Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Bitmotion-New Tab" added in Chrome (can't get rid of it&#


  • Please log in to reply

#16
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

The fix button IS enabled in aswmbr


  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,070 posts
  • MVP

That's OK.  The fix is only for MBR systems which you don't have.  Best not to click on it.  aswMBR didn't find anything tho it looks like you might have stopped the scan before it finished.

 

I assume the reason you do not have the sync option is that you are not logged in.  On mine it looks like:

 

chrome.JPG


  • 0

#18
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Turned the sync off after logging in....here are the results  (I'm still getting new windows popping open with "junk" websites, just happened when I clicked on the bookmark for geekstogo)

 

# AdwCleaner v6.047 - Logfile created 30/06/2017 at 11:36:32
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : LLL - LLL-US
# Running from : C:\Users\LLL\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dceidjjhomnclmfgflmjaomohekdgdgb_0.localstorage
[-] File deleted: C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dceidjjhomnclmfgflmjaomohekdgdgb_0.localstorage-journal
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: dceidjjhomnclmfgflmjaomohekdgdgb
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2516 Bytes] - [30/06/2017 07:13:42]
C:\AdwCleaner\AdwCleaner[C2].txt - [1378 Bytes] - [30/06/2017 11:36:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [2670 Bytes] - [30/06/2017 07:13:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [1968 Bytes] - [30/06/2017 11:34:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1597 Bytes] ##########

  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,070 posts
  • MVP

Let's see if we can fake it out.  FRST can make a dummy file in its place.  Wonder if that will help?

Attached File  fixlist.txt   454bytes   50 downloads

 

Also after the fix, put

 

dceidjjhomnclmfgflmjaomohekdgdgb

 

in FRST's search box and then hit Search Registry.  Post the file you get.

 

 

 

 


  • 0

#20
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Here's the full aswmbr.txt.  It DID stop but it wasn't my doing.  Maybe the screensaver or something stopped it.  Fix button was NOT on, but Fixmbr was again.

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-06-30 11:41:18
-----------------------------
11:41:18.967    OS Version: Windows x64 6.2.9200 
11:41:18.967    Number of processors: 4 586 0x3C03
11:41:18.967    ComputerName: LLL-US  UserName: LLL
11:41:21.158    Initialize success
11:41:21.205    VM: initialized successfully
11:41:21.205    VM: Intel CPU BiosDisabled 
11:41:29.418    AVAST engine defs: 17062402
11:42:05.634    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e
11:42:05.634    Disk 0 Vendor: ST1000DM003-1ER162 HP51 Size: 953869MB BusType: 11
11:42:05.744    Disk 0 MBR read successfully
11:42:05.759    Disk 0 MBR scan
11:42:05.759    Disk 0 unknown MBR code
11:42:05.775    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
11:42:05.791    Disk 0 scanning C:\WINDOWS\system32\drivers
11:42:13.777    Service scanning
11:42:25.044    Modules scanning
11:42:25.731    AVAST engine scan C:\
12:52:19.112    Disk 0 statistics 10313434/0/0 @ 1.60 MB/s
12:52:19.628    Scan finished successfully
13:04:24.228    Disk 0 MBR has been saved successfully to "C:\Users\LLL\Desktop\MBR.dat"
13:04:24.244    The log file has been saved successfully to "C:\Users\LLL\Desktop\aswMBR2.txt"

  • 0

#21
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Chrome opened a new window when I was trying to post and froze so i had to open task manager and do an end task.  Then I re-booted and ran aswmbr again.  I will try the frst again.


  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,070 posts
  • MVP

aswMBR did finish this time but still didn't find anything.  


  • 0

#23
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts
Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by LLL (30-06-2017 13:14:53)
Running from C:\Users\LLL\Downloads
Boot Mode: Normal
 
================== Search Registry: "dceidjjhomnclmfgflmjaomohekdgdgb" ===========
 
 
====== End of Search ======

  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,070 posts
  • MVP

Did you run the fixlist  (start up FRST and hit Fix after downloading the Fixlist?)


  • 0

#25
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

I just did it again:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by LLL (30-06-2017 13:48:22) Run:5
Running from C:\Users\LLL\Downloads
Loaded Profiles: LLL (Available Profiles: LLL & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb
CreateDummy: C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb
 
 
 
*****************
 
C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb => moved successfully
C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb => dummy created successfully.
 
==== End of Fixlog 13:48:22 ====

  • 0

Advertisements


#26
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

cookies on-off 1.0.1 is still listed as an extension in Chrome.  There is no option to delete it.  It says it was "installed by enterprise policy." whatever that means!


  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,070 posts
  • MVP

The fixlist just replaced the active file with a dummy.  The infection should still be in Chrome just unable to do anything.

 

"installed by enterprise policy." 

 

 

 

That may be key information.

 

Let's see what this Fixlist finds:

 

 

Attached File  fixlist.txt   206bytes   58 downloads

 

This just looks at a registry key.  It won't make any changes.  I thought FRST would have shown it to us if it existed  but perhaps it slipped through the cracks.

 

Post the fixlog.

 

 

 


  • 0

#28
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by LLL (30-06-2017 15:23:38) Run:6
Running from C:\Users\LLL\Downloads
Loaded Profiles: LLL (Available Profiles: LLL & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /s
 
 
 
*****************
 
 
========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /s =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 15:23:38 ====

  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,070 posts
  • MVP

OK.  Put

 

ExtensionInstallForcelist

 

in the FRST search box and then click on Search Registry.

 

Does it find it anywhere?


  • 0

#30
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts
Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by LLL (30-06-2017 15:46:49)
Running from C:\Users\LLL\Downloads
Boot Mode: Normal
 
================== Search Registry: "ExtensionInstallForcelist" ===========
 
 
====== End of Search ======

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP