"Threat has been detected" message in every google search

Viruses and worms
1

Hi,
I get a “Threat has been detected” message every time I do a search from google.co.uk when I’m using Google Chrome. It doesn’t happen in Internet Explorer. I have followed the ‘Logs to assist in cleaning malware’ thread and have attached the logs. I notice in the last attachment “aswMBR.txt” the line: File: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000 INFECTED Win32:Dropper-gen [Drp] Is this the offending virus and how do I go about removing it.
Thanks.

2

Does this help? https://support.google.com/chrome/answer/95582?hl=en

3

Hi,

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.1.1-next -> C:\Users\Matt\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
C:\Users\Matt\AppData\Roaming\ACEStream\player\npace_plugin.dll
C:\Users\Matt\AppData\Roaming\.ACEStream
CHR HKCU\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Users\Matt\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx [2014-01-28]
C:\Users\Matt\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx 
C:\Users\Matt\AppData\Roaming\ACEStream
CHR Extension: (Magic Player) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio [2014-09-02]
CHR Extension: (No Name) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-07-04]
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
CHR HKCU\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Users\Matt\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx 
C:\Users\Matt\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx 
EmptyTemp: 
CMD: bitsadmin /reset /allusers

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

4

Hi,

Thanks for the quick replies! The fixlog.txt file worked - thanks so much!

5

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])