Google chrome virus HELP

[Xedafen]

     I have a major problem and maybe some other people are having this too. I lost my avast and norton protection, and I have a BAD google chrome virus. Like really bad. I tried re installing chrome and it doesn't work. I am very aware of what I do on the internet as far as viruses go, and cautious. I have a big problem though and I need help, please. Every time I use google chrome AND internet explorer, it redirects me to yahoo when i search. When I go to google from the yahoo search, it redirects me to some malware ads like "Your computer is at risk" etc. I littlerly CANNOT use google at ALL. Cannot search anything. All spams ads and pop ups. And for the few times I CAN google something, the searches are changed by something called "Clearthink", and when i enter a website I get at least six ads a page, and I cannot click out of them. I cannot find ANY help anywhere else, so it would be great if I could have some tips.

[Phage]

Okay, first of it would be nice to know what system you're on (I'll assume Windows).

Second, this sounds like "simple" adware. Scan your system with Malware bytes and AdwCleaner. When you've done this, take a look at your Chrome extensions, I'm pretty you're you'll find some unwanted extensions. Remove those and then change your default search engine to what you like.

[proxx]

     I have a major problem and maybe some other people are having this too. I lost my avast and norton protection, and I have a BAD google chrome virus. Like really bad. I tried re installing chrome and it doesn't work. I am very aware of what I do on the internet as far as viruses go, and cautious. I have a big problem though and I need help, please. Every time I use google chrome AND internet explorer, it redirects me to yahoo when i search. When I go to google from the yahoo search, it redirects me to some malware ads like "Your computer is at risk" etc. I littlerly CANNOT use google at ALL. Cannot search anything. All spams ads and pop ups. And for the few times I CAN google something, the searches are changed by something called "Clearthink", and when i enter a website I get at least six ads a page, and I cannot click out of them. I cannot find ANY help anywhere else, so it would be great if I could have some tips.

Did you backup google?

[Pak_Track]

I don't get why these clowns do things like this. They aren't going to get any pages views, if that's what they want(atleast not willingly)

[karsa]

I don't get why these clowns do things like this. They aren't going to get any pages views, if that's what they want(atleast not willingly)

I'm guessing those are PPV ads so this would roughly be the scenario:
1. Shove adware down the throat of thousands of people
2. Wait and hope someone gets to the landing page and bites the bullet
3. ????
4. PROFIT!!!

@OP
NoScript, RequestPolicy and AdBlock with a few good lists may take a while to get used to but they are lifesaving addons.
As for the adware, look for anything suspicious in your profile folder or scrap the one you're using now and make a new one to see if the problem persists. Optionally, ditch Chrome together with all the stuff it leaves after an uninstall and switch browsers.

[techb]

@OP
NoScript, RequestPolicy and AdBlock with a few good lists may take a while to get used to but they are lifesaving addons.
As for the adware, look for anything suspicious in your profile folder or scrap the one you're using now and make a new one to see if the problem persists. Optionally, ditch Chrome together with all the stuff it leaves after an uninstall and switch browsers.

That's just hiding the problem instead of fixing it.

Do what Phage said. Also check your DNS settings. If your having issues doing any of this, do it in safemode.

[Phenom]

Try This :
One - Scan your system with any "anti-malware" software (I prefer Malware Bytes)
Two - Check your Themes & Addons
Three - Make the move to Firefox =D

[shad0wingfir3]

I consider myself a jaded internet user, and still got stuck with adware on a fresh install of windows the other week lol. You probably want to go ahead and get MalwareBytes from http://www.malwarebytes.org/ you will want the free version.

Next step is logical, scan and let it remove the infectious disease.

You might even want a second opinion like Adaware. With the adware deleted, you might want to install Revo Uninstaller free version, and completely remove Chrome. This is because some of the settings might of been changed on you as well as a possibility of bad extensions. Reinstall, re log in, and you should be good to go! If you have something worse than just adware, you might want to consider a System Restore if on windows if residual files were left on your computer.

[Deque]

Instead of just using all kind of scanners and tools, get some knowledge about the malware first. You can make a malwarebytes scan without immediately removing anything, then do some research for the found threats (you can also post the malwarebytes scan results here and I will look over it).
Look at the running processes for suspicious stuff as well and in the locations of the registry that are often used to get persistent on the system.

