Digital Spy

Search Digital Spy
 

DS Forums

 
 

Winflashplayer.com - Chrome Problems - Should I Be Worried?


Reply
Thread Tools Search this Thread
Old 08-11-2013, 21:03
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657

Two of the windows pcs on my home network (one XP, one W7) are exhibiting similar symptoms in Google Chrome.

A few times a day a new tab is opened in Chrome on the following site-

www.winflashplayer.com

and the page on the site states-

WARNING! Please update plug-in to continue

Followed by an "OK" button.

The other tabs I have open in Chrome are frozen.

If I click the "ok" button on the www.winflashplayer.com page I see the following page in www.winflashplayer.com -

http://www.winflashplayer.com/flashl...&ti1=118470781


Can anyone please offer an explanation as to why Chrome is behaving in this way and whether I should be worried?

I notice, as an aside, that when I run chrome on the two pcs in question I see TWO tabs open when I used to only see one. Here are the addresses of the two tabs which open in Chrome on the XP PC when I run it-

https://www.google.co.uk/?gws_rd=cr&...IKil0QXS_oHwDg

https://www.google.co.uk/?gws_rd=cr&...Eora0QXnwYDgBQ

The two addresses that I see when I run Chrome on the W7 pc are slightly different to the above two.

Thanks.
peterfoster is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 08-11-2013, 21:13
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
I should say that the only way to get rid of the

"WARNING! Please update plug-in to continue"

screen, other than to go into Task Manager, is to press the

"OK" button.
peterfoster is offline   Reply With Quote
Old 08-11-2013, 22:13
Andrew_Ballard
Forum Member
 
Join Date: May 2012
Posts: 473
http://www.malwarebytes.org/mwb-download/

download, install, run and tell us what you get. You've certainly got some kind of 'virus' hijacker.
Andrew_Ballard is offline   Reply With Quote
Old 08-11-2013, 23:44
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
Thanks for the suggestion, Andrew. I've run a full Malwarebytes scan but, sadly, "No malicious items were detected."
peterfoster is offline   Reply With Quote
Old 08-11-2013, 23:47
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
To update, on the XP pc I'm now experiencing the problem in Internet Explorer in addition to Chrome.
peterfoster is offline   Reply With Quote
Old 09-11-2013, 00:14
Andrew_Ballard
Forum Member
 
Join Date: May 2012
Posts: 473
I too am on XP, i marched Chrome over to that site and it gave me this

http://s21.postimg.org/sljnrgx2v/dodgy.jpg

did you install anything from there, such as the 'flash player update' it offers? If so your PC could be rather compromised, do no banking or anything on it as there are probably keyloggers installed, enter no passwords, etc.
Andrew_Ballard is offline   Reply With Quote
Old 09-11-2013, 08:35
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
Thanks for that.

I've gone to a system restore date of September 06 on the XP pc, which is well before the start of the current problem, but I note that this hasn't resolved matters and that the problem persists.
peterfoster is offline   Reply With Quote
Old 09-11-2013, 23:32
Andrew_Ballard
Forum Member
 
Join Date: May 2012
Posts: 473
when I run MBAM on the program it gets you to install i see

PUP.Optional.InstallMonetizer

looks like it's a downloader, which starts downloading various programs, hijacking your browser so they get advertising revenue from fake clicks, etc, try this link for help perhaps ?

http://malwaretips.com/blogs/pup-opt...zer-a-removal/

good luck...
Andrew_Ballard is offline   Reply With Quote
Old 09-11-2013, 23:52
LION8TIGER
Forum Member
 
Join Date: May 2005
Posts: 7,277
If I click on the first or second links in post #1,I get this.
LION8TIGER is offline   Reply With Quote
Old 10-11-2013, 10:47
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
All three of the pcs on my network are now suffering from this affliction. That's an XP machine and two W7 machines, one 32-bit and one 64-bit.

It's clear, then, that www.winflashplayer.com is an undesirable location.

So I suppose my question is this. Is it damaging the security of my pcs, per se, to be prompted to visit the site. If it is damaging, what is the best way to solve the problem. Avast, MSE, Malwarebytes and Superantispyware scans do not flag up the problem. System restore does not solve it.

