Post by neuromancer on Oct 20, 2016 11:18:25 GMT -8
I have by Advertise" style="z-index: 2147483647;"> Windows 10 on a machine on which one of my Google and/or Chrome accounts has the aggressive and deeply rooted 'Ad by Advertise' malware. I also by Advertise" style="z-index: 2147483647;"> use IE11 on this machine, but I don't believe it shows the signs of infection.
I routinely use two Google accounts, each with a corresponding Chrome account. I also have a Windows 7 machine, on which I use Chrome with the same two pairs of accounts (Google & Chrome), and it shows no sign of infection. I don't understand how the malware can affect only one account on Chrome, but not affect that same account on a different device ... unless it's exploiting a weakness in W10 that isn't in W7!
I worked with a Norton support tech to remove this thing. He ran Power Eraser (which did find one "Unwanted Application", which he deleted. Doing that appeared to 'cure the malware', but not for very long. He called me back a couple of days later and asked about the infection. I told him it was still there, and he said he would put me through to a tech who could really remove it. The person I spoke to next asked me some questions and then told me, literally, that there was no virus on my computer "because their scan didn't find any". (Wow, a whole new way to define "virus"!) I asked if they had a product that could remove this malware, and she said yes, for $100 one of their "Level 2" techs would find and remove it completely, with a 7 day guarantee. When I didn't go for that, she offered "Norton Security Deluxe", at $50 for a one year subscription, which provides unlimited Level 2 tech support for the year. She said it usually takes 45 to 90 minutes for the removal process.
I've also studied some of the websites which by Advertise" style="z-index: 2147483647;"> offer a software solution, but I didn't find anything that inspired my trust and confidence. (One operation had a 30-Day Guarantee, but when pressed they admitted that you could only get your money back within 24 hours of making the purchase.)
I am by Advertise" style="z-index: 2147483647;"> using Chrome with the infected account to work on this Forum, in case that somehow makes it more discoverable. The most obvious effect of the malware is that selected words in the HTML on a web page get linkified and highlighted (see attached image file). The more insidious effects are harder to capture, because any mouse event tends to clear them.
FRST.txt can be downloaded here.
Addition.txt can be downloaded here.
I routinely use two Google accounts, each with a corresponding Chrome account. I also have a Windows 7 machine, on which I use Chrome with the same two pairs of accounts (Google & Chrome), and it shows no sign of infection. I don't understand how the malware can affect only one account on Chrome, but not affect that same account on a different device ... unless it's exploiting a weakness in W10 that isn't in W7!
I worked with a Norton support tech to remove this thing. He ran Power Eraser (which did find one "Unwanted Application", which he deleted. Doing that appeared to 'cure the malware', but not for very long. He called me back a couple of days later and asked about the infection. I told him it was still there, and he said he would put me through to a tech who could really remove it. The person I spoke to next asked me some questions and then told me, literally, that there was no virus on my computer "because their scan didn't find any". (Wow, a whole new way to define "virus"!) I asked if they had a product that could remove this malware, and she said yes, for $100 one of their "Level 2" techs would find and remove it completely, with a 7 day guarantee. When I didn't go for that, she offered "Norton Security Deluxe", at $50 for a one year subscription, which provides unlimited Level 2 tech support for the year. She said it usually takes 45 to 90 minutes for the removal process.
I've also studied some of the websites which by Advertise" style="z-index: 2147483647;"> offer a software solution, but I didn't find anything that inspired my trust and confidence. (One operation had a 30-Day Guarantee, but when pressed they admitted that you could only get your money back within 24 hours of making the purchase.)
I am by Advertise" style="z-index: 2147483647;"> using Chrome with the infected account to work on this Forum, in case that somehow makes it more discoverable. The most obvious effect of the malware is that selected words in the HTML on a web page get linkified and highlighted (see attached image file). The more insidious effects are harder to capture, because any mouse event tends to clear them.
FRST.txt can be downloaded here.
Addition.txt can be downloaded here.