Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lajondecmobodlejlcjllhojikagldgd- Malware?


  • This topic is locked This topic is locked
5 replies to this topic

#1 Overlookhotel

Overlookhotel

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 23 September 2016 - 01:11 PM

Hi,  Just joined Bleeping Computer.

Does anyone know what this file is, as in title "lajondecmobodlejlcjllhojikagldgd" which is in "C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions"

and "lajondecmobodlejlcjllhojikagldgd" which is in "C:\Users\-----\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings"

"lajondecmobodlejlcjllhojikagldgd" in "C:\Users\----\AppData\Local\Google\Chrome SxS\User Data\Default\Sync Extension Settings"

There is also 3 or 4 other scattered in "C:\Users\----AppData\Local\Google\Chrome SxS\User Data\Default" 

All with "lajondecmobodlejlcjllhojikagldgd"

They are loaded with Chrome extensions and are flagged with ADW Cleaner. When cleaned they reappear when chrome is opened. Is it malware?

I am going to disable all extensions and see if they are gone and then load one by one to see if they reappear.

Many thanks.

 

I disabled all extensions including chrome extensions. The files reappear when chrome is executed.

I use TuneUp utilities and have disable chrome on startup and in background. I checked this with task manager and they don't appear until chrome is executed.

Also I have Malwarebytes and avast antivirus which don't flag the files. Maybe harmless but why flagged with AWD. No extensions so loaded with chrome itself.

I hate Malware, esp. backdoor ones. I am going to mail Google about it.

Thanks again.


Edited by Overlookhotel, 23 September 2016 - 01:50 PM.


BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:12 AM

Posted 23 September 2016 - 10:33 PM

I'm Bezukhov, and I will be looking into this.

Some things to keep in mind:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
To err is Human. To blame it on someone else is even more Human.

#3 Overlookhotel

Overlookhotel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 24 September 2016 - 07:52 AM

Hi Bezukhov,

Thanks for quick response. I got a message from a chrome developer this morning.

https://www.stefanvd.net/

 

"That is the ID from my Zoom Chrome extension:

https://chrome.google.com/webstore/detail/zoom/lajondecmobodlejlcjllhojikagldgd

Your AdwCleaner show uncorrect information from malware. In my code there is no malware files and all my Javascript code is opensource:

https://github.com/stefanvd/Browser-Extensions/tree/master/Zoom/Zoom-Chrome-extension

 

Removing the files, doesn't remove the extension. Because there is pref file from Chrome where it said you installed the extension. And Chrome restore the files when something this removed. To get it out the pref file, follow the steps here below: 

 

1. You installed the Zoom Chrome extension from the Chrome web store, and you can easily uninstall it from this page:

chrome:extensions

2. Search for the name "Zoom"

3. And click the trash icon, to remove it"

 

I removed it and the mentioned files are gone. It is strange they were still loaded even when extension was disabled.

Anyway looks like a red herring. Do you agree?



#4 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:12 AM

Posted 24 September 2016 - 09:25 AM

The point is you have an extension you wish removed and you can't. Please run the Farbar Recovery Scan and post the results, so I can have a better look.
To err is Human. To blame it on someone else is even more Human.

#5 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:12 AM

Posted 27 September 2016 - 07:28 AM

Do you still need help?


To err is Human. To blame it on someone else is even more Human.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:12 AM

Posted 30 September 2016 - 01:18 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users