Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: have I been hacked on Chrome browser?

13 Feb 2014   #11

Windows 7 Ultimate x64
 
 

well adwarecleaner seemed to find nothing

maybe if I never reboot, pc will stay fast and happy?
Quote:
# AdwCleaner v3.018 - Report created 13/02/2014 at 16:29:12
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Tricia - TRICIA-PC
# Running from : C:\Users\Tricia\Downloads\AdwCleaner (1).exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Found C:\ProgramData\ParetoLogic
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\PIP
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v27.0 (en-US)
[ File : C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\7qf6qhde.default\prefs.js ]

-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\Tricia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [1041 octets] - [13/02/2014 16:29:12]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1101 octets] ##########


My System SpecsSystem Spec
.

13 Feb 2014   #12

Windows 7 Ultimate x64
 
 

jrt.exe is always reporting a bad module.
but it never clears it, and I am running the program as administrator


Attached Thumbnails
have I been hacked on Chrome browser?-jrtbad.png  
My System SpecsSystem Spec
13 Feb 2014   #13

Windows 7 Ultimate x64
 
 

your right the adware log shows entries.
The gui did not show anything that I noticed.

jrt log
Quote:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x86
Ran by Tricia on Thu 02/13/2014 at 16:43:05.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/13/2014 at 16:53:58.75
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~
Well so far everything is nice and speedy even after the jrt reboot.

I am really wondering if Chrome is doing something to the PC. I am not going to run chrome for awhile and see what happens.
My System SpecsSystem Spec
.


13 Feb 2014   #14

Windows 7 Home Premium 64Bit
 
 

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1
Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
Run this and then run Adwcleaner and JRT again as well as this:


Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit


  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
My System SpecsSystem Spec
13 Feb 2014   #15

Windows 7 Ultimate x64
 
 

ok, here is rkill log
will keep reporting on the further instructions.
so far IE11 been zippy fast.

Quote:
Rkill 2.6.5 by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program - Anti-Virus and Anti-Malware Software
Program started at: 02/13/2014 05:18:27 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* C:\Windows\System32\user32.dll : 811,520 : 01/15/2013 04:24 PM : 7bd7f45ff37fa0669cd32ca0ef46e22c [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll : 811,520 : 11/20/2010 04:29 PM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 02/13/2014 05:19:23 PM
Execution time: 0 hours(s), 0 minute(s), and 56 seconds(s)
My System SpecsSystem Spec
13 Feb 2014   #16

W7 x64
 
 

The fact that you are essentially getting infected by the same malware suggests a persistence method has been established on your computer, or you are repeating the same behavior that caused the initial infection. I am not going to write the textbook worth of techniques that can accomplish persistence, but I would suggest resetting chrome after you remove the malware again. Take note of what you have installed to Chrome, prior to doing this. Also confirm that Chrome does not have a proxy enabled.

So run the tools described, already. In addition I would suggest running the free version of MBAM. After completing these tasks, reset Chrome. Please report back findings.
My System SpecsSystem Spec
13 Feb 2014   #17

Windows 7 Home Premium 64Bit
 
 

Rkill Stops malware from running and interfering with your scan results etc so it can be very useful.
My System SpecsSystem Spec
13 Feb 2014   #18

Windows 7 Ultimate x64
 
 

Thanks, how to reset chrome?
uninstall reinstall will work?

adwarecleaner log
Quote:
# AdwCleaner v3.018 - Report created 13/02/2014 at 17:26:01
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Tricia - TRICIA-PC
# Running from : C:\Users\Tricia\Downloads\AdwCleaner (1).exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\ParetoLogic
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v27.0 (en-US)
[ File : C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\7qf6qhde.default\prefs.js ]

-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\Tricia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [1181 octets] - [13/02/2014 16:29:12]
AdwCleaner[R1].txt - [1241 octets] - [13/02/2014 17:22:13]
AdwCleaner[S0].txt - [1176 octets] - [13/02/2014 17:26:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1236 octets] ##########
My System SpecsSystem Spec
13 Feb 2014   #19

W7 x64
 
 

My System SpecsSystem Spec
13 Feb 2014   #20

Windows 7 Home Premium 64Bit
 
 

A quick reinstall should work fine, Adwcleaner keeps reporting the same few entries as deleted but they clearly aren't if they re-appear, just waiting on the RogueKiller Log.
My System SpecsSystem Spec
Reply

 have I been hacked on Chrome browser?




Thread Tools



Similar help and support threads for2: have I been hacked on Chrome browser?
Thread Forum
Solved Chrome says I am using unsupported browser (sometimes) Browsers & Mail
Chrome browser is freezing Browsers & Mail
chrome over takes IE as No. 1 browser News
Typing lag in any browser IE9, Chrome or FF Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:58 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33