Chrome infected by PCKeeper ads

Sidebar Sidebar
Status
Not open for further replies.
MountainDrew329

MountainDrew329

Honorable
May 28, 2013
4
0
10,520
On March 3rd I started noticing problems using google chrome. Whenever I open a new tab, it loads and then redirects to a page advertising some kind of "anti-malware program" called PCKeeper. From what I've seen online, this program itself is a bad thing to have on your computer. Here's a picture what I get redirected to when I open a new tab:

http://

Also, occasionally while I'm using chrome, a tab will duplicate and one of the tabs will redirect to either a page that tells me my McAfee subscription has expired today (I've never used McAfee) or some other ad (anti-malware programs, something called reimageplus, etc.). Here are some examples:

http://
http://

This is extremely annoying when I am trying to use the internet. I only encounter these problems when using chrome on this specific computer. I tried using chrome on my laptop and didn't experience any problems even though it is logged into my google chrome account with all the same settings/extensions. It also doesn't seem to have affected internet explorer.

Some things I have already tried:

  • Made sure there aren't any new extensions installed to my chrome
    Reset my chrome settings to default
    Used google's chrome malware/ads removal tool (nothing found)
    Uninstalled chrome through control panel and reinstalled
    Looked for anything fishy in my control panel programs list that I should uninstall
    Looked for anything fishy in the registry editor under chrome
    Downloaded Malwarebytes and ran a scan of my system (0 threats found)

Finally, I tried restoring my computer to a previous automatic system restore point to no avail. No matter which date I chose to restore to, for some reason the process would stop during the middle and tell me it was interrupted. This happened every time through multiple attempts.

I have not personally downloaded anything in the past week and have no idea why this has started happening. I have never had problems with malware until now. Any help you can give would be appreciated.
 
Solution
MountainDrew329
I think I have fixed the issue. Still keeping my fingers crossed in case it comes back but for now it's gone!

I followed a youtube tutorial to COMPLETELY uninstall chrome (uninstall program, delete files, deleted hidden files, deleted google stuff from registry, etc.)

Then, I ran both adwcleaner (which found nothing) and a Malwarebytes scan which found 2 threats classified as adware that I removed. Not sure why these didn't come up any time I scanned before now...

Now I have installed chrome again and looks like all is well.

For anyone reading this thread for help, the steps that helped me solve the issue are as follows:
1. Download and scan with Malwarebytes to remove any threats it finds
2. Download and run AdwCleaner and remove...
Sort by date Sort by votes
MeanMachine41

MeanMachine41

Estimable
May 8, 2014
59
0
4,610
This type off Adware is not considered Malware per-say and Malwarebytes would not list it so.
AdwCleaner is Malwarebytes adware removal tool, as it has probably infected your registry with multiple entries.

Go here for the download: https://toolslib.net/downloads/finish/1/

Sometimes warnings come up when using it however it is safe and it's part of the Malwarebytes family of malware removal tools. It may identify some programs that you would wish to keep so be selective with what you choose to remove. You can inspect the registry entries that the tool identifies.
Once done then run Malwarebytes as usual just to check.
 
Upvote 0 Downvote
MountainDrew329

MountainDrew329

Honorable
May 28, 2013
4
0
10,520
I ran AdwCleaner and it founded multiple threats and remove them, one of which had to do with my chrome extensions. Thank you both, MeanMachine41 and kraelic, for your replies!

This is my log from AdwCleaner:

# AdwCleaner v6.044 - Logfile created 06/03/2017 at 22:11:04
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-07.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Drew - DREW_PC
# Running from : C:\Users\Drew\Downloads\adwcleaner_6.044.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Drew\AppData\Local\Oxy
[-] Folder deleted: C:\Users\Drew\AppData\Roaming\Oxy
[-] Folder deleted: C:\Program Files (x86)\Amazon\ABB
[-] Folder deleted: C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\FileTime.FileTimeShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\FileTime.FileTimeShlExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\FileTime.FileTimeShlExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\FileTime.FileTimeShlExt.1
[-] Key deleted: HKU\S-1-5-21-1509257309-1154414065-511607360-1001\Software\Escolade
[-] Key deleted: HKU\S-1-5-21-1509257309-1154414065-511607360-1001\Software\Spark
[#] Key deleted on reboot: HKCU\Software\Escolade
[#] Key deleted on reboot: HKCU\Software\Spark
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[#] Key deleted on reboot: [x64] HKCU\Software\Escolade
[#] Key deleted on reboot: [x64] HKCU\Software\Spark
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D


***** [ Web browsers ] *****

[-] [C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: oiokahphinmbmakkehgelkmpolmnbkdh


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2603 Bytes] - [06/03/2017 22:11:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [2732 Bytes] - [06/03/2017 22:09:55]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2749 Bytes] ##########
 
Upvote 0 Downvote
MountainDrew329

MountainDrew329

Honorable
May 28, 2013
4
0
10,520
I spoke too soon, less than 10 minutes after my last post, I opened up a new tab and I was met by the same old land.pckeeper website being blocked by malwarebytes. Now I realize that the other adware I have been noticing is still present as well. I ran another scan with AdwCleaner and it found no threats... Not sure what to do now.
 
Upvote 0 Downvote
MeanMachine41

MeanMachine41

Estimable
May 8, 2014
59
0
4,610


Sorry its not fully worked for you MountainDrew as land.pckeeper is nastier than I thought and probably has hidden files or registry entries that keep re-infesting your system. I am doing some research and find it can transfer to other Browsers too. If that is the case then that may be why it re-infests.
Do you use an add blocker.?
Did you get rid of the Chrome extensions.?
Have you tried to fully uninstall Chrome then clean install.?

Sorry I could not be of further assistance however:
There is the Malwarebytes assistance site. Go here: https://forums.malwarebytes.com/topic/119858-available-assistance-for-possibly-infected-computers/
I also came across this site: http://www.removemalwarevirus.com/how-to-uninstall-land-pckeeper-software-from-computer

Please report back if you have success as that would help others that may access your thread. Good Luck
 
Upvote 0 Downvote
MountainDrew329

MountainDrew329

Honorable
May 28, 2013
4
0
10,520
I think I have fixed the issue. Still keeping my fingers crossed in case it comes back but for now it's gone!

I followed a youtube tutorial to COMPLETELY uninstall chrome (uninstall program, delete files, deleted hidden files, deleted google stuff from registry, etc.)

Then, I ran both adwcleaner (which found nothing) and a Malwarebytes scan which found 2 threats classified as adware that I removed. Not sure why these didn't come up any time I scanned before now...

Now I have installed chrome again and looks like all is well.

For anyone reading this thread for help, the steps that helped me solve the issue are as follows:
1. Download and scan with Malwarebytes to remove any threats it finds
2. Download and run AdwCleaner and remove any threats
3. Reset your chrome settings to default
4. COMPLETELY uninstall chrome, files, registry, and everything (follow a youtube tutorial)
5. Run Adwcleaner and Malwarebytes scans again for good measure
6. Download chrome again
 
Upvote 0 Downvote
Solution
MeanMachine41

MeanMachine41

Estimable
May 8, 2014
59
0
4,610
Good I hope it's gone and thanks for reporting back MountainDrew329.
I'm told it's when you download software from sites that are not from the manufactures site that include that nasty piece of work.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

H
  • Question
Question Can't open chrome:// links
Replies
6
Views
2K
Apps General Discussion
COLGeek
COLGeek
MissMagicalGirl
  • Question
Question extension called options keeps showing up on chrome
Replies
5
Views
4K
Antivirus / Security / Privacy
MissMagicalGirl
MissMagicalGirl
Q
  • Question
Question Google chrome won't open.
Replies
0
Views
1K
Apps General Discussion
qrong
Q
Twigboy
  • Question
Question Dell Precision M4500
Replies
0
Views
754
Laptop Tech Support
Twigboy
Twigboy
C
  • Question
Question auto-start foscams and auto log on and password question
Replies
2
Views
2K
Digital Cameras
corvairbob
C

TRENDING THREADS

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom