Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got a browser redirect ad on Chrome and widevinecdm.dll updated soon after


  • Please log in to reply
14 replies to this topic

#1 ENova

ENova

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 05 September 2015 - 02:31 AM

Well simply put, I was on a porn website and I was suddenly redirected to an ad that could not be closed unless I closed Chrome. After re-opening Chrome, there was 3 Norton notifications of an update or download to widevinecdmapater.dll and widevinecdm.dll.

I've seen these updates before on when starting up Chrome and never really paid much attention to it, but the timing for it in this case seemed really strange to me and I'm not entirely sure if anything was infected or not. Perhaps the update simply may have been a coincidence and nothing was actually infected. But as of now, I'm still using Chrome and everything seems fine.

OS: Windows 8

Haven't run any sort of scans yet, but I do have Malwarebytes installed.

 

Again just curious as to if anything suspicious happened or not and if it really was just a coincidence then I apologize for the inconvenience and my overreaction.



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:17 AM

Posted 06 September 2015 - 11:23 AM

Hello ENova,

 

 

 

widevinecdmadapter.dll is loaded as dynamic link library that runs in the context of the Google Chrome web browser. It is installed with a couple of know programs including Google Chrome Frame published by Google Inc, Google Chrome Frame from Google Inc and Google Chrome Frame by Google Inc. The file is digitally signed by Google Inc which was issued by the VeriSign certificate authority (CA). This particular version is usually found on Windows 7 Home Premium (6.1.7601.65536).

 

This is why you see that notification when you are starting Chrome. 

 

--------

 

Run MBAM:

 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

---------

 

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  In EULA window click I agree.

§  In Options uncheck Reset Winsock settings.

§  Click on Scan button.

§  When the scan has finished click on Cleaning button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[C1].txt as well.

------

 

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

--------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 ENova

ENova
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 07 September 2015 - 01:19 AM

Hello severac, thanks for replying!

 

Will update this post as I go:

 

MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/6/2015
Scan Time: 10:48 PM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.06.05
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Eric
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378061
Time Elapsed: 10 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.SweetPacks, HKLM\SOFTWARE\Updater By SweetPacks, Quarantined, [822bcf5d8efdb87ed7e5a21163a126da], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\Updater By SweetPacks, Quarantined, [98151418bad1d363744811a223e1fb05], 
 
Registry Values: 2
PUP.Optional.SweetPacks, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}, Quarantined, [8f1e2a02632889ad8a311cc35ca66b95], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}, C:\Program Files\Updater By SweetPacks\Firefox, Quarantined, [8f1e2a02632889ad8a311cc35ca66b95]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
-I encountered malware issues about two years ago and came here to fix the issue, but it would seem that those threats were remnants from that incident. 
 
-I also have adwcleaner.exe downloaded from the last time I had problems, but all I see under options are /Disable choices.  Also, current version of my AdwCleaner is v2.305. Should I re-download AdwCleaner?

Edited by ENova, 07 September 2015 - 01:34 AM.


#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:17 AM

Posted 07 September 2015 - 02:48 AM

Yes, you should download new version. Now it's version 5.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 ENova

ENova
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 08 September 2015 - 12:12 AM

Got it. Here's the AdwCleaner text file:

 

# AdwCleaner v5.006 - Logfile created 07/09/2015 at 22:05:51
# Updated 06/09/2015 by Xplode
# Database : 2015-09-07.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Eric - EWRIC
# Running from : C:\Users\Eric\Downloads\AdwCleaner (2).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Eric\Favorites\StumbleUpon
[!] Folder Not Deleted : C:\Users\Eric\Favorites\StumbleUpon
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
 
*************************
 
C:\AdwCleaner[S1].txt - [2581 bytes] - [14/07/2013 14:54:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1096 bytes] ##########
 
 
JRT Text File:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 8.1 x64
Ran by Eric on Mon 09/07/2015 at 22:27:58.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\Program Files (x86)\pc checkup"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/07/2015 at 22:31:18.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by ENova, 08 September 2015 - 12:33 AM.


#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:17 AM

Posted 08 September 2015 - 01:56 AM

You used JRT version from 2013?  :nono:

 

Download new version and run. 

 

And tell me the status of your PC.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#7 ENova

ENova
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 08 September 2015 - 02:11 AM

oh didn't know I had to update that too haha my apologies. ><

hm the JRT link in your post has a 404 error, is there another link to it?

Laptop is also currently running perfectly fine as of now.


Edited by ENova, 08 September 2015 - 02:17 AM.


#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:17 AM

Posted 08 September 2015 - 02:36 AM

Try this link:

 

http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/293/


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 ENova

ENova
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 08 September 2015 - 02:44 AM

Alright just finished running JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 8.1 x64
Ran by Eric on Tue 09/08/2015 at  0:38:15.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\0
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Eric\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Eric\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Eric\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Eric\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/08/2015 at  0:41:15.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:17 AM

Posted 08 September 2015 - 02:48 AM

If you don't have any problems, run this:

 

Empty your temp folders using TFC (Temporary File Cleaner)

§  Please download TFC by Old Timer and save it to your desktop.
alternate download link

§  Save any unsaved work. (TFC will close ALL open programs including your browser!)

§  Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)

§  Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

§  Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

------

 

This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download  DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

§  Activate UAC (optional; some users prefer to keep it off)

§  Remove disinfection tools

§  Create registry backup

§  Purge System Restore

Now click "Run" and wait patiently.
Once finished, a logfile will be created. You don't have to attach it to your next reply.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#11 ENova

ENova
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 08 September 2015 - 03:06 AM

Ok finished rebooting after TFC, but Norton is not allowing DelFix to download. Do I temporarily disable Norton and let DelFix download?



#12 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:17 AM

Posted 08 September 2015 - 03:10 AM

Yes, disable Norton and run DelFix. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#13 ENova

ENova
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 08 September 2015 - 03:18 AM

Alright finished running DelFix! Everything seems to be running fine.

Also, did you happen to spot anything suspicious? There didn't seem to be too many things, so I'm kinda thinking maybe I didn't have to go through all this... ><

But anyways thanks again severac for responding and helping, really appreciate it!



#14 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:17 AM

Posted 08 September 2015 - 03:24 AM

Well, this was the easiest way to do full system check up. You can do this periodically on your own. It won't hurt, just use updated versions.  :thumbup2:


Edited by severac, 08 September 2015 - 03:40 AM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#15 ENova

ENova
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 08 September 2015 - 03:30 AM

Ah I see, well didn't take too much time either so it's all good. 

But I'll definitely start doing some routine checkups every now and then!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users