macp Posted August 5, 2013 Author Posted August 5, 2013 (edited) Hello again So the only extensions I have are Adblock Plus which I disabled and still got the popus. I also have google docs so I doubt it is that but I notice there is an extension called 'Select Links App' which under permissions it says it can access your data on all websites, read & modify your browsing history, access your tabs & browsing history. The prolems is it is not possible to disable it as the tickbox is greyed out. I am now suspecting this is the culprit but dont know how to disable it ? Edited August 5, 2013 by macp Quote
etavares Posted August 6, 2013 Posted August 6, 2013 Good work. We can work around that. 1. Launch Chrome 2. Menu button (3 horizontal lines) --> Tools --> Extensions 3. At the top, click the checkbox next to Developer Mode 4. An ID should appear under the extensions' description. It will just be random letters. Copy that whole line and paste in your reply. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
macp Posted August 6, 2013 Author Posted August 6, 2013 Good morning So the ID is as follows: dbnkookackmdofjmjkbfliamcjdkccda Quote
etavares Posted August 8, 2013 Posted August 8, 2013 Hello, macp. Perfect, now we need to extract a registry entry. Download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 If you have a 64-bit system, please download the 64 bit version from here: SystemLook (64-bit) Double-click SystemLook.exe to run it. A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff". Copy and Paste the content of the following codebox into the main textfield under "File": :reg HKLM\Software\Policies\Google\Chrome\ExtensionInstallForcelist Please Confirm everything is copied and Pasted as I have provided above Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt 2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
macp Posted August 8, 2013 Author Posted August 8, 2013 Good morning Unusually it worked very fast ? SystemLook 30.07.11 by jpshortstuff Log created at 09:47 on 08/08/2013 by p.macfarlane Administrator - Elevation successful No Context: HKLM\Software\Policies\Google\Chrome\ExtensionInstallForcelist -= EOF =- Quote
etavares Posted August 9, 2013 Posted August 9, 2013 Hi macp, Did you copy the :reg in the first line of the script? That error usually means that it wasn't fully copied. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
macp Posted August 13, 2013 Author Posted August 13, 2013 (edited) Good morning I copied everything and just tried it again and got the following results SystemLook 30.07.11 by jpshortstuff Log created at 08:51 on 13/08/2013 by p.macfarlane Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist] (No values found) -= EOF =- I note I am not getting the pricepeep popus now though :D However Google Chrome is still opening automatically on startup ?? Edited August 13, 2013 by macp Quote
etavares Posted August 13, 2013 Posted August 13, 2013 OK, please run OTL and press Quick Scan. Copy/Paste the resulting log here. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.