Jump to content

Archived

This topic is now archived and is closed to further replies.

leong

JS/Adware.Revizer.B malware - eset fails to remove

Recommended Posts

Hi,
Lately I keep getting repeated warnings from my antivirus (Eset) claiming it identified a threat and removed it. The threat name is JS/adware.Revizer.B and according to the warning it was found in a file on my computer named https://s3.amazonaws.com/jscache/16a168f0afda0c3c2.js. Another message claims a web address was blocked (https://netcheckcdn.xys/log?I=error&m=invalid or un) and another reports blocking another address (hxxp://S3.amazonaws.com/jschache/16a168f0af2da0c3c) .
This happens with every chrome browser window I open.
In addition clicking links in different windows often causes them to crash.
I read on the web that this is a complicated malware infection and have seen many suggestions for removal, some of which I tried (malwarebites, spuware serach & destroy, Crapcleaner, hitmanpro, adwcleaner, tdsskiller, zemana antimalware)  but couldn't get any results.

Meanwhile eset keeps sending useless warnings, windows keep crashing and the whole computer runs slow and unstable. I would expect a dignified antivirus software like ESET, purchased to protect my computer, to give me a solution but it does not.


Help would be greatey appreciated.
Thanks in advance
Leon

Clipboard01.jpg

Clipboard02.jpg

Clipboard04.jpg

Share this post


Link to post
Share on other sites

Are you getting these alerts even if no  browser is running? If not, does using a different browser make a difference? Did you try to run a browser without extensions?

Share this post


Link to post
Share on other sites

When no browser is running I don't get alerts. I didn't see alerts with microsoft edge - for the time being only with chrome. How do i run browser without extensions?

 

Share this post


Link to post
Share on other sites

You have a malicious Chome extension installed. From what I have read about this malware, best way to uninstall the extension is in safe mode using Chrome's uninstall extension mechanism. Then reset your browser's settings.

Appears Eset is indeed detecting the malware upon execution and blocking it from further invading your system.

Share this post


Link to post
Share on other sites

I followed your advice and removed all chromes extensions in safe mode.

For the time being it seems the ESET warnings stopped.

Thanks

Share this post


Link to post
Share on other sites

Same here, JS/Adware.OpenCleaner.A

Although eset detects it there's no action to remove it permanently. 

Share this post


Link to post
Share on other sites

Any news about this?

Even after resetting chrome and removing all data, extensions it keeps going and suddenly takes 100% cpu time .

Share this post


Link to post
Share on other sites

Does running the browser without extensions make a difference? Please drop me a message with fresh logs gathered with ELC.

Share this post


Link to post
Share on other sites
On ‎4‎/‎29‎/‎2018 at 6:33 PM, VincentGR said:

Although eset detects it there's no action to remove it permanently. 

Even after resetting chrome and removing all data, extensions it keeps going and suddenly takes 100% cpu time .

Is this occurring on just one web site? If so, just avoid going to that web site.

It appears Eset is detecting Adware.OpenCleaner.A installation attempt and blocking that from occurring. However if the web site is employing coin mining software running from its web server, there is no way to stop its execution.

Share this post


Link to post
Share on other sites

Well my first page while chrome is opening is my gmail :-/

It deletes it every time there.

Share this post


Link to post
Share on other sites
2 hours ago, VincentGR said:

Well my first page while chrome is opening is my gmail :-/

Temporarily disable Chrome's protocol handler for Gmail so it doesn't auto open Gmail.

If no Eset alerts and no CPU pegging activity occur thereafter, that is where the problem is. It's possible you're being redirected to another web site that is trying to install the adware and is performing coin mining activites

Share this post


Link to post
Share on other sites

Thanks but did nothing.

I left this page only and I signed out from chromes default user and logged as guest.

Share this post


Link to post
Share on other sites

In my case removing all chrome extensions resolved the issue completely. 

Share this post


Link to post
Share on other sites

Would say that you have too many plugins installed for Chrome

Share this post


Link to post
Share on other sites

Not any more... ;-)) 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...