ozturkozgr 0 Posted July 7 Share Posted July 7 Hello. I have been dealing with a malware that has infected my computer for a while. I completely deleted and reinstalled my Chrome browser I removed all add-ons in the browser but there was no improvement. As of today, I have reinstalled my computer and as soon as I logged in to my browser with my account address, the virus warning appeared again. How can I deal with this? In the attachment, I share the symptoms that occur before installing the computer and the symptoms that occur after installing the computer. After fresh installation Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted July 7 Administrators Share Posted July 7 Please provide logs collected with ESET Log Collector. Also make sure that sync is disabled in Chrome. Quote Link to comment Share on other sites More sharing options...
ozturkozgr 0 Posted July 7 Author Share Posted July 7 I created a log file, but the process ended with some errors. Why do I need to turn off Chrome sync? Does it affect the log file? eis_logs.zip Quote Link to comment Share on other sites More sharing options...
itman 1,748 Posted July 7 Share Posted July 7 2 hours ago, ozturkozgr said: Why do I need to turn off Chrome sync? You need to disable Chrome syncing. If enabled, it will keeping installing the extension Eset is detecting. Quote Link to comment Share on other sites More sharing options...
ozturkozgr 0 Posted July 9 Author Share Posted July 9 Hello again. I am sorry for the delay. I turned off the Google Chrome sync feature and collected Logs again. I would be glad if you help me. eis_logs.zip Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted July 9 Administrators Share Posted July 9 Do you have any extensions installed in Chrome? At least SysInspector didn't show any. Quote Link to comment Share on other sites More sharing options...
ozturkozgr 0 Posted July 9 Author Share Posted July 9 The log collection program gives a warning at the end of the process. Completed with some shortcomings. Let me tell you again. There are some plugins now but I disabled them. However, before formatting my computer, I deleted all add-ons and history settings from my browser and my Google account. I reinstalled eset immediately after setting up the computer. Then I installed the Chrome browser. There was no problem, but as soon as I logged in to Chrome, it gave the same virus warning. Additionally, a malware was detected in clients2.googleusercontent.com. The relevant web address can be seen in the log images. This only happened one time. Then, the attack, which occurred periodically in the routine "temp" directory, continued. While this was happening, there were no add-ons in my browser or Google Chrome web account. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted July 9 Administrators Share Posted July 9 At least one of the offending extensions seems to be one with "flash2022" in the name. Do you see such extension installed in Chrome? Could you post a screenshot of all installed Chrome extensions? Just to make sure, is syncing currently disabled in Chrome? Quote Link to comment Share on other sites More sharing options...
ozturkozgr 0 Posted July 9 Author Share Posted July 9 (edited) No, such an extension does not appear. Additionally, deleting or adding all extensions synchronized locally and on the web does not solve the problem. I tried these separately. Since my applications are in Turkish, I will try to explain them with screenshots. 1 - On this screen, sync is turned off and you can see the available plugins. This way it does not give a virus warning. Everything is fine. 2 - In this screen, sync is on, but the extension sync feature is turned off in the sync setting. Everything is fine again. 3 - On this screen, the extension sync feature is turned on and the virus leak starts again. Additionally, when I manually update the extensions on the Chrome extensions page, the virus leak starts again. Deleting all existing extensions doesn't change anything. I would be happy if you watch the video below. At this point, I am not sure whether the virus is hosted in my Google Chrome web account or originating from my computer. Ohh sorry.. A few months ago, I installed Flash Player Emulator as a plug-in because it was necessary and when I was done, I deleted the plug-ins. I think the name of the plugin was Flash2022. Edited July 9 by ozturkozgr Quote Link to comment Share on other sites More sharing options...
ozturkozgr 0 Posted July 12 Author Share Posted July 12 Is there anyone who can help me? When I open my Google sync account, a virus comes to my computer through the extension provider. I tried to explain it with images and video, but I think I can't explain my problem. It becomes clear how the problem arises. Completely deleting the add-ons on the browser and Google account does not change anything. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted July 12 Administrators Share Posted July 12 I would recommend to: 1, Make sure that syncing is disabled 2, Remove all installed extensions 3, If the problem persists, uninstall Chrome completely including user profiles and install it from scratch. Otherwise: 4, Install extensions one by one to find out which one is triggering the detection. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.