finds non-existent unwanted application

[steveshank 0]

When client goes to ESPN.com in Chrome nod32 pops up with this:

?Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
8/11/2018 2:27:33 PM;Real-time file system protection;file;C:\Users\tgera\AppData\Local\Temp\scoped_dir3176_28404\CRX_INSTALL\contentscript.js;JS/Spigot.B potentially unwanted application;;;Event occurred on a newly created file.;D20F48CCD77BF42AB6E8FA3532DDF7F70951275C;8/11/2018 2:27:15 PM

When I look in the temp folder with all files and system files showing, the offending file and folder is not there. Closing rebooting etc. does nothing. Cleaning does nothing. The pop repeats 3 times. The issue does not occur with Edge, or Cliqz (a Firefox derivative).  We have removed all but the simplest Chrome extensions (google docs and sheets). We have rebooted.

Client is retrieving his key, so we can uninstall and re-install. Is that the answer? It seems to me that when Chrome hits that site it triggers something that didn't get turned off, so after the first protection, it continues despite having removed the threat.

 

[itman 1,659]

22 minutes ago, steveshank said:

When I look in the temp folder with all files and system files showing, the offending file and folder is not there.

NOD32 deleted the file in transit before it hit the HDD.

23 minutes ago, steveshank said:

When client goes to ESPN.com in Chrome

There is a lot of garbage on the home page. My tracking protection lists blocked 15 services in IE11. From the Eset log entry posted, appears it was attempting to download and run the script locally which is a big no-no. Edge most likely prevented it via being in AppContainer mode; I also run IE11 the same way.

Sounds to me your client doesn't have Chrome's sandboxing options properly configured.

[steveshank 0]

Thanks. I'll pursue that. It actually makes the most sense, better than anything I thought of.

[sjm518 0]

I'm not very technical and I've been fighting the js/spigot.b for 4 days.  I run 4 different malware cleaners including ESET to which I subscribe.  It keeps coming back, signing me out of Gmail, slowing down my internet, interfering with my passwords so I constantly have to create new passwords.  I'm at my wit's end.  What can I do?

[itman 1,659]

8 hours ago, sjm518 said:

I'm not very technical and I've been fighting the js/spigot.b for 4 days.  I run 4 different malware cleaners including ESET to which I subscribe.  It keeps coming back, signing me out of Gmail, slowing down my internet, interfering with my passwords so I constantly have to create new passwords.  I'm at my wit's end.  What can I do?

Spigot is a browser hijacker. It usually arrives as a result of installing a potentially unwanted application (PUA). I assume you using Eset's SysCleaner rather than having Eset installed as your AV solution. Eset has excellent PUA protection and would have prevented this garbage from being installed in the first place. You might try to use Eset's Online Scanner to see if it can remove the bugger. Note: removing malware and other undesirable software is much harder than preventing its installation in the first place.

Malwarebytes has an article on Spigot here: https://blog.malwarebytes.com/puppum/2017/02/spigot-browser-hijackers/