Thanks.
peterfoster is offline   Reply With Quote
Old 10-11-2013, 10:53
omnidirectional
Forum Member
 
Join Date: Jul 2007
Posts: 7,725
It's happening on my Chromebook on certain sites, so I think it's likely to be a dodgy ad server rather than a virus/malware on your computer.
omnidirectional is offline   Reply With Quote
Old 10-11-2013, 12:27
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
I too am on XP, i marched Chrome over to that site and it gave me this

http://s21.postimg.org/sljnrgx2v/dodgy.jpg

did you install anything from there, such as the 'flash player update' it offers? If so your PC could be rather compromised, do no banking or anything on it as there are probably keyloggers installed, enter no passwords, etc.
Thanks. I'm pleased to say that I didn't install anything from the website. I'm currently working through the suggestions you kindly provided in your most recent post.
peterfoster is offline   Reply With Quote
Old 10-11-2013, 12:37
max99
Forum Member
 
Join Date: Jun 2005
Posts: 8,631
For any kind of browser hijack, you should always run a scan with AdwCleaner:

http://www.bleepingcomputer.com/download/adwcleaner/

Make sure you click the big blue 'Download Now @ BleepingComputer' button and ignore all the sponsored adverts.
max99 is offline   Reply With Quote
Old 10-11-2013, 12:48
Tal'shiar
Forum Member
 
Join Date: Mar 2012
Posts: 1,462
I would also add, check the addons for the browser and see if something has appeared (something you didnt install).
Tal'shiar is offline   Reply With Quote
Old 10-11-2013, 13:27
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
when I run MBAM on the program it gets you to install i see

PUP.Optional.InstallMonetizer

looks like it's a downloader, which starts downloading various programs, hijacking your browser so they get advertising revenue from fake clicks, etc, try this link for help perhaps ?

http://malwaretips.com/blogs/pup-opt...zer-a-removal/

good luck...
Thanks for this. I've run the AdwCleaner which has picked up and removed 14 files and folders, 4 registry items and 2 browser items. The Junkware removal tool removed one folder.The Malwarebytes scan was clear as was the HitmanPro scan.
peterfoster is offline   Reply With Quote
Old 10-11-2013, 13:50
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
I would also add, check the addons for the browser and see if something has appeared (something you didnt install).
Thanks. The only extensions I have are Adblock on Chrome and Kotato, Adobe, Google, Microsoft and Java on IE.
peterfoster is offline   Reply With Quote
Old 10-11-2013, 13:52
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
For any kind of browser hijack, you should always run a scan with AdwCleaner:

http://www.bleepingcomputer.com/download/adwcleaner/

Make sure you click the big blue 'Download Now @ BleepingComputer' button and ignore all the sponsored adverts.
Thanks. I'll make sure I include a AdwCleaner in my future maintenance routines. I flagged the problem on the BeepingComputer site yesterday and posted some files there for analysis.
peterfoster is offline   Reply With Quote
Old 11-11-2013, 11:51
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
Sadly, the above exercises have not cured the problem on any of the three machines.
peterfoster is offline   Reply With Quote
Old 11-11-2013, 12:50
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
I see an exclamation mark in a yellow triangle accompanying the message-

Message from Webpage.

WARNING! Please update plug-in to continue.
peterfoster is offline   Reply With Quote
Old 12-11-2013, 21:33
Asmo
Forum Member
 
Join Date: Jul 2005
Posts: 4,054
Posted in General Talk, might be helpful:

http://www.spyrider.com/remove-win-f...ayer-com-virus

Disclaimer: I found the following by googling the 'winflashplayer' link n the OP - I have no idea whether mitechmate are trustworthy or reliable but they are quoted and linked to widely on this issue, so you might want to investigate:

http://blog.mitechmate.com/remove-ww...nload-removal/

FWIW it might be advisable for mods to alter the links to the dodgy sites so they don't allow clicks to open them - they are hosts for malware.
Asmo is offline   Reply With Quote
Old 13-11-2013, 07:56
rwtomkins
Forum Member
 
Join Date: Jun 2006
Posts: 72
Hello, I had this too and found a solution. The reason it isn't picked up by malware cleaners is that, as far as I know, there isn't any malware as such. What's happened is that someone has deviously penetrated your bowser and changed the settings so that these tabs and pages launch automatically.

