Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have done my homework - now need you help please

Malware Chrome

  • Please log in to reply

#46
rm15

rm15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Just did that... will have to wait to see if the redirects happen.  Will post back here in a day or so or when I see a redirect.... whichever happens first. 


  • 0

Advertisements


#47
rm15

rm15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

FYI... So far so good.... I think the culprit is the AdBlock extension I have on Chrome. I've been enabling/disabling the different extensions I have and IT SEEMS when AdBloc is on, I'm getting the redirects. But my testing has not been totally clean so I'm not going to swear by my conclusions just yet, LOL. 

 

But I've had AdBlock for a while now (years) with no issues of any kind so I'm thinking maybe when I accidentally loaded the malware on my system (which I have no clue how considering the fact that I am very careful not to) it latched on to it.  So even after scanning my drive, etc. and removing what's there, the extension itself was still infected.  I did change some setting on AdBlock a while back (which I can't remember for the life of me what it was) so maybe that in combination of something I somehow downloaded or a site I visited triggered things?  

 

I admit I have no clue how that could happen and it does kinda sounds far-fetched.  I am in now way as technically knowledgeable as you but still, I'm not totally stupid either when it comes to these types of things. :)

 

Anything you know about AdBlock and ways it can be used for the kind of stuff I've been experiencing?


Edited by rm15, 02 April 2017 - 05:44 PM.

  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

Try ublock-origin instead:

 

https://chrome.googl...hjbkeiagm?hl=en


  • 0

#49
rm15

rm15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Do you happen to know anything about "New incognito window" extension? 

https://chrome.googl...chrome-ntp-icon

 

 I have it and looking at the reviews, everyone is saying it's malware.  I removed it and now have all my remaining extensions enabled to see if it's really the cause of all my issues.  


  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

Yes the reviews say it's malware.  I don't know anything about it just figured since it was in the official google chrome downloads that it was probably OK.  Guess not.


  • 0

#51
rm15

rm15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Yup, I thought so too.... so much for that!  

 

It's all good though.  Now we know and that's all that matters to me.  I just wanted to identify the source, remove it and be done with it. So ASSUMING that really is the cause of all my troubles, it should all be good now.

 

Thank you again for all your time and help.  


  • 0

#52
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Time to clean up:
 
To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
 
DeleteQuarantine:
 
Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
If you are a Facebook user get the FB Purity extension for your browser:
This will stop all of the suggested pages and ads so that Facebook loads much quicker.
 
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

  • 0

#53
rm15

rm15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Sounds good.... good news is I do not use any P2P programs and I'm set with everything else.  

Again, thank you for all your help with all this!!!


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware, Chrome

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP