Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware that keeps installing fake Chrome and Firefox


  • Please log in to reply
2 replies to this topic

#1 jps96

jps96

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 25 May 2017 - 11:36 AM

I scaned  with malwarebytes multiple times and it removes the files and icons but they keep coming back a few days later, hitmanPro also did nothing.

 

Its always the same file but they keep coming back with different names sometimes
For example:  ​Chrome target: "C:\Program Files (x86)\Hippig\Application" --> Hippig file

Firefox is always the same target. "C:\Program Files (x86)\Firefox\Firefox.exe"

 

The malware also changed my browser default search engine, homepage and new tab page to ourluckysites (it was annoying but could change again to Google with no problema), but last time before i uninstalled Chrome, it changed to mystarting123, and i couldn't change to Google anymore.

​Now i have uninstalled chrome and can't install it again. And even after both been uninstalled the fake chromes and firefox comeback again.

​I don't know what else to do... Need help fast! 

 

Here's an image from the file. 

 

Attached File  chromemalware.png   51.73KB   0 downloads


Edited by hamluis, 25 May 2017 - 12:22 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,874 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:42 AM

Posted 25 May 2017 - 02:05 PM

Use the programs below to clean, remove adware and remove malware. I know you have uised MBAM but please run again and post what if anything it finds. No need

to reinstall if you already have it installed...just allow it to update before scanning.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.0.6.1469.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 mpg26203

mpg26203

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 01 April 2018 - 02:17 PM

well, i do know this post is very old, but i want to say this as i had the same problem loong ago and it was a pain in my butt for 2 weeks even with a pretty advanced knowledge of computer security, so that everyone that reads this and has the same problem is able to solve it just as i did.

 

first of all, this is a browser hijacker and if you have it, then the most probable situation is that you have a backdoor, adware or a trojan installed on your pc, because this kind of problems dont show up or infect a pc alone (usually)

when i got this problem it was caused by a backdoor called snare.msi wich also installed a huge lot of random rogue antiviruses, some nasty programs and even videogames called "warframe" and "farm..." something. this happened like a year ago dont judge me, but you probably got another kind of backdoor installing stuff, you shouldnt think you have exactly the same problem as me.

 

second, you should look at your appdata temp, local and roaming folders for unusual activities (thats where the snare.msi file was for me) and also program files folder, then check official bleepingcomputer posts about how to remove it because some malware enables some payloads when you try to manually remove them, minion based ones for example. if that doesnt work or there arent any posts then you should try the following

i will only show general solutions that will possibly work on every pc and i will try not to break any of the bleepingcomputer rules

(please try to do all of this steps in safe mode with networking enabled)

 

third, the first thing you should do is install Adwcleaner, roguekiller, malwarebites antirootkit and a few free, well known antivirus (like malwarebites and avast. make sure to enable anti rootkit scan if you know how to) (always download them from the official sites and from a browser you know isnt infected or do that in safe mode. yeah totally do all of this in safe mode) (make sure to uninstall every one of them except the preferred one by you as when you have more than one antivirus installed they can enter in conflict with each other and make your pc run slow). then scan your pc with them all and delete any found threats, reboot your pc if the antivirus tell you to do so. this is because the protocols of every antivirus detect some viruses that the others dont and viceversa so if you only have one you could still have trails of the viruses wich will replicate and if you got a backdoor like me, well in fact you could literally have thousands of malware, and when i got this whole problem avast didnt detect absolutely any of them except with the boot scan.

 

the next step is to check (right click, properties) every browser shortcut you have  and if it says other than the default (for example redirectting you to a "hippig" folder wich is an exact copy of chrome but hihacked instead of chrome. that exact thing happened to me), then delete those shortcuts and the suspicious folders, then create shortcuts to the legitimate browser (at this point the backdoor should be gone and you are just deleting possible trails of it). also if there is any desktop or start menu shortcut that you didnt create, for a program you didnt install, delete it inmediately and repeat this whole proccess if you accidentally opened one of them. those things often are able to replicate the whole problem and often they arent even games or are modified ones.

 

if after doing all of this the shorcuts get modified and/or created again, you notice some suspicious activity in your pc and think the problem may be back, try to completely wipe your hard disk, reinstall windows if necessary, dont just do a system recovery or revert it to a past status. also dont do any backups and if you need any programs then install them from zero from the official site as most files can be modified to carry malware in them. even png images. this is in case that you are completely sure the rest of the solutions didnt work because you may want to have your important files with you. i actually was able to recover my pc but you may have a worse problem than the one i had. dont get alarmed that is almost impossible and maybe you just have a browser hijacker alone, it is possibly alone if you started having this problems after installing a browser extension, clicked a weird ad or visiting a shady web page. some ads even redirect you to websites that hijack your pc in the background so please be intelligent and install an adblocker (it is highly recommended, almost mandatory for your own good if you use adfly shortened websites often or similiarr ones. dont let that bonus 5 secs of wait convince you you have some more billions of them. ads in that kind of websites are pretty darn invasive and often even harmful.)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users