HTML/Phish (Virus detected Chrome on Windows)

Discussion in 'Technical Support (AdGuard for Windows)' started by mtrxyz, Aug 8, 2017.

  1. mtrxyz

    mtrxyz New Member

    Joined:
    Aug 8, 2017
    Messages:
    7
    After much testing - clearing the chrome cache -- uninstalling and reinstalling chrome -- I finally figured this out: when logging into Outlook.com on chrome with Adguard enabled, the Windows Defender Security Center is triggered, telling me I have a SEVERE problem (I have attached a screenshot).

    http://i.imgur.com/eK5b8sF.png

    This happens every time I login using the chrome browser, but not other browsers. What exactly is going on and how do I fix it?

    PS: Is this happening to anybody else?
     
  2. zIBiT

    zIBiT Administrator Staff Member Administrator

    Joined:
    May 15, 2017
    Messages:
    386
  3. mtrxyz

    mtrxyz New Member

    Joined:
    Aug 8, 2017
    Messages:
    7
    Hi yes, I have run several malware checkers including malwarebytes, and the PC is clean. When I disable adguard, everything works fine. This issues only comes up when I am logging into outlook.com on Chrome with Adguard turned on. If adguard is turned off, there is no virus prompt.
     
  4. Boo Berry

    Boo Berry Moderator + Beta Tester Moderator

    Joined:
    May 30, 2012
    Messages:
    3,212
    No issues with Chrome, Adguard and Outlook here.
     
  5. mtrxyz

    mtrxyz New Member

    Joined:
    Aug 8, 2017
    Messages:
    7
    Well, here's what I did, in order:
    1) I deleted Chrome using REVO Uninstaller, cleaning up all the registry keys and user profile documents.
    2) I rebooted, cleaned my computer with Windows Cleanup and also with CCleaner
    3) Rebooted then ran a full Windows Defender Scan (came up, clean) and a full malwarebytes scan (also clean)
    4) Reinstalled Chrome and then logged into Outlook with no extensions and with Adguard OFF (there was no problem, no prompt, no warning from defender)
    5) Rebooted, then cleared the chrome cache
    6) Turned Adguard ON and logged into Outlook, got the same warning as above

    I am baffled. Because it seems that the problem is Adguard on the Windows Surface Book. But maybe it's something deeper.

    This is driving me crazy.
     
  6. mtrxyz

    mtrxyz New Member

    Joined:
    Aug 8, 2017
    Messages:
    7
    Note - I just tried this on a second computer and I am getting the exact same prompt. Only with Adguard turned on. I WAS not getting this on the second computer until I installed Cumulative Update for Windows KB4034674) - Does anybody have that update installed and is getting the prompt? I honestly don't know what to do - I was going to completely wipe my computer, but the fact that it is happening on both without Chrome extentions makes me think this is not malware.
     
  7. mtrxyz

    mtrxyz New Member

    Joined:
    Aug 8, 2017
    Messages:
    7
    This may help - another screenshot, with more detail, from my second computer. Again, only showing with Adblock turned on:
    https://i.imgur.com/TMNOcm4.png
     
  8. Meignen Hugo

    Meignen Hugo New Member

    Joined:
    Aug 10, 2017
    Messages:
    1
    Hello ! I have the exact same problem ! With Outlook, Adguard and Chrome.
    That night my Paypal Account was hacked because of this Phishing Trojan/Virus.
    And this Trojan/Virus shows up when i go on outlook like you...

    (I'm french so forgive me if there is any faults).
     
  9. mtrxyz

    mtrxyz New Member

    Joined:
    Aug 8, 2017
    Messages:
    7
    Completely removed Chrome and Adguard
    -- Reinstalled Chrome WITHOUT Adguard

    Problem solved. It seems like Adguard is inserting some sort of HTML script into the browser that Defender recognizes as a phishing script. I'm not saying that Adguard is doing anything evil, but Defender certainly thinks so. Now that Adguard is GONE, Defender, Malwarebytes, Sophos, and Avast all tell me that my computer is clean. This has been a nightmare.
     
  10. zIBiT

    zIBiT Administrator Staff Member Administrator

    Joined:
    May 15, 2017
    Messages:
    386
    Hello again!

    We found an issue and will fix it with the next English filter update.

    You will be able to use Adguard without any annoying notifications since tomorrow.
     
  11. aegis

    aegis Administrator Staff Member Administrator

    Joined:
    Feb 25, 2016
    Messages:
    373
    @mtrxyz try to add this rule to the User filter, it's going to fix the problem:

    Code:
    @@||outlook.live.com/owa/projection.aspx$document
     
  12. mtrxyz

    mtrxyz New Member

    Joined:
    Aug 8, 2017
    Messages:
    7
    @zIBiT That's great news, could you us the specifics of the issue?
     
  13. zIBiT

    zIBiT Administrator Staff Member Administrator

    Joined:
    May 15, 2017
    Messages:
    386
    Windows Defender complained at Google Chrome cache file. When this file is modified by Adguard to add cosmetic rules for filtering ads, Windows Defender detects it as an HTML/Phish.