Microbe 7 Posted July 21 Posted July 21 Hi ESET Team, Once of the device, of our client has been infected with trojan virus/Emotet, the action taken from the client was to push an on demand scan, my recommendation to her would be to run an in-depth scan, she said that after updating the version of google chrome . the problem started , can you give us a recommendation on how to rectify this issue, for your reference see the below information: "SAMPLE OF THE DIALOG BOXES THAT KEEP THROWING UP ON MY SCREEN ONLY ON MY DESKTOP COMPUTER AND SOME FUNCTIONS ON MY COMPUTER WILL NOT WORK. THEY KEEP CHANGING ALL THE TIME AND IT WAS HARD TO SUCCESSFULLY SCREEN SHOT THEM. WHEN I EVENTUALLY DID I MANAGED TO GET THE SCREENSHOT ON A USB STICK, SAVE IT AND GET THE SCREENSHOT ONTO THIS EMAIL ON MY LAPTOP COMPUTER, WHICH IS I MANAGED TO SCAN WITH ESET BUT NO DETECTIONS WERE FOUND AND I HAVE NO IDEA WHAT TO DO. I DID VISIT A NEW WEBSITE YESTERDAY. ALL WAS WELL,WHEN, ALL OF A SUDDEN, WHILE I WAS THERE, THE COMPUTER MADE LOUD RINGING NOISES AND ALL THESE DIALOG BOXES SIMILAR TO THE ONES IN THIS SCREENSHOT KEPT THROWING UP AND IT WAS AS IF MY COMPUTER FROZE AND COULD NOT DO ANYTHING. THE ONLY WAY I COULD STOP THIS WAS TO TURN THE POWER OFF AT THE WALL, BUT WHEN IT TURNED THE COMPUTER BACK ON AGAIN, BACK THEY CAME.- CLIENT " Looking forward hearing from you. Cheers, Gil
Administrators Marcos 5,453 Posted July 22 Administrators Posted July 22 Please provide the file C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Preferences. It appears the user has granted notification permissions for a dodgy website which now sends fake notifications to the browser.
itman 1,801 Posted July 22 Posted July 22 (edited) 13 hours ago, Microbe said: she said that after updating the version of google chrome . You should instruct your clients to never respond to browser popups for updating, malfunctioning behavior, etc. when surfing the web. Most of these are phishing attacks to get the user to install malware, coin miners, you name it. A couple of examples given below; https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn https://www.varutra.com/ctp/threatpost/postDetails/Fake-Browser-Updates-Delivering-BitRAT-and-Lumma-Stealer-Malware/UmtBQlRvOW9tQzN3YXVlVUZxUXp4Zz09 Edited July 22 by itman
Solution Microbe 7 Posted July 24 Author Solution Posted July 24 Hi ESET Team, This case has been resolved, do an in-depth and clear caching of the device helps to resolved the issue You can close this case
Recommended Posts