The problem with removing the threats immediately is that scanner you used might not remove everything that belongs to the threat, but remove the traces of the infection. Other tools that are better suited for that kind of infection might not be able to detect anything, because you remove the obvious stuff with that other tool.

Get knowledge about the malware first, what it does, where it came from. E.g. if you know it downloads other malware as well you will have to look for more malware on your system. You also need to know what kind of changes where made to the system so you can reverse them, in case these scanning tools don't.

If you only rely only on malwarebytes you risk a crippled system and some malware leftovers.

Edit: A quick research came up with this: http://malwaretips.com/blogs/remove-clearthink-virus/
But check for other malware on your system too, before you apply these steps.

[Xedafen]

Alright thanks guys. I got rid of it with adware cleaner and I am downloading malwarebytes now. Thanks again.

[Skava]

I know this bro fixed his problem, but adwares can simply be removed by uninstalling any "suspicious" named program in the installed programs list. If that doesn't cut it, I would resort to malware bytes and similar software.

Just saves you some hustles.

[shad0wingfir3]

I know this bro fixed his problem, but adwares can simply be removed by uninstalling any "suspicious" named program in the installed programs list. If that doesn't cut it, I would resort to malware bytes and similar software.

Just saves you some hustles.

The problem here is not that the ad-ware program couldn't be uninstalled (if you knew what to look for), the problem comes from possible unseen malicious activities like changed registry values, web-browsing configuration changes (redirecting, and click jacking). A simple uninstallation might get rid of 1 instance of the program, if it is a worm or virus the program will be installed again. Hell the program might not even be listed if it tries to hide itself.

[Skava]

The problem here is not that the ad-ware program couldn't be uninstalled (if you knew what to look for), the problem comes from possible unseen malicious activities like changed registry values, web-browsing configuration changes (redirecting, and click jacking). A simple uninstallation might get rid of 1 instance of the program, if it is a worm or virus the program will be installed again. Hell the program might not even be listed if it tries to hide itself.

Well exactly, but recently I dealt with lots of adware, even from programs like Daemon Tools (like seriously wtf daemon)...
First thing I did, I installed malwarebytes, but it removed ads for like 10 minutes.
Then I simply uninstalled some programs and it's clear.
I think most of the show up as "legit" programs and are labeled as enhancers of certain web apps:

Youtube Accelerator, Shopper Pro etc.

[Deque]

Well exactly, but recently I dealt with lots of adware, even from programs like Daemon Tools (like seriously wtf daemon)...
First thing I did, I installed malwarebytes, but it removed ads for like 10 minutes.
Then I simply uninstalled some programs and it's clear.
I think most of the show up as "legit" programs and are labeled as enhancers of certain web apps:

Youtube Accelerator, Shopper Pro etc.

It is correct that you can remove some adwares simply by uninstalling them. But there are nasty ones that will bite you if you try. E.g. uninstalling Conduit SearchProtect will render a Windows XP machine unbootable.

That's why I emphazised: Before you do anything about malware or PUPs, you must research!

These are some malwares and PUPs you can safely uninstall with Add/Remove program:

Code: [Select]

ADWARE.ADTOMI

APROPOS MEDIA

BARGAIN BUDDY - only some of the infections can be uninstalled. If evidence of infection remains then use the Task Manager to End Task and Delete the Files

BROADJUMPCLIENT FOUNDATION

COMET CURSOR - Use Add/Remove Programs - if only partially uninstalled then reinstall and use their uninstaller to remove http://www.cometcursor.com/

COMMONNAME - Use Add Remove Programs for some versions others need SpybotSD, Ad-Aware and HijackThis to remove the infection

DATE MANAGER

DOWNLOADWARE - use Add/Remove Programs but sometimes leaves files behind use Spybot and AdAware to remove if files remain

FAVORITE MAN - F1 and ZZ versions should be uninstalled with Add/Remove Programs other versions will need Spybot and Ad-Aware

GATOR/GAIN/DATE MGR

HUNTBAR - listed in Add/Remove Programs as 'INTERNET 404', 'MSIETS', 'TOOLS FOR INTERNET EXPLORER','WINTOOLS'
if removal is incomplete download and use the uninstaller http://www.huntbar.c...lbar/remove.cab
**It appears that Huntbar is completely offline at present and therefore the uninstaller is not available**


KAZAA

KEEN VALUE V1 Variant(only)- Use Add REmove Programs to uninstall then delete folder in Program Files

LIMESHOP

LYCOS SIDESEARCH

MEMORY METER - in Safe Mode - Use Add/Remove Programs Uninstall 'MemoryMeter' + 'TV Media Display (TVMD.EXE IN %windir%) - Use Spybot SD for clean up.

