Jump to content

Archived

This topic is now archived and is closed to further replies.

CMS

JS/Mindspark.E

Recommended Posts

Try using Malware Bytes or Adwcleaner to find/remove everything associated(registry entries, temp files etc.) to JS/Mindspark.E!

 

Searched for threats after that with ESET and found none..

 

No notifications/alerts since yesterday!

Share this post


Link to post
Share on other sites

Is there no FIX yet for JS/Mindspark.E???

I have in the meanwhile switched to FireFox

Share this post


Link to post
Share on other sites

Ok just spoke to ESET support and they advised to do the following;  

1. Disable all extensions in Chrome. Settings > More Tools > Extensions.

2. Select 'Developer mode' from the extensions menu and make note of the ID of the extensions you want to keep (along with the official Google ones such as sheets etc) - e.g. ID: bhghoamapcdpbohphigoooaddinpkbai

3. Close Chrome and navigate to %username%\AppData\Local\Google\Chrome\User Data\Default\Extensions 

From here you delete all the extension ID's that you don't want (leave the ones you recorded in step 2). I believe the malware in question started with the letter 'o' (but it might not be universal).  

4. Download and run 'ADWCleaner' from Malwarebytes. When you first run it go into the options menu and select all options. Run a scan and then clean all. Please note you'll lose RDP connectivity during the clean so advise the user to restart after it's completed.  

So far so good. ESET were actually very helpful.

 

 

Share this post


Link to post
Share on other sites
22 minutes ago, Dave B said:

Download and run 'ADWCleaner' from Malwarebytes

So ESET advised you to " download and run 'ADWCleaner' from Malwarebytes" ?????

Asking you to run somebody's else software to fix their own problems....doesn't seem very encouraging. 

Share this post


Link to post
Share on other sites

I was told the same, and also to use Rogue Killer. Apparently ESET's client doesn't specialise in removing adware...

Share this post


Link to post
Share on other sites
11 minutes ago, John Alex said:

So ESET advised you to " download and run 'ADWCleaner' from Malwarebytes" ?????

Asking you to run somebody's else software to fix their own problems....doesn't seem very encouraging. 

Yeah I think it was to remove the last residual traces after removing the extension folders.  

To be fair to then, I've had many cases like this with Sophos, Norton and Avira where Malwarebytes saved the day. 

I think their adaware scanner is slightly deeper for these types of threat - although AV companies should be catching up.  

Share this post


Link to post
Share on other sites

Adware poses a problem to AV vendors. They are more than capable of detecting malicious versions of it as this example shows. Since adware is browser based and is either inadvertently or intentionally installed by a user in the form of an add-in, extension, or plugin, removing same poses issues. AdwCleaner is a specialized product that was designed to detect adware and provide for selectively removing it from the browser.

Additionally, most adware is not malicious but more it the category of "nuisance-ware" that can hijack and redirect to the ad creators web site and the like. In this status, it is akin to a PUA but browser based. If AV vendors started removing adware in this category, they will be bombarded with false positive complaints from both users and ad vendors.

I will state that using IE or Edge will greatly reduce your chances for adware since both use add-ons that are limited in number and have to be manually installed by the user from restricted sources.  

Share this post


Link to post
Share on other sites

This and one other malware continues to pop up on my wife's Lenovo laptop for more than a week.  Checking all the "Advaned" options does nothing to alleviate the problem.  ESET NOD 32 detection pops up every restart and multiple times per day.  What the H***?

Share this post


Link to post
Share on other sites

The issue is the malware is not actually malware from what I have been reading and seeing  like Chrome being launched to auto go to the extensions page is nothing nefarious.  That string after chrome.exe should not be flagged.  ESET recommending other products....lol..  ESET presents itself as the total solution for protection.  It is almost embarrassing if they truly are saying use another product.

