[Solved]Unknown extension keeps being downloaded onto Opera.
-
IhsanRocks last edited by leocg
So there is this extension, its called wOptRank, No matter what I do, remove it, disable it, etc, it always keeps coming back. I'm afraid its gathering my passwords, and even if it isnt it keeps shutting down opera after a few minutes after shut down to reinstall it. Heres what I got so far.
-
The "extension" is being extracted from a file in my computer. Tried deleting it, didnt work, tried disabling access to it and it appeared in a new location.
-
I was able to find the folder and its contents. It was hidden in Program Files before so clearly they dont want me to find it, and the name of the folder is the same as the one given in the previous screenshot, but just in program files. It contains a JJSON file containing information which I assume is for extensions and a Java file which I cant open, as well as a blank image with a "File" type of item as well, which I also cant open. Contents shown below.
The only actual relief I have is that it is supposed to work for chrome I believe judging from the last line of the sentence, which might explain why the extension is not hidden and easily accessible. The strangest part is I have Mcaffee Premium Protection for 3 years and it hasnt taken a singular whiff of this file or program. I keep disabling it now everytime it comes up but it gets annoying fast, and I also started getting a lot of spam mail recently, I dont know if its related to this tho.
-
-
blackbird71 last edited by
Normal browser extensions don't install into the Program Files folder... that location is reserved by Windows for programs that are fully installed into Windows using a Windows installer module. In that case, the "extension" may have created some hooks (to auto-persist itself) when it was originally installed in whatever way it was.
Have you tried looking for it in Windows' Apps & Features list of installed programs? If there's a listing there, click on it in the list and select "Uninstall".
-
IhsanRocks last edited by
@blackbird71 I have checked my apps, and my control panel no app out of the ordinary.
-
IhsanRocks last edited by
@leocg Yea I just got this laptop a few weeks ago so I installed Fusion, Opera, Chrome, and a lot of other apps.
-
IhsanRocks last edited by leocg
Someone Please help things just got a lot more serious. My youtube account just got banned because "my content was not according to youtubes standards" But I havent uploaded a single video in over 2 months. If anyone can help me please do.
-
leocg Moderator Volunteer last edited by
@ihsanrocks Probably it came with one of those softwares. Did you download them from their official sites?
What happens if you delete your Temp directory?
Did you scan your system for malwares? The laptop came with something installed?
-
IhsanRocks last edited by
@leocg I downloaded them from their official websites, there was one software which I downloaded from an external source but I deleted it long ago, Im going to try deleting temp files right now and the system came with Mcaffee Antivirus, no issues detected from that and windows defender.
-
leocg Moderator Volunteer last edited by
@ihsanrocks Then there is a program doing it.
Check the startup tab in Windows task manager. Anything suspicious? -
IhsanRocks last edited by
@leocg After deleting temps, nothing happened, I restricted access to that specific folder to everyone after I deleted the contents and now its in the Public Users folder. It just keeps popping up somewhere new each time I block access to a folder.
-
blackbird71 last edited by
@ihsanrocks It sounds like you have a system-level malware infection that is self-replicating... in such cases, simply trying to delete the current manifestation of it is like the whack-a-mole game - each time you hit it, it pops up somewhere else. You might try going to a reputable malware-removal "helps" site (like Malwarebytes Windows forum, etc) to get some detailed removal assistance. You're probably going to have to install some specialized removal tools under expert guidance to beat down whatever hooks have been placed into your system that keep re-activating the malware.
-
IhsanRocks last edited by
@blackbird71 Ok Ill go to their forums now and ask the same question. Thank you.
-
A Former User last edited by leocg
If I were in your situation and the laptop was new I would revert it back to how it was when you got it . Did you make any backups over the period that you could go back too ?
I personally only instal programs that are essential to my use of the computer. I also only instal full installers after running them through Virustotal first.
I don't know how many programs you have installed but the more you have the more likely possibility of malware, which is why you should have done a backup before you added Any programs etc.
You may want to consider a standalone installation of Opera at some point. Use add/remove to remove opera and then delete your Opera profile directory in its entirety. Then do a search on your system for Opera and hopefully you won't find it showing. Then reinstal Opera from an offline installer and select the stand alone option. Then change path to C/program Files/Test leaving out the word Opera. All operas files including your new profile will then end up in that or its sub directorys. Then place a shortcut to the .exe file on desktop. Should anything strange then happen with Opera you can delete the above folder. I don't know what other programs you installed but are they well known and did you run the installers through Virustotal ? IMO as you havn't had the laptop very long I would go back to the beginning and start reinstalling programs one by one always remembering to backup,backup etc. Also nearly forgot to add you may need to check any USB sticks you have used for infection. This is only my point of view but go to the malware forums like "bleeping computer" etc and get instructions from them. -
IhsanRocks last edited by
@sgunhouse Thank you all for your help, and I was able to get some help in the Malweabytes forums from other people who are experts in this stuff. If anyone experiences this same problem, here is the link to the other forum which gave the solution.
So far the extension hasn't redownloaded itself, and for anyone who does experience this problem, don't just disable it, or just remove it every time it can still get your saved google passwords. Anyone experiencing such a problem with an extension, weather it be wOptRank or anything else, please follow the steps given by the guy in the above forums. Only follow his first step as the second post he uploaded was after he saw my reports and was designed for my computer, so doing so could destroy your PC.
-
blackbird71 last edited by
@ihsanrocks Thank you for following up here after getting your solution. It may help others in the future find a pathway out if they should run into something similar.
-
IhsanRocks last edited by
@blackbird71 Yea no problem, because a few weeks ago I also tried searching for stuff like this and nothing appeared. But there is one thing which I must mention, the step which all people can do only removes the malware program, but there will still be a few files from the extension that remains in your computer. To fix that, I recommend anyone facing this issue to also ask in the Malwarebytes forums, and they will be able to help you with the small details that helps remove this virus completely. But the first thing I recommend is enable 2FA in your email. The extension was taking all my passwords and emails and stuff, and even added filter to block all emails from google and such. So to help things to not go that far, enable 2FA, as they cant get your brain or your mobile, check your trash mail regularly, as they will delete a lot of stuff, and finally, dont be hasty in anything. Be careful, and dont try to be an expert if your not.