Gstatic.com to remove
Solved
pcam9375
Posted messages
81
Registration date
Status
Membre
Last intervention
-
MisteryBean Posted messages 8946 Registration date Status Modérateur Last intervention -
MisteryBean Posted messages 8946 Registration date Status Modérateur Last intervention -
Hello,
I have the Gstatic.com adware that is causing me problems; I can't access the wifi at my coworking space, for example... it redirects to gstatic or msn...?
How can I get rid of it?
Thank you in advance.
Configuration: Windows / Chrome 92.0.4515.159
I have the Gstatic.com adware that is causing me problems; I can't access the wifi at my coworking space, for example... it redirects to gstatic or msn...?
How can I get rid of it?
Thank you in advance.
Configuration: Windows / Chrome 92.0.4515.159
28 réponses
- 1
- 2
Suivant
Hello,
We will start with a PC diagnosis:
All reports must be hosted on https://security-x.fr/up/ and you should provide the links obtained in your reply
---------------------------------------------------------------------------------------------
--> The SmartScreen filter may trigger an alert. Click on Actions or More info and then click on Run anyway
---------------------------------------------------------------------------------------------
--> Download the FRST version of Farbar, compatible with your system and save the file on your Desktop
--> For a 32-bit system
--> For a 64-bit system
How to know which version 32-bit or 64-bit is running on my system?
--> Wait for your browser to offer you the download to save, without clicking anywhere, especially not on the sponsors of the page.
--> Close all applications, including your browser
--> Double-click on FRST.exe and click Yes to accept the Disclaimer
--> On Vista, Windows 7 / 8 and 10, you must launch the file by right-clicking -> Run as administrator
--> Wait for it to indicate The tool is ready to use
--> On the main menu, click on Scan and wait for the analysis to finish
--> At the end of the scan, the reports FRST.txt and Addition.txt are created. Post these reports in your next reply.
--> The reports are saved in the same location as the tool and under C:\FRST\Logs
--
Security contributor.
We will start with a PC diagnosis:
Read the entire procedure before posting the reports
The expected reports are FRST.txt and Addition.txtAll reports must be hosted on https://security-x.fr/up/ and you should provide the links obtained in your reply
---------------------------------------------------------------------------------------------
--> The SmartScreen filter may trigger an alert. Click on Actions or More info and then click on Run anyway
---------------------------------------------------------------------------------------------
--> Download the FRST version of Farbar, compatible with your system and save the file on your Desktop
--> For a 32-bit system
--> For a 64-bit system
How to know which version 32-bit or 64-bit is running on my system?
--> Wait for your browser to offer you the download to save, without clicking anywhere, especially not on the sponsors of the page.
--> Close all applications, including your browser
--> Double-click on FRST.exe and click Yes to accept the Disclaimer
--> On Vista, Windows 7 / 8 and 10, you must launch the file by right-clicking -> Run as administrator
--> Wait for it to indicate The tool is ready to use
--> On the main menu, click on Scan and wait for the analysis to finish
--> At the end of the scan, the reports FRST.txt and Addition.txt are created. Post these reports in your next reply.
--> The reports are saved in the same location as the tool and under C:\FRST\Logs
--
Security contributor.
Thank you for your response; here are the two requested links
https://up.security-x.fr/file.php?h=R0aa06381ec7bbbe5fc4e1e4fbc5c2201
https://up.security-x.fr/file.php?h=R5a78248d4e4abe2dc68e2382f2a51cb4
Looking forward... and thanks again
https://up.security-x.fr/file.php?h=R0aa06381ec7bbbe5fc4e1e4fbc5c2201
https://up.security-x.fr/file.php?h=R5a78248d4e4abe2dc68e2382f2a51cb4
Looking forward... and thanks again
RE_
Before making a fix, uninstall SpyHunter 5, it's malware.
Then, bad news, your hard drive has bad sectors
Test your hard drives and provide the result (color and status) or post a screenshot: https://forums.cnetfrance.fr/tutoriels-logiciels-et-applis/487485-tester-son-disque-dur-ou-ssd-avec-crystaldiskinfo
--
Security contributor.
