE-CHECKED.

I am officially pissed and defeated... I have no clue what to do or how this virus is still effecting me.

 

[Stupid-Idiot]

Ok,

So I have just looked into this "preferences" folder a little closer. Everything in this default folder starts in a CAPITAL LETTER, except this file, which is very suspicious to me. This is also the file that adw cleaner comes up with. Reading through this quick I don't understand any of it, but does anything in here look suspicious to you? I see a few things that seem weird. Let me know what you think. Because if possible I could open the file up in notepad and edit it, save it, and hopefully that would work, as opposed to removing it and having it reappear everytime.

Let me know what you think, I attached it below:

 

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  chrdefaults;
  ffdefaults;
  emptyalltemp;
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Stupid-Idiot]

Hey,

Thanks for the reply. I ran it and the results are as follows.

 

[TwinHeadedEagle]

How is the situation now?

 

[Stupid-Idiot]

ADW Cleaner still comes up with the preferences folder as infected.

 

[Stupid-Idiot]

Hmmm, I was thinking. If I delete this GMAIL account, and then create one with the same name a day later, do you think that would work?

 

[Stupid-Idiot]

Disconnecting Google account? But what if I want to reconnect? Also, the custom sync settings were automatically changed to sync all again when I clearly removed them.

 

[Stupid-Idiot]

Is it possible that this bug has just latched somewhere else on my computer other than the HD or is it 100% associated with my Gmail account? If I log into other computers do they get this?

 

[TwinHeadedEagle]

Can I see that Adwcleaner report you persistently talk about.

Here is that line on my PC

-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\preferences ]

And there is nothing bad with this, this line you'll found on every PC that uses Chrome.

 

[Stupid-Idiot]

When you run ADW Cleaner on your PC, That line "File : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\preferences" comes up under the Chrome tab every time? I doubt it. Seeing as I have searched post stopping sync data with chrome, and pre opening chrome again. Also, Mine comes up with 5 # signs to the left and right of it. EG: "##### C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\preferences #####"

This specific search just came up with that line it it. It occasionally come up with that, plus the ask.com, trovi.com and another line in the initial search (see past psots of ADW Clearner and you will see what i mean, there should be 4 items that come up in the search as opposed to one).

 

[TwinHeadedEagle]

Adwcleaner report is clean, just forget about it. How is your PC now, do you have some issues?

 

[Stupid-Idiot]

it APPEARS to be fine, but why would that preferences folder always pop up in the adw cleaner?

 

[TwinHeadedEagle]

Because Adwcleaner is designed to show location of preferences file on your PC

 

[Stupid-Idiot]

So when you run ADW Cleaner, the same line comes up for you?

 

[TwinHeadedEagle]

Yes