Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Font Pack issue - nothing happened?


  • Please log in to reply
6 replies to this topic

#1 darkclouds

darkclouds

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 16 April 2017 - 02:20 PM

Hello,

 

yesterday I got the "chrome font pack" pop up on a website and I clicked on "update". I am really mad at myself because I have been so careful.... I thought it was something else, but then I thought it looked weird and googled it. And found the explanation on this website.

https://www.bleepingcomputer.com/virus-removal/hoeflertext-font-wasnt-found-and-chrome-font-pack-guide

 

But it's not exactly the same as described on that article. I got the pop up to update the 'chrome font pack' but afterwards a new tab opened with this website http://leadertalk.edu.vn/loo.php which showed a blank page. I closed it immediately. When this happened I realized something was off and decided to search for it.

 

 

Is this some kind of virus? I scanned my PC with AdwCleaner and MalwareBytes (trial) and it did not report anything related to this chrome stuff. I did check the url on virustotal and one source noted it as a "malicious site".

 

How can I see if something weird entered my computer and what was that website about? Has anyone had an issue similar to mine?

 

This has been bugging me because I can't find anything wrong. Even my files and folders look okay...

 

Thanks!


Edited by darkclouds, 16 April 2017 - 02:22 PM.


BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:07:03 PM

Posted 17 April 2017 - 09:14 AM

What happened after you clicked "Update"? Did your web browser download anything from the website?


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#3 darkclouds

darkclouds
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 20 April 2017 - 11:11 AM

What happened after you clicked "Update"? Did your web browser download anything from the website?

Thanks for replying.

 

No. From all the articles I've read about this, chrome didn't download anything for me.  Nor did I install it. When I clicked update another tab opened going to this webpage leadertalk.edu.vn/loo.php which showed only a blank page (or perhaps I didn't let it fully load, because I closed it immediately).

 

No idea if something was downloaded without me seeing, from what I can see nothing seems out of place.



#4 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:07:03 PM

Posted 20 April 2017 - 01:26 PM

You may want to download and run a simple rootkit removal program just in case that blank site downloaded something in the background.

 

Download Malwarebytes Anti-Rootkit from the provided link here.

When saving the file, please save it to your desktop. Once the file has been downloaded, right click on the downloaded file and select the Extract menu option. This will start the Windows compressed file extraction wizard. Follow the steps to extract the file and Malwarebytes Anti-Rootkit will be extracted to a folder called mbar-versionnumber on your desktop. For example, Malwarebytes Anti-Rootkit version 1.01.0.1009 will be extracted to a folder named mbar-1.01.0.1009.

Once the file has been extracted, double-click on the folder and when that folder opens, double-click on the mbar folder. You should now see a list of files that are found in the mbar folder. Please double-click on the mbar.exe file to launch the program.

Click through the agreements for the program.

Please click on the Update button to have MBAR download the latest definition updates that will then be used when scanning your computer. When the update has finished, please click on the Next button.

You will now be at the Scan System screen where you can select some basic scanning options.

Make sure the Drivers, Sectors, and System scan targets are selected and then click on the Scan button.

Make sure everything is selected and that there is a check mark in the Create Restore point option. Then click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer. Please click on Yes button to restart your computer. After the computer reboots and you login, you will be back at your normal desktop. It is suggested that you do one last scan using Malwarebytes Anti-Rootkit to make sure all traces have been removed. There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.

Paste both log contents into a post.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#5 darkclouds

darkclouds
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 20 April 2017 - 03:57 PM

Thank you SO much for your help!!

 

Just finished scanning and I got the message "Congratulations, no cleanup is required! Scan Finished: No malware found!"

 

Should I still paste the logs? They only mention "No malicious items detected".

 

Okay, so does this mean there's absolutely nothing weird happening on my computer? Nothing spying on google chrome? Should I uninstall chrome? Should I do something else to be 100% sure?  :smash:


Edited by darkclouds, 20 April 2017 - 03:58 PM.


#6 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:07:03 PM

Posted 20 April 2017 - 05:31 PM

No need to paste the logs.

 

You might want to use one more malware-removal program just to make sure there is no trace of any bad software on your PC.

 

Download RogueKiller from here. Run a scan with RogueKiller. Once done, click View Report on the bottom left and paste the contents into a post.

If it shows nothing, your computer is malware-free!

Also, reset chrome. Type chrome://settings in your Chrome URL bar and hit Enter. Scroll towards the end and click on Advanced settings. Toward the end, you will see the Reset browser settings button. Click on the button to restore Chrome settings to default. Restart the computer.


Edited by iMacg3, 20 April 2017 - 06:34 PM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#7 nazizal

nazizal

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 05 June 2017 - 10:01 PM

oh, my god. I had the same problem, happened in April too! but my browser downloaded it. & I got ransomware attack after downloading it  :(  :( & because of that, all my images, PDFs are gone. somebody please help!! :(( am I able to retrieve my files back?? & how to completely remove this ransomware. It always show up in my Window Defender scan eventhough I already removed it. would be better if someone can reply to me on my twitter @nazizall cause I dont think I will remember to check this web again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users