Click on the icon at the top right-hand corner of Chrome, with the three bars. Click on Settings. Look for the item "On Start-up". At the bottom right, you will see some tiny words in blue: "set pages." Click on the blue words. You will get a new window showing all the pages that are set to open and hopefully you will find your rogue pages in there. Just highlight them and delete them by clicking on the X in the top right corner. You can then re-start if it makes you feel better!

Hope this helps - I'm certainly no expert.
rwtomkins is offline   Reply With Quote
Old 13-11-2013, 11:37
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
Hello, I had this too and found a solution. The reason it isn't picked up by malware cleaners is that, as far as I know, there isn't any malware as such. What's happened is that someone has deviously penetrated your bowser and changed the settings so that these tabs and pages launch automatically.

Click on the icon at the top right-hand corner of Chrome, with the three bars. Click on Settings. Look for the item "On Start-up". At the bottom right, you will see some tiny words in blue: "set pages." Click on the blue words. You will get a new window showing all the pages that are set to open and hopefully you will find your rogue pages in there. Just highlight them and delete them by clicking on the X in the top right corner. You can then re-start if it makes you feel better!

Hope this helps - I'm certainly no expert.
Thanks for your suggestion, rwtomkins. I've removed the one URL which I found when I clicked "set pages" which was Google. As the problem only arises from time to time I'll need to wait to see if it is a permanent fix. Is there a similar adjustment I can make in Internet Explorer as I receive the rogue invitation to update plug-ins in that browser too?
peterfoster is offline   Reply With Quote
Old 13-11-2013, 18:11
rwtomkins
Forum Member
 
Join Date: Jun 2006
Posts: 72
Thanks for your suggestion, rwtomkins. I've removed the one URL which I found when I clicked "set pages" which was Google. As the problem only arises from time to time I'll need to wait to see if it is a permanent fix. Is there a similar adjustment I can make in Internet Explorer as I receive the rogue invitation to update plug-ins in that browser too?

Hmm, that doesn't sound too promising - I hoped you'd find an unfamiliar page or two there. I think if I were in your place and it was still happening, I'd delete all the browsing history (temp files, cache, the lot), uninstall Chrome and then go into my hidden app data folder and find the Chrome folder and make sure that's deleted, and then reinstall Chrome. (Same for Explorer.) But now I'm just guessing - I only really had that one suggestion which seems to have worked for me so I think I'd better leave it to more knowledgeable people.
rwtomkins is offline   Reply With Quote
Old 13-11-2013, 20:23
peterfoster
Forum Member
 
Join Date: Dec 2003
Posts: 657
Posted in General Talk, might be helpful:

http://www.spyrider.com/remove-win-f...ayer-com-virus

Disclaimer: I found the following by googling the 'winflashplayer' link n the OP - I have no idea whether mitechmate are trustworthy or reliable but they are quoted and linked to widely on this issue, so you might want to investigate:

http://blog.mitechmate.com/remove-ww...nload-removal/

FWIW it might be advisable for mods to alter the links to the dodgy sites so they don't allow clicks to open them - they are hosts for malware.
Many thanks for bringing those links to my attention. I now know a lot more about the problem. At the moment I've got my fingers crossed that my pcs are clear following scans and deletions I have run at the suggestion of a member of the Bleeping Computer forum team using a tool called Roguekiller....
peterfoster is offline   Reply With Quote
Old 13-11-2013, 20:57
omnidirectional
Forum Member
 
Join Date: Jul 2007
Posts: 7,725
Does anyone know how/why this problem is also occuring on a Chromebook? They're unable to run any traditional applications which I think rules out malware or a virus. I've noticed it doesn't happen when using AdBlock which suggests it's a rogue advert causing the problem.
omnidirectional is offline   Reply With Quote
 
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search

 
Forum Jump


All times are GMT +1. The time now is 05:17.