leong 0 Posted March 3, 2018 Share Posted March 3, 2018 Hi,Lately I keep getting repeated warnings from my antivirus (Eset) claiming it identified a threat and removed it. The threat name is JS/adware.Revizer.B and according to the warning it was found in a file on my computer named https://s3.amazonaws.com/jscache/16a168f0afda0c3c2.js. Another message claims a web address was blocked (https://netcheckcdn.xys/log?I=error&m=invalid or un) and another reports blocking another address (hxxp://S3.amazonaws.com/jschache/16a168f0af2da0c3c) .This happens with every chrome browser window I open.In addition clicking links in different windows often causes them to crash.I read on the web that this is a complicated malware infection and have seen many suggestions for removal, some of which I tried (malwarebites, spuware serach & destroy, Crapcleaner, hitmanpro, adwcleaner, tdsskiller, zemana antimalware) but couldn't get any results. Meanwhile eset keeps sending useless warnings, windows keep crashing and the whole computer runs slow and unstable. I would expect a dignified antivirus software like ESET, purchased to protect my computer, to give me a solution but it does not. Help would be greatey appreciated.Thanks in advanceLeon Link to comment Share on other sites More sharing options...
Administrators Marcos 4,909 Posted March 3, 2018 Administrators Share Posted March 3, 2018 Are you getting these alerts even if no browser is running? If not, does using a different browser make a difference? Did you try to run a browser without extensions? Link to comment Share on other sites More sharing options...
leong 0 Posted March 3, 2018 Author Share Posted March 3, 2018 When no browser is running I don't get alerts. I didn't see alerts with microsoft edge - for the time being only with chrome. How do i run browser without extensions? Link to comment Share on other sites More sharing options...
itman 1,627 Posted March 3, 2018 Share Posted March 3, 2018 (edited) You have a malicious Chome extension installed. From what I have read about this malware, best way to uninstall the extension is in safe mode using Chrome's uninstall extension mechanism. Then reset your browser's settings. Appears Eset is indeed detecting the malware upon execution and blocking it from further invading your system. Edited March 3, 2018 by itman Link to comment Share on other sites More sharing options...
leong 0 Posted March 4, 2018 Author Share Posted March 4, 2018 I followed your advice and removed all chromes extensions in safe mode. For the time being it seems the ESET warnings stopped. Thanks Link to comment Share on other sites More sharing options...
VincentGR 0 Posted April 29, 2018 Share Posted April 29, 2018 Same here, JS/Adware.OpenCleaner.A Although eset detects it there's no action to remove it permanently. Link to comment Share on other sites More sharing options...
VincentGR 0 Posted May 4, 2018 Share Posted May 4, 2018 Any news about this? Even after resetting chrome and removing all data, extensions it keeps going and suddenly takes 100% cpu time . Link to comment Share on other sites More sharing options...
Administrators Marcos 4,909 Posted May 4, 2018 Administrators Share Posted May 4, 2018 Does running the browser without extensions make a difference? Please drop me a message with fresh logs gathered with ELC. Link to comment Share on other sites More sharing options...
itman 1,627 Posted May 4, 2018 Share Posted May 4, 2018 On 4/29/2018 at 6:33 PM, VincentGR said: Although eset detects it there's no action to remove it permanently. Even after resetting chrome and removing all data, extensions it keeps going and suddenly takes 100% cpu time . Is this occurring on just one web site? If so, just avoid going to that web site. It appears Eset is detecting Adware.OpenCleaner.A installation attempt and blocking that from occurring. However if the web site is employing coin mining software running from its web server, there is no way to stop its execution. Link to comment Share on other sites More sharing options...
VincentGR 0 Posted May 4, 2018 Share Posted May 4, 2018 Well my first page while chrome is opening is my gmail :-/ It deletes it every time there. Link to comment Share on other sites More sharing options...
itman 1,627 Posted May 4, 2018 Share Posted May 4, 2018 2 hours ago, VincentGR said: Well my first page while chrome is opening is my gmail :-/ Temporarily disable Chrome's protocol handler for Gmail so it doesn't auto open Gmail. If no Eset alerts and no CPU pegging activity occur thereafter, that is where the problem is. It's possible you're being redirected to another web site that is trying to install the adware and is performing coin mining activites Link to comment Share on other sites More sharing options...
VincentGR 0 Posted May 4, 2018 Share Posted May 4, 2018 (edited) Thanks but did nothing. I left this page only and I signed out from chromes default user and logged as guest. Edited May 4, 2018 by VincentGR Link to comment Share on other sites More sharing options...
leong 0 Posted May 5, 2018 Author Share Posted May 5, 2018 In my case removing all chrome extensions resolved the issue completely. Link to comment Share on other sites More sharing options...
galaxy 11 Posted May 5, 2018 Share Posted May 5, 2018 Would say that you have too many plugins installed for Chrome Link to comment Share on other sites More sharing options...
leong 0 Posted May 5, 2018 Author Share Posted May 5, 2018 Not any more... ;-)) Link to comment Share on other sites More sharing options...
VincentGR 0 Posted May 5, 2018 Share Posted May 5, 2018 Well not here... Link to comment Share on other sites More sharing options...
Recommended Posts