[Biscuithd]

Ok, our best suggestion now is to Uninstall Chrome, remove the Synch, reset the Router and then re-install Chrome.

 

The good news is that three of us have reviewed your logs and we don't see malware in the scans. This is clearly something outside the machine. And, as you point out, if your iPad is doing it, then that really confirms it.

[Advertisements]

I uninstalled Chrome and than using Internet Explorer I visited chrome dashboard to stop the sync of my data when I reinstall the browser. After that I unplugged the power cable of my router and waited a few minutes. After that I installed Chrome back and before having to log in to my google account the malware appeared again.

 

Is there any chance that the malware is inside the BIOS files? Insade the mouse, keyboard or router firmwares?

 

Thanks.

[adriandallegrave]

I uninstalled Chrome and than using Internet Explorer I visited chrome dashboard to stop the sync of my data when I reinstall the browser. After that I unplugged the power cable of my router and waited a few minutes. After that I installed Chrome back and before having to log in to my google account the malware appeared again.

 

Is there any chance that the malware is inside the BIOS files? Insade the mouse, keyboard or router firmwares?

 

Thanks.

[Biscuithd]

Is there any chance that the malware is inside the BIOS files? Insade the mouse, keyboard or router firmwares?

Not very likely. As you said, the issue is in your iPad also. This has to be something, like a browser synch, that is common to both machines and all browsers.

 

Let's have a look this way.

 

We will use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

•Type browserupdatecheck.in;wpad.dat into the Search: field in FRST then click the Search Registry button.
•FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
•Please attach it to your reply.

[adriandallegrave]

Unfortunately, here is the log it generated.

 

 

Farbar Recovery Scan Tool (x64) Version:28-06-2015 01

Ran by Adrian at 2015-07-08 17:10:48

Running from C:\Users\Adrian\Desktop\frst

Boot Mode: Normal

 

================== Search Registry: "browserupdatecheck.in;wpad.dat" ===========

 

====== End of Search ======

[Biscuithd]

Now I am highly suspicious of the Chrome synch. Could you try this.

 

Chrome has a “Reset settings” button that restores everything back to the browser’s defaults. Go to Settings > Show Advanced Settings and scroll to the bottom of that page.

[adriandallegrave]

I already did this many times to reset Chrome when the malware ended up installing unwanted toolbars and such. Did it again now just to be sure but nothing happened to the ads.

[Biscuithd]

I am calling in reinforcements and we'll see what some new eyes can see here.

[Biscuithd]

Apologies if you've already done this...

 

We are of the opinion that the issue is in the Google Backup. So, uninstall Chrome, then re-install it without any Synch from anywhere. This has to be the problem. Logs are clean and the issue is in the iPad as well.

[adriandallegrave]

On post #31 I was asked to do just that. Now I did it again and got the same results. I'll show you the steps I took so you can see if I did it right. 

 

1 - Using the computer at my workplace I went to the website www.google.com/dashboard ;

2 - There I logged into my account and open the tab "Chrome Sync";

3 - I clicked on "Manage Chrome Sync";

4 - I clicked on "Reset sync";

5 - At home I turned on my computer on safe mode and completely uninstalled Chrome;

6 - I unplugged my router from the energy and waited a couple of minutes for its ROM to erase;

6 - I reset the computer on safe mode with network connection and using IE I downloaded Chrome;

7 - I installed Chrome and opened the browser;

8 - Before logging into my account I could already see ads on any page.

 

I also have two informations that might be useful: 

 

First - I tried to get some screenshots of the iPad's ads that are appearing. I updated Chrome Browser App and couldn't find the ads anymore. The ads were all Android OS related and behaved similarly to the ads I find in the computer. I'm not sure if they are gone forever from the iPad after I updated Chrome or if they are gone just for a while. Since the ads on the PC always come and go I'll keep checking if they are back and will keep you informed.

 

Second - I told you on another post that my friend's computer also got infected. Some time ago I was still wondering if the malware was stored in the Flash Drive holding the backup of my files so I asked him to help me to transfer my documents. He connected his computer through the network using the Windows command prompt and passed me the files. Even though my computer was offline right after being formated his computer got the malware the same day. Since than he ended buying a new HD and after installing the OS he didn't see the ads appear. He was using Firefox but as soon as he installed and logged into Google Chrome the ads appeared and infected all the other browsers. This pretty much confirms that the malware is coming from Chrome. 

 

Thanks for all the help.

[Biscuithd]

Hi,

 

Sorry, I've been away from home and from the computer.

 

It would appear that you've done a very good job of isolating the problem. As we suspected, Chrome is the culprit. If you completely remove Chrome, do you get the issue in other browsers?

 

I wish I could coach you on one sure thing to do to remove the issue. What I can assure you of is that the problem doesn't seem to be in your Registry or your File System. I've had three very senior level analysts here review your logs and all agree. Hence, it has to be that Chrome profile although the steps you've detailed should have cleaned up the issue.

 

I wish I could offer more help or a more certain solution!

[Biscuithd]

Beyond the Chrome issue, is there anything else I can try to help with?

[adriandallegrave]

Well I only wanted to know what exectaly should I do to really get rid of the malware since the last steps didn't work. I'm out of ideas.

[adriandallegrave]

My smart tv has the same virus while using the internet browser. I never logged into any google account using it and it doesn't have chrome. 

[Biscuithd]

My smart tv has the same virus while using the internet browser. I never logged into any google account using it and it doesn't have chrome.

 

Ok, let's think about this...    The issue cannot be Registry, FIle System or Computer centric since it's shared across disparate systems (iPad, TV, PC, your friend's system, etc.) 

 

This has got to be some kind of shard profile.  It would be impossible for me to find the common piece with any certainty, but I strongly suspect a shared browser profile. You are going to have try a process of elimination to see where it is.

 

From my side here on G2G, I've had several excellent Helpers look at this issue and they conclude as I do, a shared browser profile. That said, if you'd like, I'll close this topic and it will allow you to re-open in, perhaps, our Browser section here.  Those folks are better able to work through these issues. I'm just a Malware guy and several of us have concluded that there's no malware on the computer. When you get there tell them you've been through the Malware process with me. If they need details, show them the thread and have them reach out to me.

[adriandallegrave]

Thank you very much for all your help. Indeed the computer is free from malware in its HD disk. I'll do as you told me and reopen it in the browser page.

Thanks again!