Do I see bad Google Chrome extensions? Need help and don't know German

Discussion in 'other security issues & news' started by act8192, Feb 28, 2013.

Thread Status:
Not open for further replies.
  1. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    I don't know google chrome. I don't know German. I don't know how to clean a computer. I'm a helper :argh: So I could use some help.
    On my friend's, in Germany, computer, CCleaner reports the following Google Chrome extensions,
    Columns are what, version, can't translate, location
    1. Avira Toolbar, 7.15.8.0, Erster Nutzer, C:\Dokumente und Einstellungen\<<myFriend'sName>>\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.8.0_0
    2. GhosteryStats, 2.7.192 , Erster Nutzer, C:\Dokumente und Einstellungen\<<myFriend'sName>>\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ehmdnmbaomgmfmjiajhdfopgnbmgkcog\2.7.192_0
    3. Skype Click to Call, 6.3.0.11079, Erster Nutzer, C:\Dokumente und Einstellungen\<<myFriend'sName>>\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0

    I translate the locations to
    C:\Documents and Settings\<<myFriend'sName>>\Local Settings\Application Data\ then Chrome...etc.

    Those lines just don't look right to me. Filenames like that are suspicious in my book.

    She has also some toolbars/helpers/BHOs/extensions in IE and FireFox: GhosteryStats by David Cancel, which might be related. She doesn't use or want Google Chrome. Not sure if wants Firefox (uses Thunderbird mail). Uses IE exlusively (OT: likely not correctly setup, we didn't get to that yet)

    Googling, the only references I see to the weird filenames are in lengthy logs on a Trojan Board, which I can't read
    http://www.trojaner-board.de/125873-ukash-virus-eingefangen-3.html
    http://www.trojaner-board.de/113940-avira-hat-tr-atraps-gen-virus-endeckt-tun.html
    and I have no clue if the posts there have anything to do with these odd files.
    Neither do these, in plain English :(
    http://www.dslreports.com/forum/r27758998-Trojan-My-Virus-troubles
    http://forums.techguy.org/virus-other-malware-removal/1085524-funmoods-once-more-3.html

    I have no experience with viruses, etc. Other than all those toolbars and helpers and stuff are bad news.

    So all I'm asking for is some sensible clue, as to what's going on.
    Are these infections? Or leftovers after maybe MSRT or AVIRA cleaned the .EXEs out?

    Are we looking at a computer that's infected and needs professional help? If so, who in Hamburg?
     
  2. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    I am not quite sure to have understood what is the issue. Anyway, Erster Nutzer means First User. That is the Default user of Chrome (as you might set up different profiles in Chrome).

    i would suggest to remove all extensions from Chrome, run a fresh scan with antivirus and see the results.
     
  3. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    @dogbite,
    We scanned with Malware Bytes, and did a full, deep scan with her Avira - no detections. She wants chrome uninstalled. I suppose the funny filenames will go away, if not, we'll delete.

    I spoke subsequently with someone here that has Google Chrome. It turns out that Google, simply, has a very bad habit of giving some things incomprehensible filenames or folder names, which raise a red flag - such as this gem from my first post
    ...\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
     
Loading...
Thread Status:
Not open for further replies.