Chrome problem.

system · March 18, 2013, 10:58pm

I’ve been using Avast for a few months now and I neves had any problems with Google Chrome.
Las saturday 03/16/2013 while facebooking I got a notification about a post I was tagged in. At opening I got a link (which I opened becaus it was from a close friend), when I clicked on the link I got an Avast notification about a Trojan virus and that it was blocked.
It liked a lot of horrible group profiles and followed a lot of persons I’ve never even knew about (I’m still trying to unfollow/unlike, but they keep appearing)
Now, my problem is Avast recognizes Chrome as a trojan (or something like that), every time I open a site or refresh I get the same message from the antivirus that I have a Trojan
PHP:FakeExt-A [trj]. I noticed the Ext part so I tried accessing the ext menu on Chrome but I got blocked in its place I get redirected to a video site and blocked by Avast.
I executed Avast, Malwarebytes, adaware and no treats were found. And it’s becomming quite upseting to get the same message everytime I open/refresh a site in Chrome.

I followed this guide http://forum.avast.com/index.php?topic=53253.0. Did everything there. OTL didn’t generate an extras.txt

Pondus · March 18, 2013, 11:04pm

malware removers are notified. it may take hours before one arrive so be patient

system · March 18, 2013, 11:06pm

Hi Max.

The pain to be on this side of the world. Most malware specialist are in bed by now but I will leave them a notice of this topic. Be patient.

Regards.

system · March 18, 2013, 11:07pm

oh and here is the aswMBR text file.

system · March 18, 2013, 11:09pm

Thanks a lot. I appreciate all the help.
I don’t want to format my pc (almost 1Tb of info it’s a lot to backup), but if it comes to that… :\

system · March 18, 2013, 11:14pm

No te preocupes no creo que sea necesario. Espera al especialista mañana a primera hora.

essexboy · March 19, 2013, 3:00pm

Hi there could you post a screenshot of the Avast alert please as that will give more data

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
[2013/03/16 10:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\63jyuopp.default\extensions\abkokbmbihfcpblfmdpmjjgoinnmdbol@slicefactory.com\resources\extension
[2013/03/16 10:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\63jyuopp.default\extensions\abkokbmbihfcpblfmdpmjjgoinnmdbol@slicefactory.com\resources\extension\data
[2013/03/16 10:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\63jyuopp.default\extensions\abkokbmbihfcpblfmdpmjjgoinnmdbol@slicefactory.com\resources\extension\lib
[2013/03/16 10:48:36 | 000,021,579 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\63jyuopp.default\extensions\leethax@leethax.net.xpi
[2013/02/22 13:46:29 | 000,023,181 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\63jyuopp.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi
O2 - BHO: (no name) - ##TOOLBAR_DISABLED_##{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - ##TOOLBAR_DISABLED_##{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - ##TOOLBAR_DISABLED_##{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll File not found
O2 - BHO: (IEInspector Browser Helper) - {9B43B7B1-BF56-4708-81D2-332D708B0DD9} - C:\PROGRA~2\IEINSP~1\HTTPAN~1\IEINSP~1.DLL (IEInspector Software)
O3 - HKU\S-1-5-21-535858720-2520852281-285137777-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found

:Files
C:\PROGRA~2\IEINSP~1
C:\ProgramData\Search Protection
C:\Program Files (x86)\Iminent
C:\Users\Max\AppData\Local\Temp\_MEI38162

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · March 19, 2013, 8:52pm

Here is the warning I get every time I open/refresh a site on Chrome.

essexboy · March 19, 2013, 8:59pm

OK could you run the OTL fix please

system · March 19, 2013, 10:44pm

This are the result of OTL fix and quick scan.

essexboy · March 20, 2013, 2:43pm

OK could you now run Chrome in incognito mode and let me know if the alerts continue
http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95464

system · March 20, 2013, 7:43pm

No, they don’t.
I noticed that yesterday. But add-ons get dissabled.

essexboy · March 20, 2013, 7:45pm

OK now start chrome as normal and then disable the extensions one by one
Testing between each for the alert
Once you locate which one is causing the problem could you let me know and then uninstall it

system · March 20, 2013, 7:52pm

Disabled them one by one.
The alert keeps showing up even tough all extensions are disabled.
There’s only one that doesn’t allow me to disable it: Adobe Flash Player (3.38), also the option to delete it dissapeared.

essexboy · March 20, 2013, 8:51pm

OK that is the culprit

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Files
C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohihabmclafciafgmimanggjobnmceg\3.38_1

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · March 20, 2013, 9:21pm

Ok, the Adobe Flash player extension it’s still there. It can’t be disabled or deleted, but at least the alert stopped showing.

essexboy · March 20, 2013, 10:40pm

That is the legitimate one, any further problems ?

system · March 20, 2013, 11:41pm

No. I really appreciate your help
Thank you very much.

essexboy · March 21, 2013, 1:44pm

Run OTL and press the cleanup button to remove it and associated files

system · March 22, 2013, 1:22am

Will do.
Do you think this will remove it from all accts on this pc?
Today I opened my father’s session and alerts still pops-up on that acct and I’m guessing on my brother’s is the same.

Chrome problem.

Announcements