Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what i have, i just know i have something...


  • This topic is locked This topic is locked
4 replies to this topic

#1 s7ormx

s7ormx

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:07:30 PM

Posted 23 January 2017 - 02:10 AM

i've reformatted 3 different times, and it seems after a while it always comes back..

whatever it is, sometimes it will just close down certain apps im  using in the background, rename or move apps to different folders, makes desktop.ini's on every drive connected to my PC, deletes/disables services/system files, i have a Default0 user

 

im not sure exactly what i have, or what is going on, but i can tell you that in my Task Manager my google chrome.exe has this command line attached to it:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup.BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFi 

and it just ends.

 

i have not noticed any of my accounts or anything getting hacked although, but i've done a lot of searching on the forum and havent found a fix to this yet, even tried using most of the programs recommended for virus removal/adware/malware/rootkit, etc and still havent gotten rid of it.

 

Windows 10 Home

I Have MalwareBytes Anti-Virus

MalwareBytes Anti-Ransomware

Glary Tools

& Tweaking Windows Repair

 

Any kind of help would be greatly appreciated.

Thank you in advance <3



BC AdBot (Login to Remove)

 


#2 7LegSpider

7LegSpider

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 23 January 2017 - 03:36 PM

I installed Process Explorer in place of Task Manager.  It provides more info.  I can right click on an instance of chrome.exe and inspect Properties to see the full command line (and copy/paste the command line into a text file to make it easier to read).

I noticed the same thing on two of my machines last week. I installed and scanned my computer with Zemana, Hitman Pro, Malwarebytes, and others recommended on  https://malwaretips.com/blogs/remove-chrome-exe-virus/ 

A few issues were found (cookies mostly), but none of these programs found any issues with chrome.exe or discovered/discussed these command lines.  I also uninstalled Chrome and reinstalled.

I was beginning to just assume this is not a problem, but rather just part of chrome.  However, I have more problems today (my chrome logos are not appearing on hyperlinks on my desktop, sluggish internet speed).  If this is normal, I really wish I could find an authoritative post declaring terms like "AutoCreditCardSignInPromo" and "PasswordManagerSettingsMigration/Enable" in the command line for Chrome.exe to be ok.
 

Marc Clifton posted on the following example on 3-Nov-16 4:41  at
https://www.codeproject.com/Lounge.aspx?msg=5321771#xx5321771xx

 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo&lt;AutofillCreditCardSigninPromo,AutomaticTabDiscarding&lt;AutomaticTabDiscarding,BlockSmallPluginContent&lt;PluginPowerSaverTiny,DocumentWriteEvaluator&lt;DisallowFetchForDocWrittenScriptsInMainFrame,MaterialDesignUserManager&lt;MaterialDesignUserManager,NonValidatingReloadOnNormalReload&lt;NonValidatingReloadOnNormalReload,OverrideYouTubeFlashEmbed&lt;Override YouTube Flash emed,*PreconnectMore&lt;PreconnectMore,*TranslateUI2016Q2&lt;TranslateUI2016Q2" --disable-features=MetricsReporting&lt;MetricsAndCrashSampling,PointerEvent&lt;PointerEvent,SSLPostQuantumExperiment&lt;SSLPostQuantum,UpdateRendererPriorityOnStartup&lt;UpdateRendererPriorityOnStartup --force-fieldtrials="*AppBannerTriggering/Control/*AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteEvaluatorGroup/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OfferUploadCreditCards/Enabled/*OmniboxBundledExperimentV1/StandardR7/*Override YouTube Flash emed/YouTubeFlashRewrite/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/BiMonthlyPrompt/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*SignInPasswordPromo/Default/*StrictSecureCookies/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_47/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/" --primordial-pipe-token=40FD41B8257D2C6E312516F374A00749 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1.1041666269302368 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=40FD41B8257D2C6E312516F374A00749 --channel="4860.1284.267757369\20359401" --mojo-platform-channel-handle=17672 /prefetch:1



#3 7LegSpider

7LegSpider

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 23 January 2017 - 04:21 PM

Now I can't open and view file folders.  Windows key + E gives an error message.  My restore points are deleted prior to last week.  I don't understand who this benefits? Why? Just let me have my computer.

151 hour scan from Malwarebytes came up with nothing.  I cancelled the end of the scan because it's been a week and it was inspecting item 241,000 in the temp folder.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:30 PM

Posted 24 January 2017 - 04:58 PM

Better to get a deeper look. repost..start at step 6.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:30 PM

Posted 05 February 2017 - 03:38 PM

OK , that's good and you have a helpers reply. I will close this one.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users