Before making a fix, uninstall SpyHunter 5, it's malware.
Then, bad news, your hard drive has bad sectors
Error: (09/08/2021 01:28:06 PM) (Source: disk) (EventID: 7) (User: )
Description: The device \Device\Harddisk0\DR0 has a bad block.
Error: (09/08/2021 01:28:06 PM) (Source: disk) (EventID: 7) (User: )
Description: The device \Device\Harddisk0\DR0 has a bad block.
Test your hard drives and provide the result (color and status) or post a screenshot: https://forums.cnetfrance.fr/tutoriels-logiciels-et-applis/487485-tester-son-disque-dur-ou-ssd-avec-crystaldiskinfo
--
Security contributor.
Hello
I uninstalled Spy Hunter 5
here is the link to the analysis image
https://up.security-x.fr/file.php?h=Rab55d758bb9c0c16e1e3cf81468b28be
See you later
I uninstalled Spy Hunter 5
here is the link to the analysis image
https://up.security-x.fr/file.php?h=Rab55d758bb9c0c16e1e3cf81468b28be
See you later
RE_
OK, the SSD is fine
--> Copy what is located here: https://textup.fr/581325Sh from start:: to end:: (without pasting it anywhere)
--> Open FRST (or FRST64) as an administrator and click on Fix
If FRST seems to freeze or become unresponsive, let it run
--> A fixlog file will be created in the same location as FRST, post it
--> Let me know if you're still experiencing the issue.
--
Security contributor.
OK, the SSD is fine
--> Copy what is located here: https://textup.fr/581325Sh from start:: to end:: (without pasting it anywhere)
--> Open FRST (or FRST64) as an administrator and click on Fix
If FRST seems to freeze or become unresponsive, let it run
--> A fixlog file will be created in the same location as FRST, post it
--> Let me know if you're still experiencing the issue.
--
Security contributor.
Here is the fixlog link
https://up.security-x.fr/file.php?h=R81622dafd8e17cc6ef7fdaa8fc7404a9
Which issue should I check? The disk or gstatic?
https://up.security-x.fr/file.php?h=R81622dafd8e17cc6ef7fdaa8fc7404a9
Which issue should I check? The disk or gstatic?
RE_
For the disk, I replied above :-) so it’s indeed gstatic that needs to be checked.
There is still a file to delete that is really nasty:
https://www.virustotal.com/gui/file/e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c/detection/f-e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c-1631072276
Do the same procedure as above with this:
What problem should I check? The disk or gstatic?
For the disk, I replied above :-) so it’s indeed gstatic that needs to be checked.
There is still a file to delete that is really nasty:
https://www.virustotal.com/gui/file/e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c/detection/f-e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c-1631072276
Do the same procedure as above with this:
start::
closeprocesses:
createrestorepoint:
Task: {3CC4768D-2A72-4FEB-9B22-BA19F5F291D3} - System32\Tasks\AAct => C:\Windows\AAct_Tools\AAct.exe [2700832 2019-03-20] (WZTeam -> ) [Unsigned file]
C:\Windows\AAct_Tools
cmd: cscript %windir%\System32\slmgr.vbs /dli
emptytemp:
end::
Here is the link to fixlog
https://up.security-x.fr/file.php?h=R1b662c2bf4127aaac95128934a804735
For now, I don’t know if gstatic is fixed because the coworking Wi-Fi is inaccessible...?
https://up.security-x.fr/file.php?h=R1b662c2bf4127aaac95128934a804735
For now, I don’t know if gstatic is fixed because the coworking Wi-Fi is inaccessible...?
In your first message, you mentioned:
So, are you still directed to gstatic?
For the coworking wifi, if it's professional, you need to check with the provider or your company, or you could start a topic in the network section; I don't think it's due to infection
--
Security contributor.
I can't access the coworking wifi for example... it redirects to gstatic or msn...?
So, are you still directed to gstatic?
For the coworking wifi, if it's professional, you need to check with the provider or your company, or you could start a topic in the network section; I don't think it's due to infection
--
Security contributor.
It connects with limited access after spinning for a while, heading towards nothing at all... it's not working.
Otherwise, is the fixlog okay?
