Author Topic: Do I have malware SOLVED  (Read 659 times)

0 Members and 1 Guest are viewing this topic.

Offline Emegra

  • Hero Member
  • *****
  • Posts: 2666
  • Karma: 54
  • Gender: Male
  • Devilishly Handsome
    • View Profile
    • Awards
Do I have malware SOLVED
« on: April 27, 2013, 09:49:41 pm »
Hi Guys

Recently I've notice strange behaviour in my web browser (Chromium), every so often a pop up will appear telling me I've won an Ipad, then when I close the box I'm led to a webpage prompting me to update flash player which i know is bogus so I just close the page and all seems well, but this evening I noticed that some text on a post I had posted this morning has been hyperlinked, so far the hyperlinks are only on the original post, but I have no idea how they got there.

Any ideas ?


Many thanks

Graeme
« Last Edit: April 28, 2013, 12:34:06 pm by Emegra »
If you can keep your head while all around are losing theirs, then you're not quite grasping the situation

Offline Mad Penguin

  • #Mad_Penguin_UK
  • Administrator
  • Hero Member
  • *****
  • Posts: 1318
  • Karma: 10017
  • Gender: Male
    • View Profile
    • Linux in the UK
    • Awards
Re: Do I have malware
« Reply #1 on: April 27, 2013, 10:09:45 pm »
More inclined to think you've visited an iffy site. Solution; make sure you set chrome to start clean rather than restoring previous tabs, then quit chrome and restart. Make sure chrome itself actually quits completely. ( then see if it still happens )

You need to pay attention to the site you are on when you see this .. But it sounds like the a site you're visiting is actually the problem ...

Sent from my Nexus 4 using Tapatalk 2


Offline Emegra

  • Hero Member
  • *****
  • Posts: 2666
  • Karma: 54
  • Gender: Male
  • Devilishly Handsome
    • View Profile
    • Awards
Re: Do I have malware
« Reply #2 on: April 27, 2013, 10:32:12 pm »
HI Mad Penguin

Thanks for your help

I have no idea what iffy site I could have been on, this is a laptop that I'm on very rarely, and the sites I'm mainly on is this site, and some other Linux forums, ebay and general browsing, I am never on porn sites if that's what you mean by iffy. I've noticed even on your reply one word is hyperlinked, my settings are set for "open homepage" and I always close by clicking the X in the top right corner.

If you can keep your head while all around are losing theirs, then you're not quite grasping the situation

Offline SeZo

  • Hero Member
  • *****
  • Posts: 1511
  • Karma: 119
  • Gender: Male
    • View Profile
    • Awards
Re: Do I have malware
« Reply #3 on: April 27, 2013, 11:05:51 pm »
I have not used Chrome for some time (OK tried it for couple of months beginning of last year) but is there not a setting to clear all browsing history, cookies and the like.
Also to watch out for flash cookies as they are perennial. For this I use BetterPrivacy addon (in Firefox).
You can also delete these super cookies on the Adobe website

Offline Emegra

  • Hero Member
  • *****
  • Posts: 2666
  • Karma: 54
  • Gender: Male
  • Devilishly Handsome
    • View Profile
    • Awards
Re: Do I have malware
« Reply #4 on: April 27, 2013, 11:15:16 pm »
Hi Sezo
Thanks for your advice, I have already cleared all my browser cache but the problem actually seems to be getting worse as time goes on I've attached some screen shots to let you see what's happening

The first screen will suddenly pop up randomly, so I close out then led to the second screenshot prompting me to update flash player, I know this is bogus because I'm sure I tried it and it led me to some 3rd party site but I can't remember exactly, the third screenshot is what I get now browsing threads on this site, that and the hyperlinks I've only noticed this evening

EDIT

Just another example here's a screenshot, of a hidden page I find when closing down Chromium


Many thanks

Graeme
« Last Edit: April 27, 2013, 11:25:00 pm by Emegra »
If you can keep your head while all around are losing theirs, then you're not quite grasping the situation

Offline Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 13840
  • Karma: 344
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: Do I have malware
« Reply #5 on: April 27, 2013, 11:25:56 pm »
Have you got any plugins installed ?

Click this links and see what's listed:
chrome://extensions/
WARNING: You are logged into reality as 'root'

logging in as 'insane' is the only safe option.

Offline SeZo

  • Hero Member
  • *****
  • Posts: 1511
  • Karma: 119
  • Gender: Male
    • View Profile
    • Awards
Re: Do I have malware
« Reply #6 on: April 27, 2013, 11:26:27 pm »
OK, It looks like that the pages get locally modified by a plugin (some driveby exploit must have loaded it at some point).
Look what plugins you have running. If you can identify which is causing the problem then remove it and restart the browser.

If you cannot then more drastic action is needed. Look in your home folder for the (hidden) .Chromium folder and rename it.
Then start Chromium again, see if that clears the issue. If that works then you can restore your bookmarks from the original (renamed) folder.

[EDIT]
It appears that folder is ~/.config/chromium/Default not .Chromium :'(
« Last Edit: April 27, 2013, 11:31:06 pm by SeZo »

Offline Emegra

  • Hero Member
  • *****
  • Posts: 2666
  • Karma: 54
  • Gender: Male
  • Devilishly Handsome
    • View Profile
    • Awards
Re: Do I have malware
« Reply #7 on: April 27, 2013, 11:34:01 pm »
I have a few plugins installed to many to type so I've attached another screenshot of the Extensions page, It's getting late and i'm off to bed now but I'll act on any advice in the morning


Many thanks

Graeme
If you can keep your head while all around are losing theirs, then you're not quite grasping the situation

Offline Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 13840
  • Karma: 344
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: Do I have malware
« Reply #8 on: April 27, 2013, 11:47:28 pm »
Disable ALL your plugins then restart Chromium and see if the problem disappears .. if it does, enable them one at a time (restarting Chromium each time) to discover which is the problem one .. then remove it.
WARNING: You are logged into reality as 'root'

logging in as 'insane' is the only safe option.

Offline SeZo

  • Hero Member
  • *****
  • Posts: 1511
  • Karma: 119
  • Gender: Male
    • View Profile
    • Awards
Re: Do I have malware
« Reply #9 on: April 27, 2013, 11:48:49 pm »
There seems to be no problematic extension listed on that screenshot, but you could try to disable them all (as Mark said) and restart the browser.
Alternatively you could (just for test) rename the following folders:
~/.macromedia
 ~/.config/chromium
These will be re-created clean on the next visiting a flash site and startup of the browser

Offline Emegra

  • Hero Member
  • *****
  • Posts: 2666
  • Karma: 54
  • Gender: Male
  • Devilishly Handsome
    • View Profile
    • Awards
Re: Do I have malware
« Reply #10 on: April 28, 2013, 12:26:03 pm »
Hi Guys

Thats it sorted, the offending plugin was SaveAs 2.4, To be honest I don't know what it does or even remember installing it, but disabling it sorted it immediately.


Many thanks


Graeme
If you can keep your head while all around are losing theirs, then you're not quite grasping the situation

Offline Mad Penguin

  • #Mad_Penguin_UK
  • Administrator
  • Hero Member
  • *****
  • Posts: 1318
  • Karma: 10017
  • Gender: Male
    • View Profile
    • Linux in the UK
    • Awards
Re: Do I have malware SOLVED
« Reply #11 on: April 28, 2013, 06:19:05 pm »
Interesting, I thought Google's management / censorship of extensions was better than that (!)

 


SimplePortal 2.3.3 © 2008-2010, SimplePortal