Help - Computer Infected

[Carmudgeon]

I believe ublock origin lite is supported but not ublock origin

Google, which develops Chrome, and is behind the Chromium project that underlies it, Edge, and many other browsers, has chosen to neuter a part of the extension architecture, in the form of Manifest v3, that removes calls that ad blocking extensions need to function.

It is a move that has been long in gestation, in the name of "security" and "modernization," but what it also happens to do is hamper user efforts to block ads…which also happens to be Google's core business, and with Chrome having a hegemony of its own not seen since IE, it kind of, sort of, works out pretty well for them. Neat how that works, no?

Others, like Firefox, have chosen to adopt some of the changes in v3, but retain the v2 functionality that enables ad blockers to work better.

Vivaldi, Brave, and Edge will try to maintain some form of v2 functionality, but since they're based on Chromium, don't expect those promises to endure.

User ignorance, or apathy, in blindly accepting defaults is why it's hard to break customs, competitive products struggle to gain traction, and also why some bad tech laws are written. Even Apple benefits immensely from it, by making Google the default search engine on its products, for which Google handsomely compensates them to the tune of billions annually.

And since this has sidetracked into extensions, also think carefully about who is behind some of the "privacy" oriented extensions. Some of those developers, most infamously AdBlockPlus and its "approved" ads, got into bed with the ad industry for themselves. Ghostery is also part of that club.

 

[Marrk]

@George7941 If you have a backup, erase your hard drive and feel great about being "born again."

DISCLAIMER: I know less about computers than the guy who works at your local Chevron station because junior high school was, well, just a little tough.

 

[Hall]

Google keeps changing where to find this stuff.

They do and it's aggravating but I've learned to use their built-in search in the Settings. It works great.

I googled "Hawk Tuah" and clicked on one of the search results

Well, we know why your machine gets infected.... It's the sites you visit.

Last I heard Chorme no longer supports uBlock and advises to remove it?

I believe ublock origin lite is supported but not ublock origin

Chrome pops up that warning and disables uBlock Origin but all you have to do is re-enable it.

 

[Hall]

Why did restoring my computer to two days ago not eliminate the issue? Is it because the issue was not in my computer operating system but in Chrome?

IMO, the malware may have come in via your browser but it further infected your OS and system files. It lay dormant for who knows how long (longer than 2 days since the 2-day old back-up appears to still have been infected).

I used to "clean" people's PCs but it became a losing battle trying to keep up. Later I would only wipe them and reinstall Windows (or macOS) but only if a) they had an install disc or b) their machine had a restore partition. Nowadays, I no longer do these jobs.

 

[ripcord]

Those look like browser notification phishing attacks to me. It happens when you accidentally or mistakenly give a malicious website permission to show browser notifications. They want to trick you into installing software. Usually, you will do an anti-virus scan and it won't find anything because these have not actually installed anything on your machine unless you click the links and install something.

https://www.coloradosupport.com/malicious-browser-notifications/

 

[mk378]

Yes these are ads crafted to look like system messages. Clicking the "scan and clean" or whatever button takes you to a malicious site.

A common ruse to get the user to agree to pop-up notifications is a "click Agree to prove that you are not a robot" page.

 

[himemsys]

Google, which develops Chrome, and is behind the Chromium project that underlies it, Edge, and many other browsers, has chosen to neuter a part of the extension architecture, in the form of Manifest v3, that removes calls that ad blocking extensions need to function.

It is a move that has been long in gestation, in the name of "security" and "modernization," but what it also happens to do is hamper user efforts to block ads…which also happens to be Google's core business, and with Chrome having a hegemony of its own not seen since IE, it kind of, sort of, works out pretty well for them. Neat how that works, no?

Others, like Firefox, have chosen to adopt some of the changes in v3, but retain the v2 functionality that enables ad blockers to work better.

Vivaldi, Brave, and Edge will try to maintain some form of v2 functionality, but since they're based on Chromium, don't expect those promises to endure.

User ignorance, or apathy, in blindly accepting defaults is why it's hard to break customs, competitive products struggle to gain traction, and also why some bad tech laws are written. Even Apple benefits immensely from it, by making Google the default search engine on its products, for which Google handsomely compensates them to the tune of billions annually.

And since this has sidetracked into extensions, also think carefully about who is behind some of the "privacy" oriented extensions. Some of those developers, most infamously AdBlockPlus and its "approved" ads, got into bed with the ad industry for themselves. Ghostery is also part of that club.

@Carmudgeon is exactly right. There are some options for Chrome browser, though. Google says

Enterprises using the ExtensionManifestV2Availability policy will be exempt from any browser
changes until June 2025.

This means you can keep using uBlock Origin until June of 2025. To do this, you must modify the Windows Registry with the following DWORD value:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"ExtensionManifestV2Availability"=dword:00000002

If you do this and want to verify you did it right, type this in the Chrome address bar:

chrome://policy

and it should take you to Chrome's policy page. Look for ExtensionManifestV2Availability with a value of 2:

Not only will this buy you six months of uBlock Origin, it will buy you six months with ANY ManifestV2 extension.

If you're not comfortable with this, you can just keep using it til it stops working, then switch to uBlock Origin Lite. OR, switch to Firefox.

 

[97prizm]

Happened this morning. Visited a site and immediately afterwards got all these popups. So, I figure, easy, I will just restore my system So I did that, restored my system to two days ago, Dec 27, 1 pm, Windows Update. Did not help, I am still getting these popups. I have not clicked on any of these popups.
What do I do?
View attachment 256276

Download a copy of rescatux which is a rescue disk that can remove viruses etc. I've used a copy of ubuntu years ago to find the infected file and remove it.
How to forge virus removal

 

[Trav]

I use Firefox with AdGuard AdBlocker and AdBlocker Ultimate both running at the same tim. I have them tweaked pretty good so I get no youtube ads and none on Fox news live or almostt any other website. Both have the option to single out an ad on a page and block it from coming back.
I removed M$ Edge with a simple .BAT file in safe mode, that really speeds things up.

 

[uc50ic4more]

The author of uBlock Origin has made another extension that complies with Google's new rules, calling it uBlock Origin Lite.

 

[OVERKILL]

As a few others have noted, this isn't an infection; this isn't a virus or malware, it's a push notification scam that's easy to do on Chromium-based browsers that allows sites to send notifications, which are then used to con the user into thinking they have something and then click on the notifications to spend money on the "cure".

Here's an article on the subject, with instructions on how to make sure it's off globally. You'll also want to check to ensure that you remove any sites you've granted permission:
https://www.howtogeek.com/725208/how-to-turn-off-pop-up-notifications-in-google-chrome/

 

[George7941]

As a few others have noted, this isn't an infection; this isn't a virus or malware, it's a push notification scam that's easy to do on Chromium-based browsers that allows sites to send notifications, which are then used to con the user into thinking they have something and then click on the notifications to spend money on the "cure".

Here's an article on the subject, with instructions on how to make sure it's off globally. You'll also want to check to ensure that you remove any sites you've granted permission:
https://www.howtogeek.com/725208/how-to-turn-off-pop-up-notifications-in-google-chrome/

Thanks for the instructions. I will implement all the steps listed.
I knew enough not to click on the popups.