Inactive My Chrome is infected with scripts loading on each page

[JerryBels]

Hi guys,

My Chrome browser started adding these scripts at the end of every page I visit...

<script type="text/javascript" src="https://networkanalytics.xyz/addons/lnkr5.min.js"></script>
<script type="text/javascript" src="https://networkanalytics.xyz/addons/lnkr30_nt.min.js"></script>
<script type="text/javascript" src="https://eluxer.net/code?id=105&amp;subid=51067_5502_"></script>
<script type="text/javascript" src="https://worldnaturenet.xyz/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51067x5502x&amp;r=41"></script>

I tried a scan with BitDefender but nothing was found, I tried using MalwareBytes and it found it.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/30/17
Scan Time: 2:52 PM
Log File: 6306c710-d5cd-11e7-8d3d-1c1b0dc6b8bb.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3380
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: my-user

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332700
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 1 min, 27 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.Conduit, C:\USERS\MYUSER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3380
PUP.Optional.Conduit, C:\USERS\MYUSER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3380

Physical Sector: 0
(No malicious items detected)


(end)

So I was happy, no more scripts... But they eventually came back. Scanned again, deleted again, and I also manually removed the file C:\Users\myuser\AppData\Local\Google\Chrome\User Data\Default\Web Data.

Well, I thought it was gone for good, and then today I realized it was back. Malwarebytes now doesn't find anything. And I can't find something relevant online - but it may be because I don't know what to search for.

It's only Chrome. Firefox is clean.

Thanks ahead for any help !

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================

Please observe forum rules. All logs have to be pasted not attached.

Also...

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help and MBAM detects same items...

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

• Close all Chrome windows and tabs.
• Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
• Click Programs and Features.
• Double-click Google Chrome.
• Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

 

[JerryBels]

Hello and thanks for the head up !

I will add something about the issue. When coming home, I realized my personal computer was infected as well. Working as a dev, I immediately located the scripts in the page using the console to debug my work.

Currently on my work computer the script disappeared, but I still followed your instructions and reset the browser settings. I will do the same at home, and report how it goes.

 

[Broni]

Very well