Author Topic: Has anybody had this on Google Chrome?  (Read 25507 times)

0 Members and 1 Guest are viewing this topic.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Has anybody had this on Google Chrome?
« Reply #15 on: October 01, 2014, 08:39:39 PM »
Quote
WHAT THE HECK is "Installmate"
you mean PUP.Optional.InstalleRex.A   

Quote
PUP.Optional.InstalleRex got on your computer after you have installed a freeware software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this browser hijacker. This Potentially Unwanted Program is also bundled within the custom installer on many download sites (examples: CNET, Brothersoft or Softonic), so if you have downloaded a software from these websites, chances are that PUP.Optional.InstalleRex was installed during the software setup process.

Quote
The PUP.Optional.InstalleRex infection is used to boost advertising revenue, as in the use of blackhat SEO, to inflate a site’s page ranking in search results.


REDACTED

  • Guest
Re: Has anybody had this on Google Chrome?
« Reply #16 on: October 01, 2014, 08:49:28 PM »
Fabar scan results -

REDACTED

  • Guest
Re: Has anybody had this on Google Chrome?
« Reply #17 on: October 01, 2014, 09:03:51 PM »
Thanks, Pondus.....THAT is kinda unnerving!  You say it COULD come packaged INTO "(video recording/streaming, download-managers or PDF creators)".....

WONDER if, as others have suggested, the AceStream program is the carrier??

NOW - I keep getting THIS every five seconds  -


Infection blocked
URL   hxxps://codegv.ru
Infection   URL:Mal


WHY are they picking on ME??  LOL!

REDACTED

  • Guest
Re: Has anybody had this on Google Chrome?
« Reply #18 on: October 01, 2014, 10:16:27 PM »
ASWMBR log

REDACTED

  • Guest
Re: Has anybody had this on Google Chrome?
« Reply #19 on: October 01, 2014, 11:08:21 PM »
I have tried everything on the thread about Logs to assist in cleaning Malware!  I just now uninstalled AceStream Player and re-booted!

AND NOW - EVERY SINGLE TIME I go to ANY webpage, I get the AVAST! warning -

Infection blocked
URL   hxxps://codegv.ru
Infection   URL:Mal

HOWEVER - I get NO warnings at all on Internet Explorer!!

Which tends to make me believe that either my Google Chrome browser has been hacked, AND/OR (probably), my entire Google account has been hacked!

I am VERY happy that AVAST! is stopping these hack attempts every time I go to ANY webpage.....but does anybody have even a GUESS as to WHAT this thing is??

ANY advice?

Thank you all again so much - you've been really patient with me!  This is just really frustrating :-(

REDACTED

  • Guest
Re: Has anybody had this on Google Chrome?
« Reply #20 on: October 02, 2014, 12:18:17 AM »
I have the exact same problem,

I get spammed to death by:

URL   hxxps://codegv.ru
Infection   URL:Mal


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Has anybody had this on Google Chrome?
« Reply #21 on: October 02, 2014, 12:27:10 AM »
Check your extensions in the Google Chrome browser for you might have installed a malicious extension.
Read here:
http://security.stackexchange.com/questions/65097/sophos-virus-protection-continuously-blocking-codegv-ru
AS Magic Player 1.0.0 imay be t the culprit of it!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Has anybody had this on Google Chrome?
« Reply #22 on: October 02, 2014, 05:45:48 AM »
Hi,

I will slowly so you will not get immediate result. I am sure you will have a smile on your face when I declare you A-Okay. Bear with me please.

  • Step #1 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    • BitTorrent
    • StreamTorrent 1.0
    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.


  • Step #2 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.

      • Ace Stream Media 2.1.7
    [/li]
    [/list]


    • Step #3 Fix with AdwCleaner
      • Download AdwCleaner by Xplode to your Desktop from the following link.
      • Right-click on AdwCleaner.exe and choose Run as administrator;
      • Click on Scan and let the program run unhindered;
      • When done, click on Clean and allow the system to reboot after it is done;
      • A log will be opened automatically after the restart;
      • Attach the log in your reply.


    • Step #4 Fix with Junkware Removal Tool
      Download Junkware Removal Tool by thisisu to your Desktop from the link below.
      Download Link 1
      Download Link 2
      • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
      • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
      • Please be patient as the tool cleans your system;
      • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
      • Attach the log in your next reply.


    Re-run FRST and check all its boxes. Then click Scan. Post the logs when done.



