Avast has blocked a harmful webpage or file.

system · 2015-04-29T20:17:06.000Z

Ok, so problem does no occur under Firefox - but Firefox says that link to www.google.com is unsecure/not trusted (not sure how to translate it properly, in polish it’s “To połączenie jest niezaufane”)

Also I noticed that the avast popups stop after a while of using Chrome, but when I close Chrome, it’s sends those alerts again and stops after a longer while.

Would reinstalling Chrome help?

system · 2015-04-29T20:22:24.000Z

Another thing: this started to appear (see attachment). It says “Hackers might steal your data from accounts.google.com” (basically it asks me to login again)

polonus · 2015-04-29T20:31:41.000Z

Witam Barcel,

This alert is stating that your https connection is not trusted/private. It is either not secure, has mixed content or not secure log-in (log-in data go unencrypted over the wire!).
You could use this new just launched Google extension to be protected for your google.account password security.
Read: https://support.google.com/a/answer/6197508
Download Password Alert here: https://chrome.google.com/webstore/detail/password-alert/noondiphcddnnabmjcihcjfbhfklnnep

pozdrawiam,

polonus

system · 2015-04-29T20:46:34.000Z

Witam

But isn’t this caused by some sort of malware/spyware (that I can’t get rid off)? I’d rather remove it than install additional google add-ons

essexboy · 2015-04-29T20:54:28.000Z

Yep Chrome has been compromised, it is no longer a secure browser

Re-install Chrome

If you have bookmarks, let’s save them by exporting them - Export Bookmarks
Then I need you to go Google Sync and sign into your account
Scroll down until you see the “Stop and Clear” button and click on the button. At the prompt click on “Ok”
Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
Import your bookmarks back into Chrome
Sign back in to your Chrome browser so that your bookmarks sync with your online account.

polonus · 2015-04-29T21:03:22.000Z

Cześć,

That is for the qualified removal expert (essexboy) to be established. What I gave you is extended protection, so that after this has been cleansed you won’t give in(out) inlog data from your google account onto sites that cannot be trusted (phishing sites etc.).
It is probably where the malware came through. Essexboy stating that Google Chrome is very popular so sought out specially for attack and it has present issues.
Ok agree with you fully, cleanse that malcode off first with the help of a qualified removal expert here (essexboy), then install that extension that was specially launched by Google to-day. That they did so is proof of the fact that you aren’t the only victim of such not-secure connections. If youlike to discontinue Google Chrome, try Sleipnir6 browser, it takes all your chrome settings and extensions and does not have the Google Chrome compromittal issues.
I run Google Chrome exclusively inside sandboxie, export my settings/bookmarks. Clean the sandbox every 5 days and the regular Google Chrome browser get cleansed with a CCleaner wipe every week as well. I can state I have very little problems so far (also thanks to Avast’s shields and PUP-mode).

Wszystkiego dobrego,

polonus

system · 2015-04-29T21:14:08.000Z

Exported bookmarks, unsynced everything, but when I tried to delete Chrome via Control Panel, it returned an error. Now Chrome is no longer on the list of programs, but I can start it up normally and with all logins and passwords as before.

Also cannot remove the Google folder from disk, since it says that a folder/file is still open.

polonus · 2015-04-29T21:20:18.000Z

You can uninstall when you have closed all instances of it inside your task manager.
Launch task manager and do accordingly.

pol

system · 2015-04-29T21:22:13.000Z

I can’t uninstall it, there is no record in Control Panel that Chrome is installed on my PC.

I checked taskmanager for chrome processes, all were closed yet I still can’t delete the Google Update folder.

system · 2015-04-29T21:39:16.000Z

So I triend unlinking my google account from Chrome - it worked, browser looks like after a fresh install. But now I can’t login into google account (connection is not private). Using Firefox right now, but google site (mail, search, etc) is flagged by Firefox as ‘not trusted’. I’ve added an exception to google.com so I am able to search the internet but I will avoid it until situation is resolved.

I’d rather avoid a disk wipe if possible.

polonus · 2015-04-29T21:40:30.000Z

Look for these also: https://support.google.com/installer/answer/96616 (check list for connection troubles)

Damian

system · 2015-04-29T21:56:39.000Z

Every now and then when I try a link to some sort of google site, Firefox says that this website uses 'wrong security certificate" (error code: sec_error_expired_certificate)

Is that possible that this is caused by my system time not being set properly? (my brother sets it to 14.04.2015 every day, don’t know why)

system · 2015-04-29T21:59:27.000Z

polonus post:17:

Look for these also: https://support.google.com/installer/answer/96616 (check list for connection troubles)

Damian

Tried disabling the google update via Control Panel/Administrative/Services, no result (i turned it to manual, reset PC and tried to remove google folder, no succes). As for Windows Firewall (Zapora Windows), I can’t find the Exceptions (Wyjątki) card - maybe it’s called differently under Win7?

polonus · 2015-04-29T22:06:50.000Z

jak to zrobić https://www.youtube.com/watch?v=Q3AyW7qYtHY

pol

essexboy · 2015-04-30T13:39:33.000Z

Run a fresh FRST scan and I will remove it manually

system · 2015-04-30T15:25:14.000Z

Logs:

essexboy · 2015-04-30T16:18:21.000Z

Let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: 2015-04-15 23:19 - 2015-03-11 23:25 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-15 23:14 - 2015-03-12 01:29 - 00000000 ____D () C:\Users\Bartek\AppData\Roaming\foobar2000 2015-04-15 23:08 - 2015-03-11 23:25 - 00000000 ____D () C:\Users\Bartek\AppData\Local\Google Task: {890C1538-6422-4D39-A1CF-60424DBBFC6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-11] (Google Inc.) Task: {8C97D46C-5626-444B-A059-516AF8DCB9F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-11] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Users\Bartek\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

system · 2015-04-30T17:09:05.000Z

I can still launch Chrome, but now Avast diplays a different path to it (URL:Mal popups still appear, and all google related websites are marked as non-trusted) - I’m assuming you quarantined it in FRST folder.

No changes on Firefox - google related sites are marked as non-trusted (except for google.com, I’ve added an exception so I can use the search engine)

Log attached

essexboy · 2015-04-30T18:32:34.000Z

Run delfix to empty the quarantines, then let me know how you are able to launch chrome

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

system · 2015-05-01T08:31:12.000Z

Chrome and Google Update shortcuts doesnt work (removed them after trying). Firefox stopped flagging google websites as non-trusted after I set correct date& time (was 17.04.2015).

There is still a lot of google related folders on C:, shall I remove them manually?

Log attached:

Announcements