ozturkozgr 0 Posted July 7 Posted July 7 Hello. I have been dealing with a malware that has infected my computer for a while. I completely deleted and reinstalled my Chrome browser I removed all add-ons in the browser but there was no improvement. As of today, I have reinstalled my computer and as soon as I logged in to my browser with my account address, the virus warning appeared again. How can I deal with this? In the attachment, I share the symptoms that occur before installing the computer and the symptoms that occur after installing the computer. After fresh installation
Administrators Marcos 5,468 Posted July 7 Administrators Posted July 7 Please provide logs collected with ESET Log Collector. Also make sure that sync is disabled in Chrome.
ozturkozgr 0 Posted July 7 Author Posted July 7 I created a log file, but the process ended with some errors. Why do I need to turn off Chrome sync? Does it affect the log file? eis_logs.zip
itman 1,808 Posted July 7 Posted July 7 2 hours ago, ozturkozgr said: Why do I need to turn off Chrome sync? You need to disable Chrome syncing. If enabled, it will keeping installing the extension Eset is detecting.
ozturkozgr 0 Posted July 9 Author Posted July 9 Hello again. I am sorry for the delay. I turned off the Google Chrome sync feature and collected Logs again. I would be glad if you help me. eis_logs.zip
Administrators Marcos 5,468 Posted July 9 Administrators Posted July 9 Do you have any extensions installed in Chrome? At least SysInspector didn't show any.
ozturkozgr 0 Posted July 9 Author Posted July 9 The log collection program gives a warning at the end of the process. Completed with some shortcomings. Let me tell you again. There are some plugins now but I disabled them. However, before formatting my computer, I deleted all add-ons and history settings from my browser and my Google account. I reinstalled eset immediately after setting up the computer. Then I installed the Chrome browser. There was no problem, but as soon as I logged in to Chrome, it gave the same virus warning. Additionally, a malware was detected in clients2.googleusercontent.com. The relevant web address can be seen in the log images. This only happened one time. Then, the attack, which occurred periodically in the routine "temp" directory, continued. While this was happening, there were no add-ons in my browser or Google Chrome web account.
Administrators Marcos 5,468 Posted July 9 Administrators Posted July 9 At least one of the offending extensions seems to be one with "flash2022" in the name. Do you see such extension installed in Chrome? Could you post a screenshot of all installed Chrome extensions? Just to make sure, is syncing currently disabled in Chrome?
ozturkozgr 0 Posted July 9 Author Posted July 9 (edited) No, such an extension does not appear. Additionally, deleting or adding all extensions synchronized locally and on the web does not solve the problem. I tried these separately. Since my applications are in Turkish, I will try to explain them with screenshots. 1 - On this screen, sync is turned off and you can see the available plugins. This way it does not give a virus warning. Everything is fine. 2 - In this screen, sync is on, but the extension sync feature is turned off in the sync setting. Everything is fine again. 3 - On this screen, the extension sync feature is turned on and the virus leak starts again. Additionally, when I manually update the extensions on the Chrome extensions page, the virus leak starts again. Deleting all existing extensions doesn't change anything. I would be happy if you watch the video below. At this point, I am not sure whether the virus is hosted in my Google Chrome web account or originating from my computer. Ohh sorry.. A few months ago, I installed Flash Player Emulator as a plug-in because it was necessary and when I was done, I deleted the plug-ins. I think the name of the plugin was Flash2022. Edited July 9 by ozturkozgr
ozturkozgr 0 Posted July 12 Author Posted July 12 Is there anyone who can help me? When I open my Google sync account, a virus comes to my computer through the extension provider. I tried to explain it with images and video, but I think I can't explain my problem. It becomes clear how the problem arises. Completely deleting the add-ons on the browser and Google account does not change anything.
Administrators Marcos 5,468 Posted July 12 Administrators Posted July 12 I would recommend to: 1, Make sure that syncing is disabled 2, Remove all installed extensions 3, If the problem persists, uninstall Chrome completely including user profiles and install it from scratch. Otherwise: 4, Install extensions one by one to find out which one is triggering the detection.
Recommended Posts