I first received a notification for this yesterday, but dismissed it after search results kept suggesting it might be a false positive. But today, Avast keeps blasting me w/popups for the trojan. Every time I open a new Chrome tab I get hit w/multiple popups. The shields scan says I'm currently at 323 files, and it's bound to grow if I open another tab or two (edit: now allegedly 535 by the time I finished posting this after researching the problem).
This Chrome forum post was not helpful:
https://productforums.google.com/forum/#!topic/chrome/PyO_qzRXM5oThese Avast blog posts and the following Solvusoft blog post were helpful to me figuring out wht the hell this virus is. Apparently, it's a mutated Russian trojan (fwiw):
-
https://blog.avast.com/2013/02/05/bicololo-virus-spreading-via-webserver-errors/-
https://blog.avast.com/2012/10/08/russian-odnoklassniki-spamming/-
http://www.solvusoft.com/en/malware/trojans/vbs-bicololo-bu/Since Avast isolated the threat and placed them in the Chest, I deleted them in bulk. But when I opened a new tab just now, I got blasted w/about six popups. So does that mean there are six instances of the virus for each tab I open, or is this just overkill on Avast's part?
The .ldb file extension is a Microsoft Access "lock information file," which tracks users accessing an Access database of the same name.
When I searched for "gomekmidlodglbbmalcneegieacbdmki" in my Chrome extensions, it turns out that is the filename for Avast. So is Avast flagging its own Chrome extension, or is the six digit number as filename the actual virus? OP's was 140228.ldb. Mine is 051681.ldb.
I'm going to try OJP's method, since that seems to be where the virus is located. I'll report back what I find.
Oh, and fwiw, I'm running macOS Sierra Version 10.12.5 on a 2016 Macbook Pro, and my Chrome version is Version 59.0.3071.115 (Official Build) (64-bit).