Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Chrome related virus - problems with security settings and downloading


  • Please log in to reply
2 replies to this topic

#1 ecath

ecath

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 14 November 2015 - 08:03 AM

OKay so I am going to try to give a chronological description of some of the problems I'm experiencing on this laptop. It runs on Windows 7 home Premium SP 1. This is a computer that has gone from very infrequent usage to daily, which I suspect could mean we're more open to viruses as it's being used more and more and perhaps not adequately protected. We run AVG regularly, and scans, but the only firewall is Windows Firewall (planning to use Zonealarm from now on, this PC was passed on to me and i simply hadn't got round to it!)

 

I would attempt a reformat but I want to figure out what the problem is first if possible. I regularly use a HDD to access my files (I don't story them on the HDD on laptop) so worried this may be infected also.

 

 

1)I had some issues with Microsoft Office faulting and crashing and not being able to open files. I attempted a repair install. All seems fine now. (could be completely unrelated)

 

2) Then I've had some issues with battery capacity - again potentially unrelated - computer says it needs replacing. Again probably hardware, but we get this message at startup. The PC is quite old though.

 

3) The main issue has been Chrome

First I noticed font changes - it looked like an older version or something, I can't quite describe it. It was being slow and crashing a lot.

 

Next I noticed that I couldn't print from Chrome either!

 

4) Then the serious stuff happened.

 

I loaded up the PC two days ago and got this message ( ) '

Your internet security settings prevented one or more files from being opened'

 

I thought it was just browser related so I tried fiddling with the settings - restoring defaults. All to no avail. Still had the problem. I could not open any file or program (internet or non internet) because of these supposed security settings.

 

5) I tried a system restore and scanning in safe mode (AVG Malwarebytes and Spybot).

Still seemed to be having strange pc behaviour. 

System restore failed on 2 restore points. 

 

I try to uninstall and reinstall Chrome hoping it might clear the virus out. When I do that IE opens, and says 'successful uninstall' but I see no uninstallign pop up going on (so basically add or remove programs doesn't work). When I restart Chrome is still there and still works.

 

I try to install some more malware software - GMER - and download is blocked! Then I realise ALL downloads are blocked, on Chrome and IE.

 

When I try to fiddle around with the downloads location on internet setting I see that downloads are located in TEMP and not in my user profile. I adjust this but think it's suspicious. About a month ago I created a new user profile, which was working fine (the PC has 2 profiles now)

 

2). Downloads still don't work so I can't install any more programs or even download simple files. 

 

However - on one restart (after being in safe mode before) the computer seems to be able to open its software again - no pop up message as before. But downloads still not working.  

 

I do a later scan for rootkits in the Windows folder specifically (I started looking and scanning in System32 and Windows to see if I find anything odd.. AVG detects this threat: 

C:\Windows\Softwaredistribution\DataStore\Logs\Tmp.edb

 And successfully removes. I restart.

 

6) I searched for some more solutions online as I suspected AVG hadn't fixed the underlying problem. Found other forum entries with similar problem but none seemed to have a general fix.

 

I thought I'd try to download GMER and Zonealarm to be safe - but downloads fail. I had a look at Windows Task Manager processes as well to see if I could identify anything odd. No major findings, just that there was quite a few SVChost.exe but I scanned for the associated virus with specialised software and found nothing. 

 

Then, I tried a restore to default again on internet settings and hurrah - downloads worked for me! ( I don't know if this part of the problem is fixed or if it will continue switching up the settings). So I scanned with GMER - can post log once it's finished. 

 

7) This temp user thing is troubling me so I have scanned the TEMP file with AVG and found nothing. I'm worried about what may have happened to the original profile (my name). Filewise, everything seems to be there however - in users!

 

 

 

We both use this commputer for banking and emailing (I have a whole chrome profile on here with all my details - though never save passwords!) So we are very worried about our security!

 

 

Any advice would be much appreciated. We recently paid out for a hardware issue so really want to avoid having to take it in to a store! 

 

Thank you for your time in advance :)


Edited by ecath, 14 November 2015 - 08:15 AM.


BC AdBot (Login to Remove)

 


#2 ecath

ecath
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 14 November 2015 - 08:07 AM

Additionally we've been having VERY slow internet speeds (for a good month before this happened)- which we thought was related to our provider (BT) but I guess if it's an entire hijack could be related.

 

Computer installed 28 windows updates recently too (yesterday) which seemed a bit much considering we get regular updates (just some extra info in case it's related, but probably not).



#3 ecath

ecath
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 14 November 2015 - 08:59 AM

Gmer found

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-11-14 13:56:24
Windows 6.1.7601 Service Pack 1 x64 
Running: pr8fvli9.exe
 
 
---- Registry - GMER 2.1 ----
 
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c30611                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                 27914
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c30611 (not active ControlSet)  
 
---- EOF - GMER 2.1 ----





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users