3

How can I detect what causes Chrome to open a tab for "http://eaes.2track.info/" each time I search something in the address bar?

Interestingly this only happens for the first few searches I do after starting the Windows. Afterward it doesn't open a tab for "http://eaes.2track.info/" anymore.

Some details:

  • I use Windows 7 SP1 x64 Ultimate.
  • I don't see anything suspicious in Control Panel\All Control Panel Items\Programs and Features. Only Chrome is affected: Internet Explorer and Firefox are fine. Chrome with incognito mode is also working fine.
  • Avast isn't complaining about anything
  • Looking at chrome://settings/searchEngines, the address bar uses Google with {google:baseURL}search?q=%s&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:iOSSearchLanguage}{google:searchClient}{google:sourceId}{google:contextualSearchVersion}ie={inputEncoding}, which seems fine to me. enter image description here
  • I have noticed a few bookmark icons changing to enter image description here (WM is expected, but the icon before it changed).
  • Running chrome://settings/safetyCheck doesn't show any issue with the extensions.
  • C:\Windows\System32\drivers\etc just contains one line of NUL characters (probably got nuked by some non-malicious crapware some time ago).

  • I have the extension "Auto Refresh" (ID=ifooldnmmcmlbdennkpdnlnbgbmfalko) but it isn't loaded. I assume this means it doesn't run.

    enter image description here

Improve this question
1

2 Answers 2

Reset to default
8

Same thing happened to me, apparently the extension "Auto Refresh" is malware. 😔

Improve this answer
5
3

malicious code is in its background.js You can read about it in this reddit thread: https://www.reddit.com/r/chrome/comments/gg2nii/auto_refresh_extension_now_malware/fql6uds/

Also these guys have create multiple other extensions for chrome and ff. example: https://chrome.google.com/webstore/detail/page-refresh/hmooaemjmediafeacjplpbpenjnpcneg

Be careful while installing extensions.

Improve this answer
3
  • Thanks. Does Chrome runs background.js even when the extension is disabled?
    – Franck Dernoncourt
    Commented Jun 12, 2020 at 17:19
  • no. it runs only when enabled
    – Sandeep Gupta
    Commented Jun 12, 2020 at 17:20
  • Was there research done about the extent of the damage for this extension? Was it just a deliverer or was it a keylogger too?
    – Isa
    Commented Jun 19, 2020 at 15:32

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .