Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adwcleaner oftens picks up chatango


  • Please log in to reply
17 replies to this topic

#1 aworrier

aworrier

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 19 April 2015 - 09:17 PM

I've noticed this file is often found by Adwcleaner on my computer and other computers as well on the forum when there seemingly is no malware/virus on the computer based on the other scans:

File Found: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
Any idea what this is? A google search gives conflicting answers. It seems to hitch on rather easily, but only Adwcleaner detects it (MBAM does a good job of finding PUPs in browsers I believe, but it never caught it).


BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:08 AM

Posted 20 April 2015 - 05:25 AM

Hi aworrier :)

Chatango looks like a service/framework used to add features to website, such as blogs (articles) or live chatboxes. Did you ever went on it or you could have gone on a website that uses it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,577 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:08 AM

Posted 20 April 2015 - 06:52 AM

One characteristic of PUPs and other junkware is that they insert themselves (components) into various areas throughout a computer's operation system to include browsers, hidden folders and windows registry making it more difficult to remove.

That particular detection was reported last month by an expert to Xplode as being related to adware so he could add it to AdwCleaner's database.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 aworrier

aworrier
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 20 April 2015 - 03:34 PM

I suppose I may have read blogs when doing google searches for assignments and the like? Therefore it probably would have come from those?

 

Do PUPs like this not need the UAC permissions? Are they not executable programs as well?

 

Thanks for the information guys, I really appreciate it. 



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:08 AM

Posted 20 April 2015 - 04:13 PM

It could have come to these, yes. quietman might knows more about it since he says that the detection was reported not a long time ago. Maybe he can ask the Expert who reported it why it's malicious or considered as a PUP.

Edited by Aura., 20 April 2015 - 04:14 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,577 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:08 AM

Posted 20 April 2015 - 04:16 PM


To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 aworrier

aworrier
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 20 April 2015 - 06:47 PM

Thank you. 

 

My problem with the PUP explanation of being bundled with downloads is that I have not downloaded any software in a very long time. I only download .pdf scientific papers, professor provided Office documents, and save a picture occasionally. Can PUPs find their way this way? Is something running in the background that's pulling in these PUPs then? The only extensions I have are zotero, adblock and google docs. I have the Teamspeak 3 client, could this be the source? 



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:08 AM

Posted 20 April 2015 - 06:48 PM

If you use an "installer" to download files on your system (like some file hosting website have), then yes they could have found a way in your system that way.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,577 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:08 AM

Posted 20 April 2015 - 07:00 PM

Starting in 2005, Teamspeak was bundled with other software.
Speakeasy Press Release for TeamSpeak

...TeamSpeak will be bundled with the Guild Wars® Collector's Edition


It is also available for download from unreputatble hosting sites known for bundling junkware.

TeamSpeak.exe

... is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application TeamSpeak.exe by Download Assistant has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 aworrier

aworrier
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 20 April 2015 - 07:11 PM

I downloaded TS3 from teamspeak.com a few months ago, does this security threat exist in this version? MBAM has not detected the threat listed in the source with this teamspeak installed. Regarding this quote from the link, "Connects to the Internet in order to request data and download files." So does the program continuously update itself and may add adware? I'll remove TS3 regardless now, I haven't even used it for a very long time.

 

For the pdfs, I "save as" from the internet version. For the Office documents, professors provide them through a site called "Blackboard." I click the document, a .doc, .ppt, etc. downloads, and I open that. Are these vulnerabilities? Chrome actually does say my college's blackboard website uses out of date security measures. 

 

Thank you.


Edited by aworrier, 20 April 2015 - 07:11 PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:08 AM

Posted 20 April 2015 - 07:16 PM

I've been a Teamspeak user for quite some time now, and it never installed anything when I updated it. So I don't know about you, but for me it never did. I can update it right now and let you know how it goes.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 aworrier

aworrier
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 20 April 2015 - 08:03 PM

That would be a nice clue as to what's up, thanks!

 

I remembered something regarding MBAM and it detecting PUP.azlyrics. This PUP is found anytime one just goes on the azlyrics website without downloading a thing, even with Adblock on. Some have said there's nothing to this, but it's still weird, or worrying, that a PUP shows up just by going on a website.



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:08 AM

Posted 20 April 2015 - 08:54 PM

I just updated my Teamspeak from version 2.x to the new 3.x build, it took me a few seconds and it didn't install anything else. I used to in-built "Check for update" feature of Teamspeak as well.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 aworrier

aworrier
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 20 April 2015 - 09:23 PM

Thanks Aura. I've found the exact same chatango thing on my family member's computer, which is seemingly otherwise safe. The only downloaded program on that CPU screencast o matic. Either this is something very common, or is something going on through our home wifi network that multiple systems have had the same detection by Adwcleaner? 



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:08 AM

Posted 20 April 2015 - 09:25 PM

It seems that the detections you have are part of the "temporary" files (if I can word it that way) in Google Chrome, so basically harmless. Here:

http://superuser.com/questions/356494/what-is-store-in-local-storage-used-for-in-chrome
http://superuser.com/questions/507536/where-does-google-chrome-save-localstorage-from-extensions

The folder where the detection is is used for web storage by Google Chrome, hence storing temporary content like cookies or other Chrome temp files. It also store temp files from extensions there.

Edited by Aura., 20 April 2015 - 09:25 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users