Otherwise, is the fixlog okay?
RE_
Yes, the fixlog is OK. It seems there is still a network issue. I'm marking it as resolved here, please create a topic in the Network section
To automatically delete all files/folders created by FRST and the tool itself, rename FRST/FRST64.exe to uninstall.exe and run it.
The procedure requires a restart
-------------
--------------------------------
To check if there's anything left that could block the network, do this:
Run a Malwarebytes scan:
=> Download Malwarebytes Anti-Malware
=> Install the application --> Double-click on the downloaded file to launch the tool
=> /!\ On Vista, Windows 7, and 8, you need to run the file by right-clicking ==>> Run as administrator
=> update the software before the scan.
=> Start the detection by clicking on Scan Now
=> At the end of the scan, if any infections were found, click on Selected Items Quarantine
=> The PC will restart
=> After the restart, open MBAM again.
=> Click on the Report tab
=> Select the corresponding file --> Click on View Report
=> Click on Export --> Text File (TXT)
=> The Save File dialog opens
=> Give it a name and save it to the Desktop
=> Host the report and post the link in your next response.
User Guide
--
Security Contributor.
Yes, the fixlog is OK. It seems there is still a network issue. I'm marking it as resolved here, please create a topic in the Network section
To automatically delete all files/folders created by FRST and the tool itself, rename FRST/FRST64.exe to uninstall.exe and run it.
The procedure requires a restart
-------------
--------------------------------
To check if there's anything left that could block the network, do this:
Run a Malwarebytes scan:
=> Download Malwarebytes Anti-Malware
=> Install the application --> Double-click on the downloaded file to launch the tool
=> /!\ On Vista, Windows 7, and 8, you need to run the file by right-clicking ==>> Run as administrator
=> update the software before the scan.
=> Start the detection by clicking on Scan Now
=> At the end of the scan, if any infections were found, click on Selected Items Quarantine
=> The PC will restart
=> After the restart, open MBAM again.
=> Click on the Report tab
=> Select the corresponding file --> Click on View Report
=> Click on Export --> Text File (TXT)
=> The Save File dialog opens
=> Give it a name and save it to the Desktop
=> Host the report and post the link in your next response.
User Guide
--
Security Contributor.
RE_
OK, nothing exceptional, you can empty the quarantine of Malwarebytes:
Detection history --> Quarantined items --> Check all --> Delete
Then uninstall Malwarebytes.
If it's still the same, we only have to go to the network forum
--
Security contributor.
OK, nothing exceptional, you can empty the quarantine of Malwarebytes:
Detection history --> Quarantined items --> Check all --> Delete
Then uninstall Malwarebytes.
If it's still the same, we only have to go to the network forum
--
Security contributor.
Okay, it's done.
Thank you for your (valuable) help!
I will keep an eye out for gstatic, but I think it's good
Have a good rest of the day.
Thank you for your (valuable) help!
I will keep an eye out for gstatic, but I think it's good
Have a good rest of the day.
Hello, I have to reopen my gstatic.com issue...
In fact, while opening sites today, I notice the presence of gstatic once again thanks to uBlock Origin... see the attached screenshot where I saw gstatic appear live...
https://up.security-x.fr/file.php?h=Rb34182b16094caff5e2d42fed032639b
PS: I no longer have issues connecting to Wi-Fi at my coworking site.
I need to remove this gstatic from my PC, my browsers...
Could you help me with that?
Thank you.
Philippe
In fact, while opening sites today, I notice the presence of gstatic once again thanks to uBlock Origin... see the attached screenshot where I saw gstatic appear live...
https://up.security-x.fr/file.php?h=Rb34182b16094caff5e2d42fed032639b
PS: I no longer have issues connecting to Wi-Fi at my coworking site.
I need to remove this gstatic from my PC, my browsers...
Could you help me with that?
Thank you.
Philippe
RE_
For me, it's not a virus, it belongs to Google.
Do you have alerts or are you the one checking in Ublock?
Try replacing Ublock with AdBlockPlus to see if you have the same alerts.
For me, it's not a virus, it belongs to Google.
Do you have alerts or are you the one checking in Ublock?
