Gaspar 0 Posted September 15, 2017 Share Posted September 15, 2017 (edited) Try using Malware Bytes or Adwcleaner to find/remove everything associated(registry entries, temp files etc.) to JS/Mindspark.E! Searched for threats after that with ESET and found none.. No notifications/alerts since yesterday! Edited September 18, 2017 by Gaspar Link to comment Share on other sites More sharing options...
Ekendra 0 Posted September 17, 2017 Share Posted September 17, 2017 (edited) Is there no FIX yet for JS/Mindspark.E??? I have in the meanwhile switched to FireFox Edited September 17, 2017 by Ekendra Link to comment Share on other sites More sharing options...
Dave B 0 Posted September 18, 2017 Share Posted September 18, 2017 (edited) Ok just spoke to ESET support and they advised to do the following; 1. Disable all extensions in Chrome. Settings > More Tools > Extensions. 2. Select 'Developer mode' from the extensions menu and make note of the ID of the extensions you want to keep (along with the official Google ones such as sheets etc) - e.g. ID: bhghoamapcdpbohphigoooaddinpkbai 3. Close Chrome and navigate to %username%\AppData\Local\Google\Chrome\User Data\Default\Extensions From here you delete all the extension ID's that you don't want (leave the ones you recorded in step 2). I believe the malware in question started with the letter 'o' (but it might not be universal). 4. Download and run 'ADWCleaner' from Malwarebytes. When you first run it go into the options menu and select all options. Run a scan and then clean all. Please note you'll lose RDP connectivity during the clean so advise the user to restart after it's completed. So far so good. ESET were actually very helpful. Edited September 18, 2017 by Dave B Link to comment Share on other sites More sharing options...
novice 20 Posted September 18, 2017 Share Posted September 18, 2017 22 minutes ago, Dave B said: Download and run 'ADWCleaner' from Malwarebytes So ESET advised you to " download and run 'ADWCleaner' from Malwarebytes" ????? Asking you to run somebody's else software to fix their own problems....doesn't seem very encouraging. Link to comment Share on other sites More sharing options...
CMS 8 Posted September 18, 2017 Author Share Posted September 18, 2017 I was told the same, and also to use Rogue Killer. Apparently ESET's client doesn't specialise in removing adware... Link to comment Share on other sites More sharing options...
Dave B 0 Posted September 18, 2017 Share Posted September 18, 2017 (edited) 11 minutes ago, John Alex said: So ESET advised you to " download and run 'ADWCleaner' from Malwarebytes" ????? Asking you to run somebody's else software to fix their own problems....doesn't seem very encouraging. Yeah I think it was to remove the last residual traces after removing the extension folders. To be fair to then, I've had many cases like this with Sophos, Norton and Avira where Malwarebytes saved the day. I think their adaware scanner is slightly deeper for these types of threat - although AV companies should be catching up. Edited September 18, 2017 by Dave B Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 18, 2017 Share Posted September 18, 2017 Adware poses a problem to AV vendors. They are more than capable of detecting malicious versions of it as this example shows. Since adware is browser based and is either inadvertently or intentionally installed by a user in the form of an add-in, extension, or plugin, removing same poses issues. AdwCleaner is a specialized product that was designed to detect adware and provide for selectively removing it from the browser. Additionally, most adware is not malicious but more it the category of "nuisance-ware" that can hijack and redirect to the ad creators web site and the like. In this status, it is akin to a PUA but browser based. If AV vendors started removing adware in this category, they will be bombarded with false positive complaints from both users and ad vendors. I will state that using IE or Edge will greatly reduce your chances for adware since both use add-ons that are limited in number and have to be manually installed by the user from restricted sources. Link to comment Share on other sites More sharing options...
mhherr 0 Posted September 19, 2017 Share Posted September 19, 2017 This and one other malware continues to pop up on my wife's Lenovo laptop for more than a week. Checking all the "Advaned" options does nothing to alleviate the problem. ESET NOD 32 detection pops up every restart and multiple times per day. What the H***? Link to comment Share on other sites More sharing options...
jtown82 1 Posted September 20, 2017 Share Posted September 20, 2017 The issue is the malware is not actually malware from what I have been reading and seeing like Chrome being launched to auto go to the extensions page is nothing nefarious. That string after chrome.exe should not be flagged. ESET recommending other products....lol.. ESET presents itself as the total solution for protection. It is almost embarrassing if they truly are saying use another product. Link to comment Share on other sites More sharing options...
