Jump to content

vinzent

Honorary Members
 View Profile  See their activity

  • Posts

    47

  • Joined

  • Last visited

Reputation

0 Neutral
  1. vinzent
    Hello again, We're one week later after my Omiga Plus infection. Everything's perfectly fine, except for the fact that MB has found a malicious registry key... My previous scan was clean on June 27. Could this be a left-over, that couldn't be detected at the time, but can be now, following the latest update? Here is the log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 04/07/2014Scan Time: 21:50:42Logfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.04.09Rootkit Database: v2014.07.03.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Chris Scan Type: Custom ScanResult: CompletedObjects Scanned: 336847Time Elapsed: 3 min, 6 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 1PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsProtectManger, Quarantined, [58ca4c4f99e2bf7791a0e8cb4eb412ee], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  2. vinzent
    Done. It worked! Thanks a lot for your help
  3. vinzent
    By the way I just doubled-checked: I confirm that my passwords are stored in clear in Chrome! I also found this great article: http://www.darkreading.com/attacks-and-breaches/google-chrome-tabs-let-malware-sneak-into-businesses/d/d-id/1104632? Can't believe Chrome still has this breach 2 and a half years after this was highlighted. All of this won't have been for nothing: now I know I cannot trust Chrome with my passwords, and shouldn't activate Google sync for extensions...
  4. vinzent
    Finally, Omiga Plus isn't showing anymore in Chrome. Here is the MB log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 27/06/2014Scan Time: 21:02:25Logfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.27.08Rootkit Database: v2014.06.23.02License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Chris Scan Type: Threat ScanResult: CompletedObjects Scanned: 271573Time Elapsed: 6 min, 41 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  5. vinzent
    Thanks. I'll follow your advice and will keep you posted. Here is the article http://siliconangle.com/blog/2013/08/07/google-chrome-hacked-how-your-passwords-can-be-exposed/ Although Google states that passwords are encrypted, they would be in clear in Chrome's cache. That makes sense, otherwise how would Chrome be able to convey the passwords accross different Chrome instances, on different machines?
  6. vinzent
    Thanks a lot! I'll be doing that within the next couples of hours. In the meantime, could you tell help me with the following questions: - Do you think all my passwords are compromised due to Google Chrome's sync feature? (I just read they are non-encrypted!!!) - Once the cleaning is complete, will I ever be able to use sync again (I like it for bookmarks)?
  7. vinzent
    Update: restarted Chrome on my 2nd computer (laptop) and it now displays the 2 Omiga Plus tabs (same URL, same uid parameter)
  8. vinzent
    There's one thing I did actually prior the Omage Plus start page came back - I logged back into Chrome. Do you think it could be somehow attached to my Google profile? Additional info: I have another machine, a laptop. I logged into Chrome yesterday and found out the "Quick Start" chrome extension had carried over to my laptop. I immediately disabled and uninstalled it from Chrome. I have seen no other sign of infection on my laptop (and I don't believe it could infect the whole system from the Chrome extension since it didn't have admin rights... right?)
  9. vinzent
    I'm out of luck - two reboots later, I just reopened Chrome and the Omiga Plus start page is back again (2 tabs). Please note than in the meantime I did not install or uninstall anything, did not perform any time of browser reset. It's just back.
  10. vinzent
    Done! Please note the following 1. No more Omiga Plus tabs showing up in Chrome upon startup 2. (zoek-results.log) Ridiculously long "Files Recently Created / Modified" log: I reinstalled Windows last week (then I made the good decision to install fresh software and ended up with Omiga Plus...) 3. (bug.jpg) I got an error message from HijackThis, which apparently failed zoek-results.log
  11. vinzent
    Another issue: Internet Explorer is slower to start than usual.
  12. vinzent
    Update: I ran MBAM a second time. Google Chrome still infected. MBAM pass2.txt
  13. vinzent
    Done. I'm afraid I still have 2 tabs opening on isearch.omiga-plus.com everytime I launch Google Chrome. I ran Adw twice to see if there was any improvement - you'll see that the Registry entries have been cleaned, but Chrome still infected. JRT seems to detect nothing? Waiting for your comments before continuing. By the way, I'm still puzzled that they cared to put a fake "uninstall" feature, what's the point? Fixlog.txt MBAM.txt AdwCleanerS0.txt AdwCleanerS1.txt JRT.txt
  14. vinzent
    Hello, I was just infected by Omiga Plus. It came with the latest DAEMON Tools Lite installer, and, unless I missed something, it didn't warn me at all about installing a search/toolbar feature. I may have done something wrong : prior to coming here, I ran the Omiga Plus uninstaller from the Windows Add/Remove Program Menu. It submitted a captcha and many pop-ups asking for confirmation (one per browser extension), then it completed. But I still have the omiga-plus.com start page, and not sure about what was compromised on my system. I haven't done anything else to remove it. Here is my Farbar log : FRST.txt, Addition.txt (see attachment) By the way, Do you think some of my personal data may be compromised now or in the future following this attack? Is it recommended to scan for rootkits (TDSSKiller...)? Thank you for your help!!! FRST.txt Addition.txt
  15. vinzent
    Because I made a mistake. I was surfing with chrome when, on a given page of this website, I had a security warning by chrome. It stated there was a problem with the content on the next page. I decided to go anyway for reading purpose only, with no intent to follow a download link. I didn't know about these new threats that can install on the fly just from browsing a webpage. "Internet Security 2010" actually popped a few seconds later. When I saw it, I turned my computer off as fast as I could but it was too late. I have learnt the hard way You say there's nothing to worry about : can I consider my computer "reliable" from now on (given I follow proper precautions against malware from now on?)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.