Try replacing Ublock with AdBlockPlus to see if you have the same alerts.
Hello,
For me, gstatic is a "virus" of the "Adware/PUP/Browser Hijacker" category.
I was the one who went into Ublock.
Look at the link below
https://cfoc.org/gstatic-com-is-it-virus-remove-it/
Before this non-connectable wifi issue (resolved thanks to you), gstatic appeared when I wanted to open websites, it showed up with some sort of security alert for no reason... then I would end up on a blank gstatic page... If it's from google, at the very least it's hijacked...?
I wasn't worried about it because I didn't know it and it didn't prevent me from working; by insisting, I was always able to open my sites.
I think it's something to retrieve my personal data, particularly financial ones.
Could you help me remove this from my PC?
Thanks in advance.
For me, gstatic is a "virus" of the "Adware/PUP/Browser Hijacker" category.
I was the one who went into Ublock.
Look at the link below
https://cfoc.org/gstatic-com-is-it-virus-remove-it/
Before this non-connectable wifi issue (resolved thanks to you), gstatic appeared when I wanted to open websites, it showed up with some sort of security alert for no reason... then I would end up on a blank gstatic page... If it's from google, at the very least it's hijacked...?
I wasn't worried about it because I didn't know it and it didn't prevent me from working; by insisting, I was always able to open my sites.
I think it's something to retrieve my personal data, particularly financial ones.
Could you help me remove this from my PC?
Thanks in advance.
RE_
This kind of site "to scare and make you download malware like spyhunter" is rampant on the internet; they are absolutely not reliable.
Read spyhunter-faux-blog-de-desinfection
On the other hand, virustotal is reliable, and Gstatic.com gives this
Let's not kid ourselves, as long as it belongs to google, it’s definitely to extract information from you, like a tracker, but in no case to steal financial information.
The role of Ublock and similar tools is precisely to block (in addition to ads) trackers and other tracking cookies, so it's normal that gstatic is blocked.
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=fr&ucbcb=1
This kind of program (stealing passwords/banking) is perfectly detectable in a FRST report and in yours, nothing is suspicious in that direction.
We will do a last scan to check your PC, so please redo the procedure from my first message and post the two new reports.
--
Security Contributor.
For me, gstatic is a "virus" of the "Adware/PUP/Browser Hijacker" category.
It was me who went into Ublock.
Look at the link below
https://cfoc.org/gstatic-com-is-it-virus-remove-it/
This kind of site "to scare and make you download malware like spyhunter" is rampant on the internet; they are absolutely not reliable.
Read spyhunter-faux-blog-de-desinfection
On the other hand, virustotal is reliable, and Gstatic.com gives this
gstatic appeared when I wanted to open websites; it showed up with some sort of security alert for no reason... then I would end up on a blank gstatic page... If it's google, it's at least diverted...?
I wasn't worried about it because I didn't know and it didn't prevent me from working; by insisting, I could always open my sites.
I think it's a thing to steal my personal data, particularly financial data.
Let's not kid ourselves, as long as it belongs to google, it’s definitely to extract information from you, like a tracker, but in no case to steal financial information.
The role of Ublock and similar tools is precisely to block (in addition to ads) trackers and other tracking cookies, so it's normal that gstatic is blocked.
uBlock₀ is an extension that blocks ads and trackers
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=fr&ucbcb=1
This kind of program (stealing passwords/banking) is perfectly detectable in a FRST report and in yours, nothing is suspicious in that direction.
We will do a last scan to check your PC, so please redo the procedure from my first message and post the two new reports.
--
Security Contributor.
Hello,
Thank you for helping me again.
Here are the two requested files.
https://up.security-x.fr/file.php?h=R67d6dcff8f08dae96769d2928f57f381
https://up.security-x.fr/file.php?h=Rc16a3b3441a01dc7777da97b1e064354
In the meantime,
See you soon.
Thank you for helping me again.
Here are the two requested files.
https://up.security-x.fr/file.php?h=R67d6dcff8f08dae96769d2928f57f381
https://up.security-x.fr/file.php?h=Rc16a3b3441a01dc7777da97b1e064354
In the meantime,
See you soon.
- 1
- 2
Suivant