Share this post


Link to post
Share on other sites

The first time ESET detects the PUA (if you have PUA detection enabled), it will prompt you for an action. Selecting “Clean” will close the browser and the extension will not be detected anymore. However, if you have browser extension syncing enabled, then it will continue to be detected by ESET. The workaround in Chrome for this issue is detailed in the KB, no other products are needed to resolve this issue: https://support.eset.com/kb6551/

Share this post


Link to post
Share on other sites

I am concerned that the Eset program doesn't clear the application when I request it.  Is there some other way to stop these constant pop-ups?   I get 3 in a row, 2 or 3 times in every browser session

Share this post


Link to post
Share on other sites

ESET KB on the issue: https://support.eset.com/kb6551/ 

Answer is to Ignore it or disable Chrome functionality? What kind of choices are those? And I've go to do this on every PC? Workarounds are bad. Any plans for a 'regular' fix for this issue?

Share this post


Link to post
Share on other sites
5 minutes ago, PG79 said:

ESET KB on the issue: https://support.eset.com/kb6551/ 

Answer is to Ignore it or disable Chrome functionality? What kind of choices are those? And I've go to do this on every PC? Workarounds are bad. Any plans for a 'regular' fix for this issue?

There's nothing to fix if the PUA is continually downloaded due to sync being turned on. All what ESET can do is detect and block it every time it's downloaded during syncing. If Chrome was able to detect that a particular extension has been deleted and would sync this change with other Chrome instances, the problem of perpetual detection would be gone.

Share this post


Link to post
Share on other sites
18 minutes ago, Marcos said:

There's nothing to fix if the PUA is continually downloaded due to sync being turned on. All what ESET can do is detect and block it every time it's downloaded during syncing. If Chrome was able to detect that a particular extension has been deleted and would sync this change with other Chrome instances, the problem of perpetual detection would be gone.

Shouldn't ESET be able to REMEMBER the chosen action (delete in this case) and apply that action each time it (re)appears -- without requiring user input? At a minimum ESET should really indicate which plugin is causing the problem so we can troubleshoot with the plugin developer. Is that possible?

Share this post


Link to post
Share on other sites

שלום, 

    js/MindsparkE. ראיתי שהרבה כתבו לכם על הבעיה שמופיעה הודעה על 

ולא ניתן להיפטר ממהודעה ולא ברור היכן הדבר הזה נמצא.

הבנתי שזה סוג של וירוס אז איך נפטרים ממנו.

ה איסט לא מסוגל לחסל אותו.

מקווה לקבל תשובה

 

תודה

תמי צור

אפליקציה לא רצויה.JPG

Share this post


Link to post
Share on other sites
36 minutes ago, zur tami said:

    js/MindsparkE. ראיתי שהרבה כתבו לכם על הבעיה שמופיעה הודעה על

Since this is an English forum, we kindly ask you to post in English. Otherwise hardly anyone will understand you and will not be able to advise you. If you do not speak English, please contact your local Customer care.

Share this post


Link to post
Share on other sites
On 13.10.2017 at 11:26 PM, Marcos said:

Since this is an English forum, we kindly ask you to post in English. Otherwise hardly anyone will understand you and will not be able to advise you. If you do not speak English, please contact your local Customer care.

I agree but I know what he typed P.S [It's hebrew]

 

Share this post


Link to post
Share on other sites
On 13.10.2017 at 10:49 PM, zur tami said:

שלום, 

    js/MindsparkE. ראיתי שהרבה כתבו לכם על הבעיה שמופיעה הודעה על 

ולא ניתן להיפטר ממהודעה ולא ברור היכן הדבר הזה נמצא.

הבנתי שזה סוג של וירוס אז איך נפטרים ממנו.

ה איסט לא מסוגל לחסל אותו.

מקווה לקבל תשובה

 

תודה

תמי צור

אפליקציה לא רצויה.JPG

I don't mind helping you on PM.

Share this post


Link to post
Share on other sites

Here's how I got rid of Mindspark.E, which was plaguing two pcs several times a day.   I followed the directions at 

https://support.eset.com/kb6551/?viewlocale=en_US

But this was not a permanent fix.   I eventually deleted all Chrome extensions from my PCs.  Then they were clean.  Then I started adding back my extensions one at a time and running eSet.  I determined that the extension OnlineMapFinder was the culprit.  As soon as I added it back, I got the popup.  When I removed it, rebooted, and reran eSet, everything was fine.  I repeated this procedure on both PCs, and the results were identical.  Then I found this link about malware from OnlineMapFinder.com 

~removed link~

~removed link~

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...