I just received 70+ alerts in a few minutes. For the moment it’s randomly stopped, but I need your help anyway. Other than that, I seemed to have lost administrator privileges when it comes to certain things (my games, of all things, are affected and I need to go into the folder and allow access before opening them - this is only affecting some of the torrented games I have, Steam ones are fine; could be something else as well, but this is what I’ve noticed so far.) I have no system restore points. I’m using chrome and the first thing I noticed was that I was missing two extensions I normally use (reddit enhancement suite and reddit modtools) and in their place was an obviously bogus extension called something free2pay. I’m not sure because I disabled and deleted it immediately. I can’t add any extensions to chrome, it gives me a network error after I click on download. I’ve given my processes and services a cursory look over and I don’t see anything suspicious, but I’ll go back and do a more thorough search while I wait for replies here.
I ran malwarebytes, avast and adware and came up clean. Ran malwarebytes yesterday and it did find a few things which I cleaned so I’m including that log instead of the one from a few minutes ago (since the latter is clean and the former has the stuff found yesterday.)
I’ve attached all the logs.
Thanks a lot in advance!
Note: for the duration of me writing this post and doing all the scans, there have been no alerts. So that’s about half an hour now. I switched to Firefox for this and the only other things running were the scans so that points me to there being an issue with Chrome (which is where I first noticed the extension issue), but I’m not the expert here.
Edit: Scratch that, I forgot I turned on silent mode since it was annoying. Am now at about 30 alerts and it’s been less than a minute.
Unless you installed it yourself, malware has changed Chrome to a developer version making possible to install all kinds of malware without you noticing it.
Uninstall Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
If you have bookmarks, let’s save them by exporting them - Export Bookmarks
Then I need you to go Google Sync and sign into your account
Scroll down until you see the “Stop and Clear” button and click on the button. At the prompt click on “Ok”
Now we need to uninstall chrome do this from control panel .
Note: When asked about user data or settings you must remove this also so please check the box.
We will re-install on completion
THEN
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
Run FRST and press Fix
On completion a log will be generated please post that
FINALLY
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
And the last log. Still okay on the warnings front. The only leftover seems to be the permissions issue, but I’m not sure if that’s related. I am able to give myself permissions by going manually into each folder, though that’s a bit tedious.
Any advice on how to prevent this from happening? I honestly have no idea where I picked it up since I usually just go to the same trusted sites. Avast is on all the time (including the Chrome plugin), malwarebytes is used every few weeks (I have the free version so it’s not realtime.) The fact that it still wasn’t picked up is a bit disconcerting.
I do. But when I go into the folder, a pop up shows up that lets me get the permissions back. Just, like I said, it’s a bit tedious to do it one by one. For now, I’ve only noticed it with the games whose shortcuts are on my desktop since the icons have changed (see attachment.) And like I said, seems to only be affecting games that were torrented. All Steam and other legit ones are okay.
Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme
Reboot to safe mode with networking
Run Windows All In One
Select Step 2
Select open Pre-repairs scan then click scan
Let that complete
Save the results to a text file on your desktop