ESET Moderators foneil 342 Posted September 21, 2017 ESET Moderators Share Posted September 21, 2017 The first time ESET detects the PUA (if you have PUA detection enabled), it will prompt you for an action. Selecting “Clean” will close the browser and the extension will not be detected anymore. However, if you have browser extension syncing enabled, then it will continue to be detected by ESET. The workaround in Chrome for this issue is detailed in the KB, no other products are needed to resolve this issue: https://support.eset.com/kb6551/ Link to comment Share on other sites More sharing options...
jgirata 0 Posted September 27, 2017 Share Posted September 27, 2017 I am concerned that the Eset program doesn't clear the application when I request it. Is there some other way to stop these constant pop-ups? I get 3 in a row, 2 or 3 times in every browser session Link to comment Share on other sites More sharing options...
PG79 0 Posted October 10, 2017 Share Posted October 10, 2017 ESET KB on the issue: https://support.eset.com/kb6551/ Answer is to Ignore it or disable Chrome functionality? What kind of choices are those? And I've go to do this on every PC? Workarounds are bad. Any plans for a 'regular' fix for this issue? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted October 10, 2017 Administrators Share Posted October 10, 2017 5 minutes ago, PG79 said: ESET KB on the issue: https://support.eset.com/kb6551/ Answer is to Ignore it or disable Chrome functionality? What kind of choices are those? And I've go to do this on every PC? Workarounds are bad. Any plans for a 'regular' fix for this issue? There's nothing to fix if the PUA is continually downloaded due to sync being turned on. All what ESET can do is detect and block it every time it's downloaded during syncing. If Chrome was able to detect that a particular extension has been deleted and would sync this change with other Chrome instances, the problem of perpetual detection would be gone. Link to comment Share on other sites More sharing options...
PG79 0 Posted October 10, 2017 Share Posted October 10, 2017 18 minutes ago, Marcos said: There's nothing to fix if the PUA is continually downloaded due to sync being turned on. All what ESET can do is detect and block it every time it's downloaded during syncing. If Chrome was able to detect that a particular extension has been deleted and would sync this change with other Chrome instances, the problem of perpetual detection would be gone. Shouldn't ESET be able to REMEMBER the chosen action (delete in this case) and apply that action each time it (re)appears -- without requiring user input? At a minimum ESET should really indicate which plugin is causing the problem so we can troubleshoot with the plugin developer. Is that possible? Link to comment Share on other sites More sharing options...
zur tami 0 Posted October 13, 2017 Share Posted October 13, 2017 (edited) שלום, js/MindsparkE. ראיתי שהרבה כתבו לכם על הבעיה שמופיעה הודעה על ולא ניתן להיפטר ממהודעה ולא ברור היכן הדבר הזה נמצא. הבנתי שזה סוג של וירוס אז איך נפטרים ממנו. ה איסט לא מסוגל לחסל אותו. מקווה לקבל תשובה תודה תמי צור Edited October 13, 2017 by Marcos Personal email address removed Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted October 13, 2017 Administrators Share Posted October 13, 2017 36 minutes ago, zur tami said: js/MindsparkE. ראיתי שהרבה כתבו לכם על הבעיה שמופיעה הודעה על Since this is an English forum, we kindly ask you to post in English. Otherwise hardly anyone will understand you and will not be able to advise you. If you do not speak English, please contact your local Customer care. Link to comment Share on other sites More sharing options...
Arik 5 Posted October 15, 2017 Share Posted October 15, 2017 On 13.10.2017 at 11:26 PM, Marcos said: Since this is an English forum, we kindly ask you to post in English. Otherwise hardly anyone will understand you and will not be able to advise you. If you do not speak English, please contact your local Customer care. I agree but I know what he typed P.S [It's hebrew] Link to comment Share on other sites More sharing options...
Arik 5 Posted October 15, 2017 Share Posted October 15, 2017 On 13.10.2017 at 10:49 PM, zur tami said: שלום, js/MindsparkE. ראיתי שהרבה כתבו לכם על הבעיה שמופיעה הודעה על ולא ניתן להיפטר ממהודעה ולא ברור היכן הדבר הזה נמצא. הבנתי שזה סוג של וירוס אז איך נפטרים ממנו. ה איסט לא מסוגל לחסל אותו. מקווה לקבל תשובה תודה תמי צור I don't mind helping you on PM. Link to comment Share on other sites More sharing options...
Fred Fredrickson 0 Posted October 16, 2017 Share Posted October 16, 2017 (edited) Here's how I got rid of Mindspark.E, which was plaguing two pcs several times a day. I followed the directions at https://support.eset.com/kb6551/?viewlocale=en_US But this was not a permanent fix. I eventually deleted all Chrome extensions from my PCs. Then they were clean. Then I started adding back my extensions one at a time and running eSet. I determined that the extension OnlineMapFinder was the culprit. As soon as I added it back, I got the popup. When I removed it, rebooted, and reran eSet, everything was fine. I repeated this procedure on both PCs, and the results were identical. Then I found this link about malware from OnlineMapFinder.com ~removed link~ ~removed link~ Edited October 17, 2017 by foneil removed links to external sites Link to comment Share on other sites More sharing options...
Recommended Posts