Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Bitmotion-New Tab" added in Chrome (can't get rid of it&#


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,131 posts
  • MVP

See if there are any Chrome policies:

 

In Chrome, open a new tab by clicking on the parallelogram  to the right of your current tabs.  Type

 

chrome://policy 

 

hit Enter 

 

Does it show any policies?


  • 0

Advertisements


#32
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts
Applies to Level Source Policy name Policy value Status
Machine
Mandatory
Platform
CookiesBlockedForUrls
OK
Machine
Mandatory
Platform
ExtensionInstallForcelist
OK
Machine
Mandatory
Platform
JavaScriptBlockedForUrls
OK

  • 0

#33
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

yes, 3.  The formatting in the last post didn't work, sorry about that!


  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,131 posts
  • MVP

This is what I get:

 

cp.JPG

 

On yours if you click on Show Value does it show a value?


  • 0

#35
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

i've attached a doc file with the 3 policies from a screen capture


  • 0

#36
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Cookiesblockedforurls

 

[*.]100hot.com,[*.]7search.com,[*.]flyswat.com,[*.]focalink.com,[*.]gator.com,[*.]gatoradvertisinginformationnetwork.com,[*.]goclick.com,[*.]hightrafficads.com,[*.]hitbox.com,[*.]hitboxcentral.com,[*.]hitslink.com,[*.]hotlog.ru,[*.]8ad.com,[*.]hotnaughtywives.com,[*.]infinite-ads.com,[*.]internetfuel.com,[*.]link4ads.com,[*.]linkbuddies.com,[*.]linksynergy.com,[*.]lop.com,[*.]sckr.com,[*.]scrk.com,[*.]sdry.com,[*.]911promotion.com,[*.]seld.com,[*.]sfux.com,[*.]sheat.com,[*.]sipo.com,[*.]smds.com,[*.]srib.com,[*.]srox.com,[*.]srsf.com,[*.]ssaw.com,[*.]ssby.com,[*.]acecounter.com,[*.]surj.com,[*.]thko.com,[*.]wfix.com,[*.]wflu.com,[*.]ebch.com,[*.]ebdv.com,[*.]ebdw.com,[*.]ebjp.com,[*.]ebkn.com,[*.]ebky.com,[*.]activemeter.com,[*.]eblv.com,[*.]ebvr.com,[*.]ecwz.com,[*.]ecyb.com,[*.]eduy.com,[*.]eeev.com,[*.]ibmx.com,[*.]icwb.com,[*.]icwo.com,[*.]icwp.com,[*.]adbrite.com,[*.]iddh.com,[*.]idhh.com,[*.]ifiz.com,[*.]iguu.com,[*.]samz.com,[*.]saoe.com,[*.]sbjr.com,[*.]sbnl.com,[*.]sbnt.com,[*.]sbvr.com,[*.]adbureau.com,[*.]scbm.com,[*.]tbvg.com,[*.]tdak.com,[*.]tdko.com,[*.]tefs.com,[*.]tfil.com,[*.]torc.com,[*.]wbkb.com,[*.]mainentrypoint.com,[*.]mainentrypoint.net,[*.]adbutler.com,[*.]marketscore.com,[*.]marketscore.net,[*.]matchcraft.com,[*.]mediaplex.com,[*.]narrowcastmedia.com,[*.]offshoreclicks.com,[*.]opentracker.com,[*.]opentracker.net,[*.]overture.com,[*.]oxcash.com,[*.]adbutler.de,[*.]partnercash.de,[*.]paycounter.com,[*.]paypopup.com,[*.]ru4.com,[*.]pointroll.com,[*.]popupsponsor.com,[*.]popuptraffic.com,[*.]porntrack.com,[*.]porntracker.com,[*.]preferences.com,[*.]adbutler.net,[*.]pstats.com,[*.]questionmarket.com,[*.]radiate.com,[*.]realtracker.com,[*.]realtracker.net,[*.]res99.com,[*.]revenue.net,[*.]roispy.com,[*.]sex-in-www.com,[*.]sexlist.com,[*.]101webstats.com,[*.]addynamix.com,[*.]sextracker.com,[*.]smartadserver.com,[*.]smartclicks.com,[*.]smartclicks.net,[*.]specificpop.com,[*.]spermatrix.com,[*.]spylog.com,[*.]targetnet.com,[*.]targetnet.net,[*.]track-star.com,[*.]adengage.com,[*.]tradedoubler.com,[*.]trafficmp.com,[*.]trafficmarketplace.com,[*.]clickfinders.com,[*.]trafficsupport.com,[*.]trafficvenue.net,[*.]trakkerd.net,[*.]tribalfusion.com,[*.]utopiad.com,[*.]valuead.com,[*.]ad-flow.com,[*.]specificclick.net,[*.]valueclick.com,[*.]valueclick.ne.jp,[*.]valueclick.net,[*.]webads.com,[*.]webtrendslive.com,[*.]s005-01-4-11-234545-68181.com,[*.]wegcash.com,[*.]wegcash.net,[*.]xxxcounter.com,[*.]adforce.com,[*.]xxxtoolbar.com,[*.]yieldmanager.com,[*.]zedo.com,[*.]adhostingsolutions.com,[*.]adinterax.com,[*.]adjuggler.com,[*.]adlegend.com,[*.]ad-logics.com,[*.]adminder.com,[*.]123count.com,[*.]admodus.com,[*.]admonitor.net,[*.]admonitor.com,[*.]adorigin.com,[*.]adrevolver.com,[*.]ads360.com,[*.]ads360.net,[*.]adserver.com,[*.]adservingcentral.com,[*.]adtech.de,[*.]123counts.com,[*.]adtrak.net,[*.]advertising.com,[*.]advertserve.com,[*.]adviva.com,[*.]adviva.net,[*.]affiliatefuel.com,[*.]aggregateknowledge.com,[*.]aureate.com,[*.]atdmt.com,[*.]bankads.com,[*.]247realmedia.com,[*.]bannerbank.net,[*.]bfast.com,[*.]bluestreak.com,[*.]hyperbanner.net,[*.]bpath.com,[*.]bridgetrack.com,[*.]brilliantdigital.com,[*.]burstmedia.com,[*.]burstnet.com,[*.]casalemedia.com,[*.]247media.com,[*.]centrport.net,[*.]centrport.com,[*.]click2net.com,[*.]clickagents.com,[*.]comclick.com,[*.]cometcursors.com,[*.]cometcursor.com,[*.]cometcursors.net,[*.]cometcursor.net,[*.]commission-junction.com,[*.]realmedia.fr,[*.]commission-junction.net,[*.]cj.com,[*.]qksrv.net,[*.]qksrv.com,[*.]commissionpartner.com,[*.]coremetrics.com,[*.]coremetrics.net,[*.]counted.com,[*.]cpxinteractive.com,[*.]dbbsrv.com,[*.]2o7.net,[*.]directnetadvertising.com,[*.]directnetadvertising.net,[*.]directtrack.com,[*.]doubleclick.com,[*.]doubleclick.net,[*.]doubleclick.co.uk,[*.]engage.com,[*.]ads.enliven.com,[*.]epilot.com,[*.]e-plus.cc,[*.]7adpower.com,[*.]euniverseads.com,[*.]ezhits4u.com,[*.]falkag.com,[*.]falkag.de,[*.]falkag.org,[*.]fastadvert.com,[*.]fastclick.com,[*.]fastclick.net,[*.]findwhat.com,[*.]flycast.com  

 

Extensioninstallforcelist

 

dceidjjhomnclmfgflmjaomohekdgdgb;https://clients2.goo...ice/update2/crx  

 

Javascriptblockedforurls

 

[*.]intellitxt.com,[*.]kona.kontera.com,[*.]snap.com,[*.]text-enhance.com,[*.]textsrv.com,[*.]tcr.tynt.com,[*.]vibrantmedia.com

 

these are the 3 Policy Names with the values listed


  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,131 posts
  • MVP

OK.  This policy is causing the reinstall:

 

Extensioninstallforcelist

 

dceidjjhomnclmfgflmjaomohekdgdgb;https://clients2.goo...ice/update2/crx  

 

 

 

Is there any way to remove it from that page?  Maybe right click?

