Need help with this - I’ve run Spybot, AntiMalwarebytes, AdwCleaner, HitmanPro and JunkRemovalTool (JRT) on my PC and I’m still getting messages like this:
Avast Web Shield has blocked a harmful webpage or file.
Object: htp://filesonlinehere.com/sync/?rmbs=…
Infection: URL:Mal
Process: C:\Program Files (x86).…\chrome.exe
(getting tons of it, only links are changing)
I saw you helped a guy in this thread (https://forum.avast.com/?topic=163056.0) with FRST scanner, so I’m uploading logs from too.
Here are the logs - unfortunately aswMBR keeps crashing during scan, so only FRST and Malwarebytes
Do you have the same problem with other browsers ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Not using other browsers.
Here’s the log - but the problem still persists.
OK could you try the other browsers and see if they exhibit the same problem
Ok, so problem does no occur under Firefox - but Firefox says that link to www.google.com is unsecure/not trusted (not sure how to translate it properly, in polish it’s “To połączenie jest niezaufane”)
Also I noticed that the avast popups stop after a while of using Chrome, but when I close Chrome, it’s sends those alerts again and stops after a longer while.
Would reinstalling Chrome help?
Another thing: this started to appear (see attachment). It says “Hackers might steal your data from accounts.google.com” (basically it asks me to login again)
Witam Barcel,
This alert is stating that your https connection is not trusted/private. It is either not secure, has mixed content or not secure log-in (log-in data go unencrypted over the wire!).
You could use this new just launched Google extension to be protected for your google.account password security.
Read: https://support.google.com/a/answer/6197508
Download Password Alert here: https://chrome.google.com/webstore/detail/password-alert/noondiphcddnnabmjcihcjfbhfklnnep
pozdrawiam,
polonus
Witam
But isn’t this caused by some sort of malware/spyware (that I can’t get rid off)? I’d rather remove it than install additional google add-ons
Yep Chrome has been compromised, it is no longer a secure browser
Re-install Chrome
Cześć,
That is for the qualified removal expert (essexboy) to be established. What I gave you is extended protection, so that after this has been cleansed you won’t give in(out) inlog data from your google account onto sites that cannot be trusted (phishing sites etc.).
It is probably where the malware came through. Essexboy stating that Google Chrome is very popular so sought out specially for attack and it has present issues.
Ok agree with you fully, cleanse that malcode off first with the help of a qualified removal expert here (essexboy), then install that extension that was specially launched by Google to-day. That they did so is proof of the fact that you aren’t the only victim of such not-secure connections. If youlike to discontinue Google Chrome, try Sleipnir6 browser, it takes all your chrome settings and extensions and does not have the Google Chrome compromittal issues. 
I run Google Chrome exclusively inside sandboxie, export my settings/bookmarks. Clean the sandbox every 5 days and the regular Google Chrome browser get cleansed with a CCleaner wipe every week as well. I can state I have very little problems so far (also thanks to Avast’s shields and PUP-mode).
Wszystkiego dobrego,
polonus
Exported bookmarks, unsynced everything, but when I tried to delete Chrome via Control Panel, it returned an error. Now Chrome is no longer on the list of programs, but I can start it up normally and with all logins and passwords as before.
Also cannot remove the Google folder from disk, since it says that a folder/file is still open.
You can uninstall when you have closed all instances of it inside your task manager.
Launch task manager and do accordingly.
pol
I can’t uninstall it, there is no record in Control Panel that Chrome is installed on my PC.
I checked taskmanager for chrome processes, all were closed yet I still can’t delete the Google Update folder.
So I triend unlinking my google account from Chrome - it worked, browser looks like after a fresh install. But now I can’t login into google account (connection is not private). Using Firefox right now, but google site (mail, search, etc) is flagged by Firefox as ‘not trusted’. I’ve added an exception to google.com so I am able to search the internet but I will avoid it until situation is resolved.
I’d rather avoid a disk wipe if possible.
Look for these also: https://support.google.com/installer/answer/96616 (check list for connection troubles)
Damian
Every now and then when I try a link to some sort of google site, Firefox says that this website uses 'wrong security certificate" (error code: sec_error_expired_certificate)
Is that possible that this is caused by my system time not being set properly? (my brother sets it to 14.04.2015 every day, don’t know why)
Tried disabling the google update via Control Panel/Administrative/Services, no result (i turned it to manual, reset PC and tried to remove google folder, no succes). As for Windows Firewall (Zapora Windows), I can’t find the Exceptions (Wyjątki) card - maybe it’s called differently under Win7?
jak to zrobić https://www.youtube.com/watch?v=Q3AyW7qYtHY
pol