Chrome PUP issue with MalwareBytes resolved

Discuss whatever you want here--both QB and non-QB related. Anything from the DEF INT command to the meaning of life!

Moderators: Pete, Mods

Post Reply
User avatar
burger2227
Veteran
Posts: 2251
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Chrome PUP issue with MalwareBytes resolved

Post by burger2227 » Mon Dec 18, 2017 6:26 pm

MalwareBytes finds PUP's repeatedly in Chrome's Default folder in AppData

C:\Users\username\AppData\Local\Google\Chrome\User Data\Default


(1)First upgrade MalwareBytes to version 3.3 if necessary and quarantine PUP's found: Upgrade download link

Only use the following method when Chrome is also SYNCED on another PC!!!!
Both PC's may have same problem.


(2) Close Chrome browser and close the chrome hidden taskbar icon
Then go to the Default folder in the path above and rename it DefaultBACKUP.

(3) Delete all PUP's found in the Chrome folder path in the MB quarantine. Then reboot!

Chrome should create a new Default folder when run. You need to sign in to Google again to SYNC.

AFTER one PC is synced again, repeat process on other PC's affected.


Turning SYNC off on all PC's may lose important data like passwords!

Google SYNC data does not appear to contain or pass the infections back...
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2251
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Chrome PUP issue with MalwareBytes solved

Post by burger2227 » Thu Jan 04, 2018 10:01 am

Free versions of MalwareBytes may not scan for Rootkits automatically!

In the Settings, Protection tab turn ON Scan for Rootkits option under Scan Options.

The Scan for Rootkits option adds less than a minute to scans...
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2251
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Chrome PUP issue with MalwareBytes resolved

Post by burger2227 » Mon Jan 22, 2018 9:04 am

Rogue extensions that hijack Chrome & Firefox are near impossible to remove
Called "Tiempo en colombia en vivo" on the Chrome Web Store, the rogue extension can be installed on a machine when the user visits certain sites; trying to leave a malicious site results in an infinite loop of dialog boxes cautioning the user that they can't leave the page until they install the extension. If they try to leave still, and choose the option to "Prevent this page from creating additional dialogs," the tab will go into full screen mode and offer the 'Add extension' dialog popup that shows up when installing a Chrome extension.

If the user ends up installing the extension, it will proceed by hijacking their browser searches and redirect them to certain pages or YouTube videos in order to increase their views.

The only means of successfully removing the extension at this point is to install Malwarebytes and let the anti-malware program do it for you. Alternatively, you may also try closing Chrome(application and icon in hidden taskbar list) and manually browse to the extension's folder and rename '1499654451774.js', which is the JavaScript file the extension relies on.
You will find the extensions files in:
C:\Users\User_Name\AppData\Local\Google\Chrome\User Data\Default\Extensions.


You can then restart Chrome and will be able to access the browser's extension settings as normal, with the offending extension shown as being corrupted - and unable to work its nefarious magic as it can't find the files it's looking for. You can then proceed to delete it as you normally would.
Removing the extension in Firefox is much easier than in Chrome, as you only need to start the browser in Safe Mode by pressing down the Shift key when starting it. This will allow Firefox to run with all extensions disabled, and you can then remove the extension as you normally would.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

Post Reply