system
21
Ok I’ve just deleted the skype addon because I think it started around the same time I installed it.
So far no alerts have happened.
I’ll keep you guys posted.
Did the skype addon have the malware?
Was there any malware to begin with?
Thanks again for your help.
Very possibly as Chrome addons are very easy to subvert and from the logs show no difference to an unaffected one
Run it for a while and if all is good let me know and I will tidy up
system
23
Thanks again essexboy! I’ll browse for a while and let you know tomo.
I did a bit of googling and its all probably paranoia but it might explain why my webcam doesn’t work anymore?
http://www.v3.co.uk/v3-uk/news/2446268/skype-users-warned-of-t9000-malware-threat-that-records-video-and-text-chats
Would deleting the addon be enough? I’m becoming a bit worried now since I do a lot of online banking on this laptop too :S
system
25
Ok well I thought everything was ok.
but nope! alert again! -.-
It definitely only happens when im on imgur.
So it is only that site and nowhere else ?
That would tend to suggest the site is at fault, is it a specific page on the site ? Is it before or after you login
system
29
Its usually when a GIF is playing
That would tend to suggest there is some form of infection there that Chrome is susceptible to
system
31
ok should I be worried? It’s now happening on regular browsing and its saying its attacking/flagging on avast?
Could I have a fresh FRST please
Eddy
33
As info for Essexboy :
IP :113.171.224.171
Host :127.0.0.1
Could be something in the hosts file.
According to the FRST Host is empty
system
35
I disabled Avast for 10 minutes
Ran the scan as administrator
Here are the results attached
Did you install this extension Sad Panda
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
system
37
Yeh, that’s one I installed, is it that thats causing the problem?
OK we are going to have to search the registry
Start FRST and in the search box copy/paste the following :
videoplayer;113.171.224.174
Press Search Registry and attach the resultant log
system
40
Ok done,
I didn’t turn of avast though before the search, is that necessary?