Hello. I was having some problems downloading non passworded zipped file with chrome. Windows Defender was always telling me that there was a virus detection. (Trojan:Win32/Spursint.A)
I installed Spybot Because of that, but the program could not found the culprit. After Using Farbar Recovery Tool and Adwcleaner i was able to find that there were 2 Chrome Extensions that were injecting code to those ziped files.

The thing that worries me, is that both of these were from a reliable source (the chrome store). Talk about malware/virus in the store. It's like they are not testing these for viruses or malware. Better be careful next time. :-/

The extensions were:

ljkalbbbffedallekgkdheknngopfhif extension - DuckDuckGo Extension.

and

fbcohnmimjicjdomonkcbcpbpnhggkip extension - MyJDownloader

Adwcleaner helped me get rid of those traces left from the extensions. Just so you guys know.

Hello doc_haz, :welcome:


After Using Farbar Recovery Tool and Adwcleaner i was able to find that there were 2 Chrome Extensions that were injecting code to those ziped files.

The thing that worries me, is that both of these were from a reliable source (the chrome store). Talk about malware/virus in the store. It's like they are not testing these for viruses or malware. Better be careful next time. :-/

The extensions were:

ljkalbbbffedallekgkdheknngopfhif extension - DuckDuckGo Extension.

and

fbcohnmimjicjdomonkcbcpbpnhggkip extension - MyJDownloader



I'm curious, :) how you knew from using Farbar that code was being injected by those two files? Is it possible they were infected by other malware?

By any chance did you upload the files to: https://www.virustotal.com/ and/or http://virusscan.jotti.org/en

The reason I ask is because I hadn't heard of such an issue with the extension from DuckDuckGo.com and use it myself. :fear:

Best regards.

Hi Tashi. The Adwcleaner tool is the one that told me of the Wronged extensions. To be exact. Im not sure wich one of the 2 were injecting the code. In fact, im just assuming that. But. Since MyJDownloader kinda monitors every download, or link i copy. Probably there's something there that makes Windows Denfender to detect my downloaded files as Trojans. I'm not sure. But taking that you dont have a problem using the DuckDuckGo extension, it must be MyJDownloader. What im pretty sure. is after deleting all traces from those 2 extensions. My problem was solved. Got back to use chrome again. And yeah. Uploaded the files to virustotal. And some of them were reporting positive, some not. Weird. :-/

Maybe it was a false positive. I don't know. First time i ever have a problem like this. I could not reproduce the problem in another browser. So i was pretty sure it was something Chrome related. After deleting the extensions and it's traces with adwcleaner. The problem was solved. I searched trough many forums, trying to find someone with a situation similar to mine. To no avail. Anyways. Thx. For reading.

Hello doc_haz, :greeting:

If the issue occurs again please start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) so someone can take a look at the system.

To do that see the forum FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then a volunteer analyst will advise and try to find the culprit. :kboard:

Best regards.