    • Required Log(s):
      • AdwCleaner Log
      • Junkware Removal Tool Log
      • Farbar Tool Logs--
        • FRST.txt
        • Addition.txt
    Regards,
    Valinorum

    REDACTED

    • Guest
    Re: Has anybody had this on Google Chrome?
    « Reply #23 on: October 02, 2014, 07:49:34 AM »
    I had the same codegv.ru issue. followed Valinorum's directions and it worked mostly.. however, it did so after several attempts.. what i did differently was.. i first uninstalled Acestream then ran both adware removal and junk removal as prescribed.. the malware was still there after restart. so i ran ccleaner and ccleaners' reg cleaner, then re-ran both adware and junkware removal, it was still there at restart, then ran both again simultaneously .. this time i did not let it reboot.. instead, after the junkware removal tool was finished, i re-started avast and did a  browser cleanup through avast.. at analysys, avast reported that the Speedbit extension and another extension (both on chrome) had low reputations and i removed them.  Re-started the computer and now its clean!

    thank you, Valinorum, for your help!!

    REDACTED

    • Guest
    Re: Has anybody had this on Google Chrome?
    « Reply #24 on: October 02, 2014, 08:39:36 AM »
    I had the same codegv.ru issue. followed Valinorum's directions and it worked mostly.. however, it did so after several attempts.. what i did differently was.. i first uninstalled Acestream then ran both adware removal and junk removal as prescribed.. the malware was still there after restart. so i ran ccleaner and ccleaners' reg cleaner, then re-ran both adware and junkware removal, it was still there at restart, then ran both again simultaneously .. this time i did not let it reboot.. instead, after the junkware removal tool was finished, i re-started avast and did a  browser cleanup through avast.. at analysys, avast reported that the Speedbit extension and another extension (both on chrome) had low reputations and i removed them.  Re-started the computer and now its clean!

    thank you, Valinorum, for your help!!

    In future, try not to follow advices given to other people as you may end up with an unbootable PC should there be a different type of malware in your system. Just because the symptoms are the same do not mean the malware is. Good day!

    REDACTED

    • Guest
    Re: Has anybody had this on Google Chrome?
    « Reply #25 on: October 02, 2014, 03:54:30 PM »
    INTERESTING!!!

    I KILLED the Chrome extension "AS Magic Player 1.0" on Chrome................

    ....THEN, OUT OF NOWHERE, it came back!!

    Troubling!

    So I removed it AGAIN!

    I removed all my P2P stuff, Valinorum, and I got rid of AceStream Player yesterday.  Gonna do steps three and four now - I will let you know how it goes after the final re-boot!

    REDACTED

    • Guest
    Re: Has anybody had this on Google Chrome?
    « Reply #26 on: October 02, 2014, 03:55:07 PM »
    adwCleaner report log below -


    # AdwCleaner v3.311 - Report created 02/10/2014 at 20:49:33
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : CPN - CPN-PC
    # Running from : C:\Users\CPN\Desktop\ALL ANTI-Malware nasty virus killer stuff\STILL HAVE TO USE FOLDER\adwcleaner_3.311.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\save  nett

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Google Chrome v37.0.2062.124

    [ File : C:\Users\CPN\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Search Provider] : hxxp://startsear.ch/?aff=1&src=sp&cf=6c8ebcfb-c7f8-11de-85c4-e8652fa017bb&q={searchTerms}
    Deleted [Search Provider] : hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4

    *************************

    AdwCleaner[R0].txt - [3105 octets] - [28/04/2014 11:52:35]
    AdwCleaner[R1].txt - [1236 octets] - [02/10/2014 20:43:59]
    AdwCleaner[S0].txt - [3220 octets] - [28/04/2014 11:54:57]
    AdwCleaner[S1].txt - [1515 octets] - [02/10/2014 20:49:33]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1575 octets] ##########

    REDACTED

    • Guest
    Re: Has anybody had this on Google Chrome?
    « Reply #27 on: October 02, 2014, 04:01:13 PM »
    ....annnnnnd, the Junkware Removal Tool scan:


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.2.6 (10.02.2014:1)
    OS: Windows 7 Home Premium x86
    Ran by CPN on Thu 10/02/2014 at 20:58:02.24
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 10/02/2014 at 20:59:45.03
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    REDACTED

    • Guest
    Re: Has anybody had this on Google Chrome?
    « Reply #28 on: October 02, 2014, 04:03:33 PM »
    It APPEARS to be gone!!

    Great work, Valinorum!

    ANY GUESS as to what exactly that attack was??

    You're correct - I AM smiling now!

    Thanks again SOOOOOOOO MUCH to everybody on this thread!!!!!!!!!

    REDACTED

    • Guest
    Re: Has anybody had this on Google Chrome?
    « Reply #29 on: October 02, 2014, 04:13:39 PM »
    Good news. How is your internet? If it is good, I will ask for an online scan. If not, give me a FRST scan. To do the latter, re-run FRST.exe and click on Scan and post the log when done.