Threat has been detected, keeps popping up whilst browsing on chrome

system · February 10, 2015, 7:56am

Hello there

The pop up ‘Threat has been detected’ constantly pops up whilst I browse the Internet (Chrome is the browser).

I have seen various posts for this problem and I tried to follow some instructions to solve the problem, but to no avail.

Any help and advice would be greatly appreciated.

Thanks

John

Asyn · February 10, 2015, 7:57am

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

system · February 10, 2015, 8:18am

OK - will do. Whoops.

Asyn · February 10, 2015, 8:51am

Awaiting your logs…

system · February 13, 2015, 8:59am

OK, so this is embarrassing (please bear with me). What are ‘logs’ and how to I find them? Sorry to be a pain

Asyn · February 13, 2015, 9:02am

Follow the instructions in Reply #1.

system · February 13, 2015, 9:17am

ok, thanks

Asyn · February 14, 2015, 4:57am

NP, take your time…

system · February 15, 2015, 8:26am

OK, (sorry to taking an age to post this)

system · February 15, 2015, 8:28am

Also I have this…

Asyn · February 15, 2015, 8:40am

Also add “Addition.txt” from FRST.

system · February 15, 2015, 9:57am

here we are, thanks

Asyn · February 15, 2015, 10:03am

OK, now you’ve to wait a bit…

essexboy · February 15, 2015, 11:36am

Hi there, the first thing you must do is uninstall Chrome, you can re-install once we have finished

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-1099780437-368811708-868577401-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676968 2014-11-19] (SUPER PC TOOLS LIMITED) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR Profile: C:\Users\johng_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Duolingo Web) - C:\Users\johng_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-07-27] CHR Extension: (Google Docs) - C:\Users\johng_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-05] CHR Extension: (Google Drive) - C:\Users\johng_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\johng_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27] CHR Extension: (YouTube) - C:\Users\johng_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-05] CHR Extension: (Google Search) - C:\Users\johng_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-05] CHR Extension: (Chrome Notepad) - C:\Users\johng_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2014-11-25] CHR Extension: (Avast Online Security) - C:\Users\johng_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-26] CHR Extension: (Google Wallet) - C:\Users\johng_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-05] CHR Extension: (Gmail) - C:\Users\johng_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-05] CHR Extension: (BuyNsave) - C:\ProgramData\ambmmhifklmpgcdniokciphlgmbpjehp\ [2014-01-05] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25] R2 cae99edb; c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll [4014184 2014-12-05] () 2014-12-05 11:31 - 2014-12-05 11:31 - 00003256 _____ () C:\WINDOWS\System32\Tasks\Super Optimizer Schedule 2014-12-05 11:31 - 2014-12-05 11:31 - 00000000 ____D () C:\Users\johng_000\Documents\Super Optimizer 2014-12-05 11:31 - 2014-12-05 11:31 - 00000000 ____D () C:\Users\johng_000\AppData\Roaming\Super Optimizer 2014-12-05 11:26 - 2014-12-05 11:26 - 00000000 ____D () C:\Users\johng_000\AppData\Roaming\VOPackage 2014-12-05 11:26 - 2014-12-05 11:26 - 00000000 ____D () C:\Users\johng_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-12-05 11:25 - 2014-12-05 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer 2014-12-05 11:25 - 2014-12-05 11:25 - 00000000 ____D () C:\Program Files (x86)\Super Optimizer 2014-12-05 11:23 - 2014-12-05 11:23 - 01118144 _____ () C:\Users\johng_000\Downloads\Setup.exe 2014-11-25 10:35 - 2014-11-25 10:35 - 00000000 ____D () C:\ProgramData\ambmmhifklmpgcdniokciphlgmbpjehp 2014-11-25 10:35 - 2014-11-25 10:35 - 00000000 ____D () C:\ProgramData\10608576133432092004 Task: {586379F0-4CAF-4B8B-AF09-B7D3158BE205} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-05] (Google Inc.) Task: {6C217C8A-8ACF-4802-93E3-6ACC3FF2BE42} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2014-11-19] (SUPER PC TOOLS LIMITED) Task: {AB349C80-7A31-4597-908C-EE25E2F5997F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-05] (Google Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Chrome C:\Users\johng_000\AppData\Local\Google c:\Program Files (x86)\Super Optimizer C:\ProgramData\Lenovo-2238.vbs EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

system · February 15, 2015, 4:33pm

OK, sorry, I am not very good with computer stuff of this type: how do I attach the fixlist.txt file to the farbar tool?

system · February 15, 2015, 5:12pm

OK

here is the fix log, hope I managed to do the right thing, let me know. thanks

essexboy · February 15, 2015, 5:14pm

That was good, if you could now run AdwCleaner

system · February 15, 2015, 5:25pm

OK here it is, thanks

essexboy · February 15, 2015, 9:28pm

OK if you could now re-install Chrome and let me know if the problem re-presents itself

system · February 15, 2015, 9:55pm

Hi Essexboy

I have re-installed and the message is no longer coming up - success.

Many thanks, you’ve been really helpful.

Any idea what may have caused it? The computer is pretty new (1 year old) and to the best of my knowledge I always download things from trusted sites.

Threat has been detected, keeps popping up whilst browsing on chrome

Announcements