Blockit Ad Remover

boyboyds

New Member
Messages
20
Hi,

My wife infected her W8.1 machine with Blockit Ad Remover when she opened an infected yahoo.mail. It is a Chrome extension and can be easily removed. But it comes back daily when she uses her yahoo.mail and open her legitimate emails.

There is no program to uninstall and no program was added recently.
I went to Chrome privacy settings and cleared all the pop-up and plugin options.

Scanned with:
-malwarebites
-superantispyware
-spybot
-emsisoft
-eset
-adwcleaner
-roguekiller
-ccleaner
-tdsskiller

It is still coming back and according to my wife is related to her opening her regular emails.
I checked her inbox and they all look OK.

Any suggestions....?

Thanks,
-BBDS
 
Last edited:

My Computer

System One

  • OS
    XP

My Computer

System One

  • OS
    Windows 8.1 Update Pro in Hyper-V/Windows 10 Pro 64 bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Cliff's Black & Blue Wonder
    CPU
    Intel Core i9-9900K
    Motherboard
    ASUS ROG Maximus X Hero
    Memory
    32 GB Quad Kit, G.Skill Trident Z RGB Series schwarz, DDR4-3866, 18-19-19-39-2T
    Graphics Card(s)
    ASUS GeForce RTX 3090 ROG Strix O24G, 24576 MB GDDR6X
    Sound Card
    (1) HD Webcam C270 (2) NVIDIA High Definition Audio (3) Realtek High Definition Audio
    Monitor(s) Displays
    BenQ BL2711U(4K) and a hp 27vx(1080p)
    Screen Resolution
    1920 x 1080 x 32 bits (4294967296 colors) @ 60 Hz
    Hard Drives
    C: Samsung 960 EVO NVMe M.2 SSD
    E: & O: Libraries & OneDrive-> Samsung 850 EVO 1TB
    D: Hyper-V VM's -> Samsung PM951 Client M.2 512Gb SSD
    G: System Images -> HDD Seagate Barracuda 2TB
    PSU
    Corsair HX1000i High Performance ATX Power Supply 80+ Platinum
    Case
    hanteks Enthoo Pro TG
    Cooling
    Thermaltake Floe Riing RGB TT Premium-Edition 360mm and 3 Corsair blue LED fans
    Keyboard
    Trust GTX THURA
    Mouse
    Trust GTX 148
    Internet Speed
    25+/5+ (+usually faster)
    Browser
    Edge; Chrome; IE11
    Antivirus
    Windows Defender of course & Malwarebytes Anti-Exploit as a
    Other Info
    Router: FRITZ!Box 7590 AX V2
    Sound system: SHARP HT-SBW460 Dolby Atmos Soundbar
    Webcam: Logitech BRIO ULTRA HD PRO WEBCAM 4K webcam with HDR
I read the article, did not see anything new there.

But I read another one - How to protect Chrome Extensions and saw some useful info.

I enabled Extension Developer mode in Chrome and it gave me the Path and ID.
The Path was invalid but I was able to find the ID on my "C" Drive and deleted it.
Because W8 search is not very good I installed "Search Everything" desktop tool to search for that Extension ID.


So far it looks like the bad Extension is gone from Chrome.


I will know for sure in a day or two.


Thanks,
-BBDS
 

My Computer

System One

  • OS
    XP
Good to hear. let's hope that PUP is gone:)
 

My Computer

System One

  • OS
    Windows 8.1 Update Pro in Hyper-V/Windows 10 Pro 64 bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Cliff's Black & Blue Wonder
    CPU
    Intel Core i9-9900K
    Motherboard
    ASUS ROG Maximus X Hero
    Memory
    32 GB Quad Kit, G.Skill Trident Z RGB Series schwarz, DDR4-3866, 18-19-19-39-2T
    Graphics Card(s)
    ASUS GeForce RTX 3090 ROG Strix O24G, 24576 MB GDDR6X
    Sound Card
    (1) HD Webcam C270 (2) NVIDIA High Definition Audio (3) Realtek High Definition Audio
    Monitor(s) Displays
    BenQ BL2711U(4K) and a hp 27vx(1080p)
    Screen Resolution
    1920 x 1080 x 32 bits (4294967296 colors) @ 60 Hz
    Hard Drives
    C: Samsung 960 EVO NVMe M.2 SSD
    E: & O: Libraries & OneDrive-> Samsung 850 EVO 1TB
    D: Hyper-V VM's -> Samsung PM951 Client M.2 512Gb SSD
    G: System Images -> HDD Seagate Barracuda 2TB
    PSU
    Corsair HX1000i High Performance ATX Power Supply 80+ Platinum
    Case
    hanteks Enthoo Pro TG
    Cooling
    Thermaltake Floe Riing RGB TT Premium-Edition 360mm and 3 Corsair blue LED fans
    Keyboard
    Trust GTX THURA
    Mouse
    Trust GTX 148
    Internet Speed
    25+/5+ (+usually faster)
    Browser
    Edge; Chrome; IE11
    Antivirus
    Windows Defender of course & Malwarebytes Anti-Exploit as a
    Other Info
    Router: FRITZ!Box 7590 AX V2
    Sound system: SHARP HT-SBW460 Dolby Atmos Soundbar
    Webcam: Logitech BRIO ULTRA HD PRO WEBCAM 4K webcam with HDR
I read the article, did not see anything new there.

