vinzent

Members
  • Content count

    47
  • Joined

  • Last visited

About vinzent

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Hello again, We're one week later after my Omiga Plus infection. Everything's perfectly fine, except for the fact that MB has found a malicious registry key... My previous scan was clean on June 27. Could this be a left-over, that couldn't be detected at the time, but can be now, following the latest update? Here is the log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 04/07/2014Scan Time: 21:50:42Logfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.04.09Rootkit Database: v2014.07.03.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Chris Scan Type: Custom ScanResult: CompletedObjects Scanned: 336847Time Elapsed: 3 min, 6 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 1PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsProtectManger, Quarantined, [58ca4c4f99e2bf7791a0e8cb4eb412ee], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  2. Done. It worked! Thanks a lot for your help
  3. By the way I just doubled-checked: I confirm that my passwords are stored in clear in Chrome! I also found this great article: http://www.darkreading.com/attacks-and-breaches/google-chrome-tabs-let-malware-sneak-into-businesses/d/d-id/1104632? Can't believe Chrome still has this breach 2 and a half years after this was highlighted. All of this won't have been for nothing: now I know I cannot trust Chrome with my passwords, and shouldn't activate Google sync for extensions...
  4. Finally, Omiga Plus isn't showing anymore in Chrome. Here is the MB log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 27/06/2014Scan Time: 21:02:25Logfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.27.08Rootkit Database: v2014.06.23.02License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Chris Scan Type: Threat ScanResult: CompletedObjects Scanned: 271573Time Elapsed: 6 min, 41 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  5. Thanks. I'll follow your advice and will keep you posted. Here is the article http://siliconangle.com/blog/2013/08/07/google-chrome-hacked-how-your-passwords-can-be-exposed/ Although Google states that passwords are encrypted, they would be in clear in Chrome's cache. That makes sense, otherwise how would Chrome be able to convey the passwords accross different Chrome instances, on different machines?
  6. Thanks a lot! I'll be doing that within the next couples of hours. In the meantime, could you tell help me with the following questions: - Do you think all my passwords are compromised due to Google Chrome's sync feature? (I just read they are non-encrypted!!!) - Once the cleaning is complete, will I ever be able to use sync again (I like it for bookmarks)?
  7. Update: restarted Chrome on my 2nd computer (laptop) and it now displays the 2 Omiga Plus tabs (same URL, same uid parameter)
  8. There's one thing I did actually prior the Omage Plus start page came back - I logged back into Chrome. Do you think it could be somehow attached to my Google profile? Additional info: I have another machine, a laptop. I logged into Chrome yesterday and found out the "Quick Start" chrome extension had carried over to my laptop. I immediately disabled and uninstalled it from Chrome. I have seen no other sign of infection on my laptop (and I don't believe it could infect the whole system from the Chrome extension since it didn't have admin rights... right?)
  9. I'm out of luck - two reboots later, I just reopened Chrome and the Omiga Plus start page is back again (2 tabs). Please note than in the meantime I did not install or uninstall anything, did not perform any time of browser reset. It's just back.
  10. Done! Please note the following 1. No more Omiga Plus tabs showing up in Chrome upon startup 2. (zoek-results.log) Ridiculously long "Files Recently Created / Modified" log: I reinstalled Windows last week (then I made the good decision to install fresh software and ended up with Omiga Plus...) 3. (bug.jpg) I got an error message from HijackThis, which apparently failed zoek-results.log
  11. Another issue: Internet Explorer is slower to start than usual.
  12. Update: I ran MBAM a second time. Google Chrome still infected. MBAM pass2.txt
  13. Done. I'm afraid I still have 2 tabs opening on isearch.omiga-plus.com everytime I launch Google Chrome. I ran Adw twice to see if there was any improvement - you'll see that the Registry entries have been cleaned, but Chrome still infected. JRT seems to detect nothing? Waiting for your comments before continuing. By the way, I'm still puzzled that they cared to put a fake "uninstall" feature, what's the point? Fixlog.txt MBAM.txt AdwCleanerS0.txt AdwCleanerS1.txt JRT.txt
  14. Hello, I was just infected by Omiga Plus. It came with the latest DAEMON Tools Lite installer, and, unless I missed something, it didn't warn me at all about installing a search/toolbar feature. I may have done something wrong : prior to coming here, I ran the Omiga Plus uninstaller from the Windows Add/Remove Program Menu. It submitted a captcha and many pop-ups asking for confirmation (one per browser extension), then it completed. But I still have the omiga-plus.com start page, and not sure about what was compromised on my system. I haven't done anything else to remove it. Here is my Farbar log : FRST.txt, Addition.txt (see attachment) By the way, Do you think some of my personal data may be compromised now or in the future following this attack? Is it recommended to scan for rootkits (TDSSKiller...)? Thank you for your help!!! FRST.txt Addition.txt
  15. Because I made a mistake. I was surfing with chrome when, on a given page of this website, I had a security warning by chrome. It stated there was a problem with the content on the next page. I decided to go anyway for reading purpose only, with no intent to follow a download link. I didn't know about these new threats that can install on the fly just from browsing a webpage. "Internet Security 2010" actually popped a few seconds later. When I saw it, I turned my computer off as fast as I could but it was too late. I have learnt the hard way You say there's nothing to worry about : can I consider my computer "reliable" from now on (given I follow proper precautions against malware from now on?)