Is this Malware?

Thargor · 21-06-2016 10:46pm #1

In Chrome I have these 2 annoying ads at the top of most of my searches, they're annoying because they take a second to apear causing me to misclick, thing is there are zero results for Adxfactory malware or adware, usually someone else would have posted about it somewhere by now.

Ive ran all the usual scans with ADW and a few others but they dont find anything, no suspicious looking extensions either, Adblock plus installed.

Another possibly related issue is these infuriating company logo images in searches, not sure if its Google testing a feature or another sign of infection, they're annoying anyway:

tEeHDvW.png?1

Any suggestions for either? Thanks.

ItHurtsWhenIP · 22-06-2016 12:06am

I'd run a Malwarebytes scan ... if it finds sh1t to clean up, then do it and run another Malwarebytes scan ... rinse and repeat until clean.

Then run a SpyBot Search & Destroy ... clean up ... rinse and repeat.

Should do it. I had a neighbours machine that was doing something similar and that did the trick.

Not sure about the company logo things though.

ct5amr2ig1nfhp · 22-06-2016 12:13pm

Also run the Microsoft Software Removal Tool.

22-06-2016 9:39pm

Your HTTPS connection doesn't appear to have an SSL cert?

Can you open up the command prompt and run "nslookup google.ie"?

Also can you select the page icon beside the "HTTPS" and select the "Cookies" and take a screenshot of what is returned?

Thargor · 22-06-2016 10:01pm

Nothing showing up on multiple scans with all those, thanks anyway.

Deleted User wrote: »

Your HTTPS connection doesn't appear to have an SSL cert?

Can you open up the command prompt and run "nslookup google.ie"?

Also can you select the page icon beside the "HTTPS" and select the "Cookies" and take a screenshot of what is returned?

12 cookies set by page, nothing suspicious looking on the list, any clues?

22-06-2016 10:42pm

So your domain resolution appears to be fine.

However you have two strange cookies 'connectionstrenth[.]com' and 'urlvalidation[.]com' being set when you visit google.ie

Looks to be this http://totalsystemsecurity.com/how-to-remove-urlvalidation-com-redirect-page/#more-5149

Thargor · 22-06-2016 10:55pm

Deleted User wrote: »

So your domain resolution appears to be fine.

However you have two strange cookies 'connectionstrenth[.]com' and 'urlvalidation[.]com' being set when you visit google.ie

Looks to be this http://totalsystemsecurity.com/how-to-remove-urlvalidation-com-redirect-page/#more-5149

Aha, found it, thanks, it was an extension I used that went bad, deleted now:

https://malwaretips.com/threads/imgur-uploader-chrome-extension-turns-to-the-dark-side-starts-injecting-ads.60231/

connectionstrenth[.]com was the clue, thanks a million Ni@ll.

Sparrow22 · 22-03-2017 3:24pm

[ltr]This is very similar to the virus that I've read recently[/ltr]

Thargor · 22-03-2017 5:43pm

I think yo might be a virus yourself Sparrow.

bubbleboy22 · 26-06-2017 9:10am

+ for malwarebytes.. I had a problem several month ago. While searching for anything in browser a malware blocked that and I could not open the searching results and my laptop was super slow. And malwarebytes cleaned everything for several minutes.

Is this Malware?

Comments