But I read another one - How to protect Chrome Extensions and saw some useful info.

I enabled Extension Developer mode in Chrome and it gave me the Path and ID.
The Path was invalid but I was able to find the ID on my "C" Drive and deleted it.
Because W8 search is not very good I installed "Search Everything" desktop tool to search for that Extension ID.


So far it looks like the bad Extension is gone from Chrome.


I will know for sure in a day or two.


Thanks,
-BBDS

That's a good thing that everything's clear now.

You might want to consider installing a security software with real-time protection instead of taking action after getting infected. You can try some of the best like Malwarebytes Anti-Malware Pro, Trend Micro Internet Security or ESET Pro.
 

My Computer

System One

  • OS
    Windows 7
@cipals15 - I use Windows Defender that came pre-installed on my W8.1 machine. I do not want to pay for security, but I scan regularly with free tools I mentioned above. The only tool I ever paid for was Sandboxie and I use it on all my PCs.

-BBDS
 

My Computer

System One

  • OS
    XP
Sure, AVAST, AVG and other free ones are OK, but I think Microsoft Windows Defender or MSE that came pre-installed on my W8.1 machine is sufficient enough. I put my trust not in any single anti-virus program but in multiple stand alone scanning tools. The free tools I use I listed above.

-BH
 

My Computer

System One

  • OS
    XP
The extension came back, installed silently in Chrome. All stand alone tools have failed to find the intruder.

I went to 2 folders -
c:users/...name.../app data/local/google/chrome/user data/default/extensions
c:users/...name.../app data/local/google/chrome/user data/default/local storage

....and not just deleted the extension id from these folders, but also changed security for these 2 folders - write deny.

Hopefully this will prevent any further unwanted extension installation, we will see.

But I have another question - is there any free tool to monitor/expose the process/program that try to access these folders.

I was trying to use Windows Event Viewer but it did not help, maybe I do not know how to use it for my purpose.

Thanks,
-BBDS
 

My Computer

System One

  • OS
    XP
The extension came back, installed silently in Chrome. All stand alone tools have failed to find the intruder.I went to 2 folders - c:users/...name.../app data/local/google/chrome/user data/default/extensionsc:users/...name.../app data/local/google/chrome/user data/default/local storage....and not just deleted the extension id from these folders, but also changed security for these 2 folders - write deny.Hopefully this will prevent any further unwanted extension installation, we will see.But I have another question - is there any free tool to monitor/expose the process/program that try to access these folders. I was trying to use Windows Event Viewer but it did not help, maybe I do not know how to use it for my purpose.Thanks,-BBDS
Blocking write access on those folders will likely make Chrome just create a new profile.You used some of the best tools out there. Perhaps the problem is that your wife continues to download and install infected software.You could try this:Ensure a Windows PC Never Gets Malware By Whitelisting Applications
 

My Computer

System One

  • OS
    Kernel 4.x
    Computer type
    PC/Desktop
    CPU
    i5 3570K
    Motherboard
    P8Z77-V LK
    Memory
    G.skill Ripjaw Z 2133MHz 9-11-10-28
    Graphics Card(s)
    GTX770 4GB Dual BIOS
    Sound Card
    Audigy 4 Pro
    Monitor(s) Displays
    32" SAMSUNG HDTV
    Screen Resolution
    1920x1080 progressive
    Hard Drives
    10TB total
    3 RAID arrays
    3 single disks
    PSU
    Corsair HX750
    Case
    Corsair R400
    Cooling
    Corsair H100
    Keyboard
    Logitech G510
    Mouse
    Logitech G5
    Internet Speed
    ~900mbps (~115MB/s) down, ~10mbps(~1.5MB/s) up
    Browser
    Firefox & Chromium
    Antivirus
    Common Sense
Yes, my previous attempts have failed but I got some advice on SevenForums and am trying to see if my latest effort will pay off.

The bottom line is that my Chrome was set to a Developer Build version and it allowed it to add the bad extension.
I re-installed Chrome and now it has a correct version, but the question remains - where is the virus that re-set my Chrome version originally.

This is my discussion about the issue on SevenForums

Blockit Ad Remover - Page 2 - Windows 7 Help Forums

Thank you,
-BBDS
 

My Computer

System One

  • OS
    XP
So far my PC is running without any issues. I ran a few stand alone scanners and they did not find the virus that caused the issue, maybe it did not even get installed on my PC.

Problem: Chrome browser got set to Development Version and it allowed the bad extension to be added to it.
Solution: Reinstall Chrome, make sure the new Chrome version does not have any "dev" as part of its name.

Thank you all for your help,
-BBDS
 

My Computer

System One

  • OS
    XP
Back
Top