We have many users who have got some kind of infection of Chrome browser affecting both Windows 7 and Chrome OS (chromebooks). THe condition is that search produces a series of results and then quickly refreshes to show many new results from Addonjet.com all of which lead to fake antivi or similar malware hijacks. before or after that happens a captcha from ipv4.google.com comes up saying suspicious activity has occurred. A tab for reimageplus.com crops up, and then many variants of malware hijacks.
Malware bytes may or may not detect anything, but often not and removals have no effect.
There is no unexpected program in Cotnrol Panel. There is no unexpected Extension in chrome://extensions ...
Generally, I can fix the problem in Windows by shutting down Chrome, and renaming C:\Users\<profilename>\AppData\Google\Chrome\Default and then reopening Chrome. I don't know how long that fix will last, since I don't know where the original infectino came from, and it is very widespread.
Reset the profile in Chrome did not fix the problem.
ALthough Mbam doesn't find anything installed, if i use the pro version I can see many outbound requests from Chrome.exe to malicious sites. These stop after the Default folder is renamed or removed.
Various webpages about Addonjet don't seem to address this condition.
Does anyone have some more information or experience?
Edited by Orange Blossom, 02 December 2015 - 01:08 PM.
Moved from MRL to Am I Infected - Hamluis. Moved back. ~ OB