Coupon Factory et al extensions on Chrome

BetsyDBetsyD Cincinnati, OH Icrontian

Ok, My computer is possessed. Coupon Factory, Instant Tix, extensions keep installing themselves in Chrome. I keep uninstalling them. Other programs keep installing themselves in my "regular" program list. I ran Malwarebytes at @CB recommendation and it cleared off over 56 things, but after the restart and everything, the stuff just keeps popping up. Anything else I can try?

Comments

  • RyderRyder Kalamazoo, Mi Icrontian

    Run Malwarebytes in safe mode./
    Google if there are any specific removal instructions for any one of the things you have.
    Malwarebytes has been my go to for a good 5 years now, but it doesn't remove everything all the time.
    Safe mode first though. Chances are whatever is running may not be and that will allow MWB to remove it.

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian

    I use a combination of Malwarebytes + CCleaner + I will manually break the programs by identifying the folders/filenames, changing them to DELETE, and then rebooting. When the bug tries to run whatever agent to reinstall itself it can't find it because the file path has changed. Works almost every time.

    BobbyDigi
  • TushonTushon I'm scared, Coach Alexandria, VA Icrontian

    The advice and instructions I put up in this blog a long time ago are still 100% accurate.

    http://icrontic.com/discussion/94821/blog-virus-help

    That has never failed to root out problems in the 30-40 people I've sent them to for help in situations like yours. I would completely uninstall Chrome and any other browsers besides IE before getting started though.

  • BetsyDBetsyD Cincinnati, OH Icrontian

    Thanks for all the advice, I'll work on this this weekend and see where that gets me. I ran Malwarebytes in safe mode and it didn't find anything else, but I'll try the other things.

  • BetsyDBetsyD Cincinnati, OH Icrontian

    So, I followed all the steps and even uninstalled and reinstalled Chrome and it's still behaving badly. Also, one of the programs that I ran from the Virus Help thread broke the scrolly bit on my touchpad so I have to go hunt the drivers for that. I think I'm down to a reformat. Or maybe I should just replace the old thing. It is 5 years old.

  • RequitRequit That one guy Somewhere over there, I don't know Icrontian
    edited June 2015

    One of the fun things about Chrome is that if you install an extention and delete it, it's still saved to the Chrome account you were using. By logging into that Chrome account, it re-downloads everything you installed. So you may be removing all the malware getting installed, but the moment you open Chrome it downloads again. Try logging in with a different Chrome account, or removing the addons from your profile.

  • BetsyDBetsyD Cincinnati, OH Icrontian

    The extension isn't installed anymore by anything I can see (extension page or windows programs list) if you have somewhere else to look, I'll check that too.

  • RequitRequit That one guy Somewhere over there, I don't know Icrontian
    edited July 2015

    I usually do it through Group Policy, but you can edit the registry on your local machine, should be HKLM\Software\Policies\Google\Chrome\, and set the Extension installation blacklist policy to *, and then selectively whitelist the extensions you actually want.

    You can use https://www.nsa.gov/ia/_files/app/deploying_and_securing_google_chrome_in_a_windows_enterprise.pdf, specifically pages 7-8 + 12-18 for a more detailed description of how to do everything.

    BobbyDigi
Sign In or Register to comment.