MS T MEDIA

MYSEARCH

MYSEARCH BAR

MY WEB SEARCH BAR

MY WEB SEARCH ASSISTANT

NEWDOTNET - Optional Removal - very important that this be uninstalled - never use HJT to remove or you will break their internet connection If it resists uninstalling then there is an uninstaller from NEW http://www.newdotnet.com/#remove

OPENSITE

P2P Networking

PEOPLEONPAGE - Use Add/Remove Programs but if the user registered with 'POP' they will need to unregister at website first then uninstall

POWER REG SCHEDULER

PRECISION TIME - Use Add/Remove Programs but gator will remain when uninstall completed. Make certain to have the victim uninstall the gator application

SAVENOW - Use Add/Remove Programs to remove 'savenow', 'whenushop'

SPEED BLASTER - Use Add/Remove Programs in Safe Mode - 'speedblaster' + 'TV T-media' display (TVTMD.exe IN %windir%) Use Spybot to clean up the files that are left

SPYWARE HUNTER

SPYWARE KILLER

TOTAL VELOCITY - also uninstall 66.159.219.201

TWAIN-TECH - version 1 - Use Add/Remove Programs to uninstall - entries should not be deleted with HJT until uninstalled

WEATHERBUG may need to End Task'weatherbug.exe' before using Add/Remove

WINTOOLS Use Add/Remove then clean up by deleting files in safe mode

These are some programs you  need to remove with antispyware-programs or other methods:

Code: [Select]

ABETTERINTERNET - is Look2Me and requires extensive uninstall procedures plus Ad-Aware

BACKWEB-XXXXXXXX.exe (BackWeb. The XXXXXXXX denotes the version number) - Disable startup, end task on executable then delete files

BONZI BUDDY - has it's own uninstaller on the Start Menu in the Bonzi Buddy Directory

CLICK2FIND/I-LOOKUP use uninstaller then use CWShredder

FAST SEARCH use CWShredder

FAVORITE MAN - F1 and ZZ versions should be uninstalled other versions will require Spybot SD and Ad-Aware

FREESCRATCHANDWIN/XZOOMY - Use its own uninstaller from the website, delete files, then reset the Settings in IE

GOHIP-Has it's own uninstaller

HUGE SEARCH - end task on executable, use HJT then delete files

KEEN VALUE/INCREDIFIND - will be partial uninstall only, with Internet connection Remove folders in Program Files 'PowerSearch Toolbar for IE', 'Incredifind' and 'Dynamic Toolbar\PWRS0RBI'then delete files. Entry in hosts file = 12.129.205.209 search.netscape.com delete it.

I-LOOKUP/CLICK2FIND - Has two different uninstallers available - to remove End Task, unregister dll, regedit

LOOK2ME - Please see instructions in canned fixes and tutorials

LOOKFOR.cc/IEFEATS.A - Use CWShredder and Online AV scans

LOP - Use Ad-Aware and Spybot SD

NCASE - In Safe Mode Use HJT to remove msbb.exe and the O16 entry and delete folders 'Ncase', '180 Solutions'

PEPER - User Peper fix uninstaller tool
-
PROLIVATION - Use Spybot SD

RAPID BLASTER - Use RBKiller to remove

ShopAtHome (SAH) - Use HJT to remove Registry entries and will probably need LSPFix followed by deletion of files

SEARCH-SPACE/START-SPACE - Use CWShredder

SMARTSEARCH.ws - Use CWShredder

WINPUP - in Safe Mode End Task of the executable then Use HJT to remove the entries in the log file, delete files

XUPITER - Use AdAware and Spybot SD

Always do research and if you are unsure, consult an expert.