Infected Google Sync.

[Jiwoo]

Hi everybody, 

 

Recently, I've been visiting a forum for a video game called World of Tanks. But today, when I visited the website, I saw redirective advertisements and those ads that says "Someone wants to send you a message" ad on that forums. I knew it wasn't the forum because no video game developers or companies would put such advertisements on the website. It was strange so I had to ensure that it wasn't the website. To do that I got on my laptop that was only logged onto my other private account with sync off mainly because I barely use this laptop. Additionally, I asked my girlfriend to check the website and she didn't see any advertisements. But I wasn't sure if it was really my computer since I didn't install anything or downloaded anything at all. I may sound very overly-confident and arrogant but I do certainly know a bit about computers and encountered a lot of different malwares. I went on facebook and the redirective advertisement (otrwaram.com) would initiate whenever I click anywhere on the website. I tried to inspect element of how it got there but a right click would do the same. All the advertisements I mentioned began to pop up again. 

 

At this point, I knew something was injecting adware to my chrome. So, I just decided to check if it's just chrome to ensure it's just browser or some content settings or even cookies. However, when I used my microsoft edge to visit the same site, I had the same issue. I knew it was an adware. From my experiences, I just ran multiple adware removals and scans from different software companies. Malwarebytes, Bitdefender, ESET, all that you could think of. Only ESET Online Scanning Tool picked up two which took couple of hours and I thought that was it. I quarantined it and went back and realized the adware was still there.

 

I got so tired of it and decided to reinstall my windows. After I reinstalled my windows using a USB, I got onto microsoft edge as soon as possible and tested the forum (forum.worldoftanks.eu) and nothing popped up. Well, I thought it was over. I reinstalled chrome, and first thing I did was check with chrome if that ad was still there. Brand new fresh chrome, didn't have an issue. I logged into my account and turned on sync since I wanted my bookmark and once I was finished and wanted to check for the last time, it was back. 

 

Now I knew where it was coming from but I wasn't sure. I logged onto my laptop again that didn't have my infected chrome account synced and decided to try the website. No ads. I used my mobile phone to test it, and there was no signs of redirective ads or pop-up or new tabs. So I realized it was my main google account that was infected. It was 4am in the morning, I couldn't get this sorted. I was stupid and I decided to plug in my USB to my computer (that was infected) and and reinstalled a new windows without even deleting/formatting my drive and there were two windows installed on a single drive. I ran the test again (going to the forums right after install) and the ads popped up. Realizing that there were two windows installed, I decided to properly install windows by deleting pre-existing windows and putting on only a single copy of windows on my PC. While it was installing, I doubted that the malware/virus would go into my USB assuming that it runs whenever I ran any browsers. When I installed again (only a single copy on the SSD) and ran the test again, the ad was there. I assume the adware got onto my USB or something.

 

As I write this, I am just too tired to do anything and I reach out for help. 

 

I've thought of how it might not be an adware and my ISP having issues or something but I doubt it since my laptop was on the same wifi as my PC. I understand that this is very long and detailed, but detailed analysis deemed necessary to solve this issue. I would appreciate all the serious replies and helps. 

 

 

Sincerely,

[PorkishPig]

Welcome to the forums!

 

It sounds like you have either an malicious or compromised Chrome extension. There is no risk to your Windows install in this case. Try going to chrome://extentions and disabling every extension. Then, individually, reenable them until you determine which one is injecting the ad onto the site.

[BobVonBob]

Whew that's a wall of text. Anyway, try going to chrome://extensions and looking to see if anything there is suspicious.

 

If that doesn't work, there's the nuclear option, a full Google sync data purge, note that this will clear out literally everything, saved passwords, autofill info, settings, all of it. Export anything you want to save, like bookmarks, go to https://chrome.google.com/sync and reset sync data, then uninstall Chrome from every machine that's got the adware and delete the folders Chrome was in. Then reinstall Chrome and re-sync. All should be well. If it isn't, then it wasn't Chrome based adware.

[Jiwoo]

8 hours ago, PorkishPig said:

Welcome to the forums!

 

It sounds like you have either an malicious or compromised Chrome extension. There is no risk to your Windows install in this case. Try going to chrome://extentions and disabling every extension. Then, individually, reenable them until you determine which one is injecting the ad onto the site.

 

The only chrome extensions that I have currently are google docs, google sheets, and google slides. I highly doubt any of them having to do with the ads. Additionally, as mentioned above, it also affects my Microsoft edge. I've tried disabling everything and today I'm currently suffering the ads from AutoDesk Fusion 360's website.

8 hours ago, BobVonBob said:

Whew that's a wall of text. Anyway, try going to chrome://extensions and looking to see if anything there is suspicious.

 

If that doesn't work, there's the nuclear option, a full Google sync data purge, note that this will clear out literally everything, saved passwords, autofill info, settings, all of it. Export anything you want to save, like bookmarks, go to https://chrome.google.com/sync and reset sync data, then uninstall Chrome from every machine that's got the adware and delete the folders Chrome was in. Then reinstall Chrome and re-sync. All should be well. If it isn't, then it wasn't Chrome based adware.

I tried that. As I mentioned before, I went to sync and reset but once I sync it's all over my computer. I apologize for the wall of text but it deemed necessary to mention what I've tried in details and what happens if I do what and such.

[BobVonBob]

6 hours ago, Jiwoo said:

I tried that. As I mentioned before, I went to sync and reset but once I sync it's all over my computer. I apologize for the wall of text but it deemed necessary to mention what I've tried in details and what happens if I do what and such.

Not just turning sync off and on again, but totally deleting all sync data. You will have no data to sync, so there can't be adware in it. I didn't see it in your first post, but if you already did that it's not sync that's causing it. You can try just using a chrome alternative, like vivaldi, chromium, or cent, and if that fails there's always alternative browsers like Firefox or Opera.