Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton: Fake Plugin 2


  • This topic is locked This topic is locked
3 replies to this topic

#1 FeDzY

FeDzY

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 09 April 2015 - 02:09 AM

Hello folks

 

Been having a problem with norton lately... Whenever i open chrome or firefox i get a notification from norton about blocking fake plugin 2

 

in chrome (my main browser) i see i have unniseales 2.0 extension that will never delete. I mean whenever i remove it and restart chrome it pops back in extenstions.

 

I am on windows 8 64 BIT

 

I attached the 2 requested files.

Attached File  FRST.txt   34.5KB   5 downloads

Attached File  Addition.txt   33.02KB   4 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 09 April 2015 - 09:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1451804644-2025619606-565389536-1001\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [1025656 2015-04-08] (Link64 GmbH)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
S3 Tosrfcom; No ImagePath
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
C:\ProgramData\VideoDownloaderUltimateWinApp

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


CHR dev: Chrome dev build detected! <======= ATTENTION

Your Chrome was compromised I suggest you Remove it using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now?

#3 FeDzY

FeDzY
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 09 April 2015 - 10:40 PM

Thanks for your time.... I managed to remove it right before you replied....

 

Please close/remove/delete this topic

 

Thanks again



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 10 April 2015 - 07:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users