HTML/Phish (Virus detected Chrome on Windows)

[mtrxyz]

After much testing - clearing the chrome cache -- uninstalling and reinstalling chrome -- I finally figured this out: when logging into Outlook.com on chrome with Adguard enabled, the Windows Defender Security Center is triggered, telling me I have a SEVERE problem (I have attached a screenshot).

http://i.imgur.com/eK5b8sF.png

This happens every time I login using the chrome browser, but not other browsers. What exactly is going on and how do I fix it?

PS: Is this happening to anybody else?

 

[zIBiT]

Hi!

You can try to check your PC with https://www.malwarebytes.com. It looks like malware.

Is your problem related with Aduard?

 

[mtrxyz]

Hi yes, I have run several malware checkers including malwarebytes, and the PC is clean. When I disable adguard, everything works fine. This issues only comes up when I am logging into outlook.com on Chrome with Adguard turned on. If adguard is turned off, there is no virus prompt.

 

[Boo Berry]

No issues with Chrome, Adguard and Outlook here.

 

[mtrxyz]

Well, here's what I did, in order:
1) I deleted Chrome using REVO Uninstaller, cleaning up all the registry keys and user profile documents.
2) I rebooted, cleaned my computer with Windows Cleanup and also with CCleaner
3) Rebooted then ran a full Windows Defender Scan (came up, clean) and a full malwarebytes scan (also clean)
4) Reinstalled Chrome and then logged into Outlook with no extensions and with Adguard OFF (there was no problem, no prompt, no warning from defender)
5) Rebooted, then cleared the chrome cache
6) Turned Adguard ON and logged into Outlook, got the same warning as above

I am baffled. Because it seems that the problem is Adguard on the Windows Surface Book. But maybe it's something deeper.

This is driving me crazy.

 

[mtrxyz]

Note - I just tried this on a second computer and I am getting the exact same prompt. Only with Adguard turned on. I WAS not getting this on the second computer until I installed Cumulative Update for Windows KB4034674) - Does anybody have that update installed and is getting the prompt? I honestly don't know what to do - I was going to completely wipe my computer, but the fact that it is happening on both without Chrome extentions makes me think this is not malware.

 

[mtrxyz]

This may help - another screenshot, with more detail, from my second computer. Again, only showing with Adblock turned on:
https://i.imgur.com/TMNOcm4.png

 

[Meignen Hugo]

Hello ! I have the exact same problem ! With Outlook, Adguard and Chrome.
That night my Paypal Account was hacked because of this Phishing Trojan/Virus.
And this Trojan/Virus shows up when i go on outlook like you...

(I'm french so forgive me if there is any faults).

 

[mtrxyz]

Completely removed Chrome and Adguard
-- Reinstalled Chrome WITHOUT Adguard

Problem solved. It seems like Adguard is inserting some sort of HTML script into the browser that Defender recognizes as a phishing script. I'm not saying that Adguard is doing anything evil, but Defender certainly thinks so. Now that Adguard is GONE, Defender, Malwarebytes, Sophos, and Avast all tell me that my computer is clean. This has been a nightmare.

 

[zIBiT]

Hello again!

We found an issue and will fix it with the next English filter update.

You will be able to use Adguard without any annoying notifications since tomorrow.

 

[aegis]

@mtrxyz try to add this rule to the User filter, it's going to fix the problem:

@@||outlook.live.com/owa/projection.aspx$document

 

[mtrxyz]

@zIBiT That's great news, could you us the specifics of the issue?

 

[zIBiT]

Windows Defender complained at Google Chrome cache file. When this file is modified by Adguard to add cosmetic rules for filtering ads, Windows Defender detects it as an HTML/Phish.