Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

chrome popups


  • This topic is locked This topic is locked
9 replies to this topic

#1 Speedo420

Speedo420

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 10 August 2016 - 02:41 PM

I was told to post in there

 

http://www.bleepingcomputer.com/forums/t/622433/chrome-popups/

 

 

once again thank you for your help

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:08 AM

Posted 11 August 2016 - 08:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1824126147-266607446-1348413926-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\rbun3fdc.default-1445600440311\extensions\artur.dubovoy@gmail.com [2016-07-30]
CHR Extension: (Video Downloader Pro) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-08-09]
CHR Extension: (Video download helper) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn [2016-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\rbun3fdc.default-1445600440311\extensions\artur.dubovoy@gmail.com
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
cmd: netsh winsock reset catalog

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION
Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Please post the log and let me know what problem persists.

#3 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 11 August 2016 - 09:54 AM

hello,

 

attached is the log

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by pc (2016-08-11 10:33:06) Run:1
Running from C:\Users\pc\Desktop\bleepingComputer
Loaded Profiles: pc (Available Profiles: pc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1824126147-266607446-1348413926-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\rbun3fdc.default-1445600440311\extensions\artur.dubovoy@gmail.com [2016-07-30]
CHR Extension: (Video Downloader Pro) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-08-09]
CHR Extension: (Video download helper) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn [2016-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\rbun3fdc.default-1445600440311\extensions\artur.dubovoy@gmail.com
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
cmd: netsh winsock reset catalog

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1824126147-266607446-1348413926-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\rbun3fdc.default-1445600440311\extensions\artur.dubovoy@gmail.com => moved successfully
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\rbun3fdc.default-1445600440311\extensions\artur.dubovoy@gmail.com => path removed successfully
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho => moved successfully
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn => moved successfully
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
"C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\rbun3fdc.default-1445600440311\extensions\artur.dubovoy@gmail.com" => not found.
"C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho" => not found.
"C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn" => not found.
"C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.

========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 224294385 B
Java, Flash, Steam htmlcache => 1593 B
Windows/system/drivers => 304856 B
Edge => 0 B
Chrome => 66700232 B
Firefox => 419912176 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 33058 B
LocalService => 66228 B
NetworkService => 399582 B
pc => 89068476 B

RecycleBin => 0 B
EmptyTemp: => 771.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:33:43 ====

 

 

I'm off to re-install Chrome



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:08 AM

Posted 11 August 2016 - 10:13 AM

Waiting. Let me know if any problems persists.

#5 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 11 August 2016 - 10:52 AM

this version of Chrome your talking about is what I got when "boobme" suggested I go to this site

 

http://www.howtogeek.com/howto/15182/how-to-disable-individual-plug-ins-in-google-chrome/

 

not understanding what I was doing I did download that version.........is there a way to save everything all settings, bookmarks and even history?  then going back to the old version I had or to a new version of Chrome

 

so far no popup problems



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:08 AM

Posted 11 August 2016 - 12:08 PM

If you have installed a version from this page leave Chrome alone.

http://www.chromium.org/getting-involved/dev-channel

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 11 August 2016 - 12:15 PM

one, what was the problem or problems?

 

two, if the popups return or continue in the next day or two can I leave a message here?

 

thank you again!!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:08 AM

Posted 12 August 2016 - 07:27 AM

The worst was your Winsock that was corrupted.
I also removed the Restrictions and clean some unnecessary Chrome Extensions.

I will leave this topic open for 5 days. If you need to return please do.

#9 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 12 August 2016 - 11:45 AM

thank you again



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:08 AM

Posted 18 August 2016 - 08:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users