Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads virus in chrome?


  • Please log in to reply
10 replies to this topic

#1 dennisinned

dennisinned

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 12 June 2017 - 05:49 AM

Hi, I recently find that my Chrome is running slower and thought it was nothing till I starting hearing ads without any sign of video/ads around the web page. Even in Steam webpages as well. I've ran Zemana and Avast Premier but to no avail while scanning. 
While checking the Task Manager, I've found an extension : Google    Hangouts


For some reason when ever I end this process, It keeps coming back and is not found in the extension web page.

Please provide any advice. 

Thank you.


Edited by dennisinned, 12 June 2017 - 06:05 AM.


BC AdBot (Login to Remove)

 


#2 mikey11

mikey11

  • Members
  • 1,366 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:08:11 PM

Posted 12 June 2017 - 08:08 AM

run adwcleaner

 

then run malwarebytes anti malware



#3 buddy215

buddy215

  • Moderator
  • 13,094 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:11 PM

Posted 12 June 2017 - 08:27 AM

To remove Hangouts you will need to find one these identifiers.....nckgahadagoaajjgafhacjanaoiihapd and knipolnnllmklapflnccelgolnpehhpl and delete it.

Look for them in the App Data folder. I think you will find only one of those. I don't know why there are two identifiers. Of course, there is the possiblility one is fake.

 

Use the programs below to clean, remove malware and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.0.6.1469.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by buddy215, 12 June 2017 - 08:37 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 dennisinned

dennisinned
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 13 June 2017 - 09:37 AM

 

To remove Hangouts you will need to find one these identifiers.....nckgahadagoaajjgafhacjanaoiihapd and knipolnnllmklapflnccelgolnpehhpl and delete it.

Look for them in the App Data folder. I think you will find only one of those. I don't know why there are two identifiers. Of course, there is the possiblility one is fake.

 

Use the programs below to clean, remove malware and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.0.6.1469.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

 

Hi buddy215,

Thanks for your advice. However I couldn't manage to find the identifiers you've listed in my App Data folder. I did followed your other instruction and cleaned up some messes. The Google    Hangouts extension still remain there though. :(



#5 buddy215

buddy215

  • Moderator
  • 13,094 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:11 PM

Posted 13 June 2017 - 10:17 AM

You can use a portable version of Everything to find that file. No installation....just unzip to your desktop.

Download Everything from voidtools

 

I would of preferred you posting the results of those scans. But if you are confident that you used them correctly

and they deleted/ quarantined what they found...okay. Was anything malicious noted by MBAM or Eset? Or was it all adware?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 dennisinned

dennisinned
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 18 June 2017 - 12:05 PM

Hi Buddy,
 
I've installed Everything and searched for those 2 files but to no avail. I've deleted Google Hangouts from Everything but the Extension : Google    Hangouts still exist in my chrome.
Previously, I was infected by some adwares : "www.luckysearch123.com". MBAM did removed it. Right now, I use Malwarebytes and Avast and nothing is detected.
However when using AdwCleaner, the result shows:
 
 ***** [ Web browsers ] *****
 
[-] [C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ourluckysites
[-] [C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ourluckysites.com
[-] [C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: luckystarting.com
 
Subsequent cleaning with AdwCleaner shows nothing. But I am positive that there still seems to be virus.
Also, while loading any pages, even this one, I realise at the bottom left corner, Chrome says "waiting for xx.xcetkbl.com.."
A quick search seems to show that it is related to the previous adwares I was infected with.


#7 dennisinned

dennisinned
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 18 June 2017 - 12:18 PM

Also, I've just installed Firefox and run the exact same extensions. It seems that web pages in Firefox load a lot quicker than Chrome and do not show "waiting for xx.xcetkbl.com.."



#8 buddy215

buddy215

  • Moderator
  • 13,094 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:11 PM

Posted 18 June 2017 - 12:40 PM

You haven't mentioned running the other two scans...Junkware Removal Tool and Eset Online scanner. If you haven't run those...I suggest you do.

 

Import your bookmarks from Chrome to Firefox. Then do a complete uninstall of Chrome. That includes your profile which contains your bookmarks, passwords and other custom settings.

Use Download Revo Uninstaller Freeware to uninstall Chrome.


Edited by buddy215, 18 June 2017 - 12:43 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 18 June 2017 - 02:47 PM

Info on Google Hangouts - legitimate software, and likely built-in to Chrome.

 

https://hangouts.google.com/



#10 tranh0l

tranh0l

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 19 June 2017 - 11:04 AM

Also, I've just installed Firefox and run the exact same extensions. It seems that web pages in Firefox load a lot quicker than Chrome and do not show "waiting for xx.xcetkbl.com.."

 

I got the same situation. I've tried Junkware Removal Tool but it did not solved. I try to download ESET Online scanner but cannot find the link. May ESET stop providing this tool?

 

Anyway, many thank buddy215 for many tools that you suggest  :clapping:



#11 buddy215

buddy215

  • Moderator
  • 13,094 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:11 PM

Posted 19 June 2017 - 11:15 AM

tranh01...Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users