JS/Adware.Revizer.B malware - eset fails to remove

[leong 0]

Hi,
Lately I keep getting repeated warnings from my antivirus (Eset) claiming it identified a threat and removed it. The threat name is JS/adware.Revizer.B and according to the warning it was found in a file on my computer named https://s3.amazonaws.com/jscache/16a168f0afda0c3c2.js. Another message claims a web address was blocked (https://netcheckcdn.xys/log?I=error&m=invalid or un) and another reports blocking another address (hxxp://S3.amazonaws.com/jschache/16a168f0af2da0c3c) .
This happens with every chrome browser window I open.
In addition clicking links in different windows often causes them to crash.
I read on the web that this is a complicated malware infection and have seen many suggestions for removal, some of which I tried (malwarebites, spuware serach & destroy, Crapcleaner, hitmanpro, adwcleaner, tdsskiller, zemana antimalware)  but couldn't get any results.

Meanwhile eset keeps sending useless warnings, windows keep crashing and the whole computer runs slow and unstable. I would expect a dignified antivirus software like ESET, purchased to protect my computer, to give me a solution but it does not.

Help would be greatey appreciated.
Thanks in advance
Leon

[Marcos 2,908]

Are you getting these alerts even if no  browser is running? If not, does using a different browser make a difference? Did you try to run a browser without extensions?

[leong 0]

When no browser is running I don't get alerts. I didn't see alerts with microsoft edge - for the time being only with chrome. How do i run browser without extensions?

 

[itman 655]

You have a malicious Chome extension installed. From what I have read about this malware, best way to uninstall the extension is in safe mode using Chrome's uninstall extension mechanism. Then reset your browser's settings.

Appears Eset is indeed detecting the malware upon execution and blocking it from further invading your system.

[leong 0]

I followed your advice and removed all chromes extensions in safe mode.

For the time being it seems the ESET warnings stopped.

Thanks

[VincentGR 0]

Same here, JS/Adware.OpenCleaner.A

Although eset detects it there's no action to remove it permanently. 

[VincentGR 0]

Any news about this?

Even after resetting chrome and removing all data, extensions it keeps going and suddenly takes 100% cpu time .

[Marcos 2,908]

Does running the browser without extensions make a difference? Please drop me a message with fresh logs gathered with ELC.

[itman 655]

On ‎4‎/‎29‎/‎2018 at 6:33 PM, VincentGR said:

Although eset detects it there's no action to remove it permanently. 

Even after resetting chrome and removing all data, extensions it keeps going and suddenly takes 100% cpu time .

Is this occurring on just one web site? If so, just avoid going to that web site.

It appears Eset is detecting Adware.OpenCleaner.A installation attempt and blocking that from occurring. However if the web site is employing coin mining software running from its web server, there is no way to stop its execution.

[VincentGR 0]

Well my first page while chrome is opening is my gmail :-/

It deletes it every time there.

[itman 655]

2 hours ago, VincentGR said:

Well my first page while chrome is opening is my gmail :-/

Temporarily disable Chrome's protocol handler for Gmail so it doesn't auto open Gmail.

If no Eset alerts and no CPU pegging activity occur thereafter, that is where the problem is. It's possible you're being redirected to another web site that is trying to install the adware and is performing coin mining activites

[VincentGR 0]

Thanks but did nothing.

I left this page only and I signed out from chromes default user and logged as guest.

[leong 0]

In my case removing all chrome extensions resolved the issue completely. 

[galaxy 10]

Would say that you have too many plugins installed for Chrome

[leong 0]

Not any more... ;-)) 

[VincentGR 0]

Well not here...