Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: have I been hacked on Chrome browser?

14 Feb 2014   #51

W7 x64
 
 

There is no way for anyone here to know whether it is or isn't the legitimate file, without comparing a hash of your file with the legitimate one from klite codec pack.

Plugins and addons expand the attack surface of browsers, and browsers are already a cesspool of vulnerabilities. I see you have Java 7 installed. Why do you need that? If you have a reason for local use (programming or custom application), you should disable in browser. If you have a web application that requires it, turn security level all the way up. After either change, click apply and then ok. If you needed it for a specific web application, confirm it still works at this time. If it doesn't you can place it in the exception list under the security tab, if you are 100% certain it is a legitimate application. If you cannot specifically name a reason for needing Java then delete it. Java and Adobe Flash are huge targets for exploits.

Please make sure all your browsers and necessary plugins are up-to-date.

Also, I see you have Adobe Reader installed. This is big target for exploits, as well. You should disable Javascript and enable protected view.

Finally, I think you should sandbox your browser. This is especially useful if you use webmail(Gmail, Yahoo, etc) for email services.
-------------------------------------------------------------

Java
- Disable in Browser:
Control Panel > Java > Security Tab and uncheck "Enable in Browser"

- Turn Up Security Settings:
Control Panel > Java > Security Tab and move Security Level to High

Adobe Reader
- Enable Protected View:
Open Reader > Edit > Preferences > Security (Enhanced) > check "All files" for the Protected View section

- Disable JavaScript:
Open Reader > Edit > Preferences > JavaScript > uncheck “Enable Acrobat JavaScript”

My System SpecsSystem Spec
.

14 Feb 2014   #52

Windows 7 Ultimate x64
 
 

Java dont need will remove it.
A programmer friend uses Java all the time, so I tended to install Java, but I dont use it.
He was always trying to get me to learn Java. And I wrote a few programs for practice.

Chrome is sandboxed at least according to Google.
https://www.google.com/intl/en/chrom....html#security

Before the malware was cleared off of here, my experience was the malware revealed itself only when Chrome started up.
When I ran IE11, nothing was too bad even with PC infected.
Start up chrome and it was like who pulled the power plug, PC visibly groaning under the weight of the malware.
My System SpecsSystem Spec
14 Feb 2014   #53

W7 x64
 
 

Malware tries to do different things, and they are not always made by experts. As such, the tasks it is trying to accomplish and methods utilized to complete said tasks vary widely. The system could just be pinging home to a C&C server until remote control is initiated. The malware could also have triggers and schedules for tasks like keylogging, deletion, data manipulation, etc. It is difficult to say what the binary is trying to accomplish without a deeper investigation. It seems that Chrome was causing some action to be taken or breaking an action already occurring, though. Malware is designed, generally, to be stealthy. Slowing someone's computer down not usually the goal.

Anyways, you are correct Chrome does sandbox. Chrome's sandbox seems to do a pretty good job for drive-by attacks. Any action does require the user to opt-in to putting themselves at risk. However, it does not have the same affect as Sandobxie or a Virtual Machine. While each tab has its own process instance in a rooted jail, when you download a .pdf or other file you are letting it exit the sandbox. If most of your files are not quickly discarded, then it is not a big deal. If you do open, view, then quickly delete files you might be better served running a program like Sandboxie that will sandbox the browser session and subsequent downloads/views without placing any files permanently on the drive. Another option is doing questionably safe actions inside of a VM created in VirtualBox. In either use case, files can be permitted onto the host system, if desired. These steps may be overboard for you.

Another option to consider is a host-based intrusion prevention system. Essentially, network connections and system calls outside of normal working state must be approved. This is an excellent idea, but it is not simply point and click setup. Generally, a training period is used to acclimate the HIPS with normal working behavior, after which security will be enforced. All abnormal system interactions will be stopped, assuming the HIPS is covering all the right mechanisms. In the past their have been gaps in their system call coverage, but generally they are much more secure than AV alone. Comodo firewall has a built in HIPS system that can be activated, and it is free to use. If you wanted to go this route I would suggest a full system re-image, because regardless of what point and click scanners say you can never say with 100% certainty that you are not still infected. In an enterprise environment, I would have re-imaged your machine.

On the less complicated side of things, I would highly suggest the Adblock Plus and ScriptBlock addons for Chrome. If you use script block, please be conservative with what you allow. I think it will surprise you how many connections those two plugins prevent on popular websites.
My System SpecsSystem Spec
.


14 Feb 2014   #54

Windows 7 Home Premium 64bit.
 
 

What issues are you still having?

Please download and save FRST 64bit or FRST 32 bit to your Desktop.


CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please Attach the logs in your next reply.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
My System SpecsSystem Spec
14 Feb 2014   #55

Windows 7 Ultimate x64
 
 

So far now no problems anymore.
I am happy with it for now.
I posted this from another PC using chrome remote desktop into the one which had a problem.
My System SpecsSystem Spec
14 Feb 2014   #56

Windows 7 Home Premium 64bit.
 
 

Ok, have a good day.
My System SpecsSystem Spec
14 Feb 2014   #57

Windows 7 Home Premium 64Bit
 
 

Quote   Quote: Originally Posted by sdowney717 View Post
So far now no problems anymore.
I am happy with it for now.
I posted this from another PC using chrome remote desktop into the one which had a problem.
Glad we got your problem sorted! Anything else you need just ask!
Take care and have a good one!
My System SpecsSystem Spec
14 Feb 2014   #58

Windows 7 Pro. 64/SP-1
 
 

sdowney717 if your problem is fixed please mark this thread Solved.
My System SpecsSystem Spec
Reply

 have I been hacked on Chrome browser?




Thread Tools



Similar help and support threads for2: have I been hacked on Chrome browser?
Thread Forum
Solved Chrome says I am using unsupported browser (sometimes) Browsers & Mail
Chrome browser is freezing Browsers & Mail
chrome over takes IE as No. 1 browser News
Typing lag in any browser IE9, Chrome or FF Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:11 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33