I noticed upon viewing the source of some websites the same code is in the source code of whatever page I'm viewing. I've checked quite a bit of pages to make sure it's not the website, and it's not. At the top of the page, the following code is displayed:
What brought this to my attention is on a site where it requires me to put an encrypted PIN in to continue on is outputting the PIN in plain text, rather encrypted. I viewed-source the page and I noticed it's replacing the:
I double checked the legitimate file and it's spelled correctly. It also works for my colleagues as well. This isn't just happening on Google Chrome, it's happening on all browsers such as Opera, IE, Chrome, and Firefox.
Things I've attempted to do to troubleshoot the issue:
- System Restore.
- Cleared cookies in Chrome.
- Ran Malwarebytes (detected loads and removed malicious files).
- Ran ComboFix (detected loads and removed malicious files) ~ I was referred to this topic: http://forums.informaction.com/viewtopic.php?f=8&t=10473).
- Ran SpyBot (detected loads and removed malicious files).
- Ran SUPERAntiSpyware (detected loads and removed malicious files).
At the end of all of this troubleshooting, I'm still left with this problem and it's really confusing me. Hopefully someone here can help me.