 

It should really be in the registry either under HKLM\Software\Policies\Google\Chrome\ExtensionInstallForcelist or HKCU\Software\Policies\Google\Chrome\ExtensionInstallForcelist

 

Don't know why it's not showing up when we search registry.

 

Let's try another fixlist.

 

Attached File  fixlist.txt   400bytes   30 downloads

 

I've got to walk the dog so will be away for a few minutes.

 

 

 


  • 0

#38
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

All I see is show value or hide value.  I'll try the fixlist


  • 0

#39
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Hope the dogs enjoyed their walk!  I've been trying to do about 5 things at once too!  here's the results of latest fixlist:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by LLL (30-06-2017 16:46:09) Run:7
Running from C:\Users\LLL\Downloads
Loaded Profiles: LLL (Available Profiles: LLL & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /s
REG: reg query "HKEY_CURRENT_USER\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /s
 
 
 
*****************
 
 
========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /s =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg query "HKEY_CURRENT_USER\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /s =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 16:46:09 ====

  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,131 posts
  • MVP

Just one dog and I don't think he liked it too much.  It's raining.

 

Let's try another tact.  We will add the bad guy to the blacklist and see which wins.

 

Try this fixlist:

 

Attached File  fixlist.txt   284bytes   28 downloads

 

Then restart Chrome and see if the cookie extension is still active

 

 


  • 0

Advertisements


#41
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by LLL (30-06-2017 17:32:14) Run:8
Running from C:\Users\LLL\Downloads
Loaded Profiles: LLL (Available Profiles: LLL & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
REG: reg add HKLM\Software\Policies\Google\Chrome\ExtensionInstallBlacklist /v 1 /t REG_SZ /d "dceidjjhomnclmfgflmjaomohekdgdgb" /f
 
 
 
 
 
*****************
 
 
========= reg add HKLM\Software\Policies\Google\Chrome\ExtensionInstallBlacklist /v 1 /t REG_SZ /d "dceidjjhomnclmfgflmjaomohekdgdgb" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 17:32:14 ====

  • 0

#42
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

re-started chrome cookies on-off 1.0.1 is still listed in extensions


  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,131 posts
  • MVP

OK let's try this fixlist.

Attached File  fixlist.txt   628bytes   30 downloads

 

 

Supposedly it will remove the bit about being set by admin policy and allow you to remove the extension.


  • 0

#44
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by LLL (30-06-2017 18:01:14) Run:9
Running from C:\Users\LLL\Downloads
Loaded Profiles: LLL (Available Profiles: LLL & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
REG: reg add HKLM\Software\Policies\Google\Chrome\ExtensionInstallBlacklist /v 1 /t REG_SZ /d "dceidjjhomnclmfgflmjaomohekdgdgb;https://clients2.goo...ce/update2/crx"/f
CMD: rd /S /Q “%WinDir%\System32\GroupPolicyUsers” 
CMD: rd /S /Q “%WinDir%\System32\GroupPolicy”
CMD: gpupdate /force
 
 
 
 
 
 
*****************
 
 
========= reg add HKLM\Software\Policies\Google\Chrome\ExtensionInstallBlacklist /v 1 /t REG_SZ /d "dceidjjhomnclmfgflmjaomohekdgdgb;https://clients2.goo...ce/update2/crx"/f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= rd /S /Q “%WinDir%\System32\GroupPolicyUsers” =========
 
The filename, directory name, or volume label syntax is incorrect.
 
========= End of CMD: =========
 
 
========= rd /S /Q “%WinDir%\System32\GroupPolicy” =========
 
The filename, directory name, or volume label syntax is incorrect.
 
========= End of CMD: =========
 
 
========= gpupdate /force =========
 
Updating policy...
 
 
 
Computer Policy update has completed successfully.
 
User Policy update has completed successfully.
 
 
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 18:01:25 ====

  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,131 posts
  • MVP

Doesn't look like it worked.  Was there any change?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP