0

I've got some adware and it opens a URL. Let's call it "ads".

I tried to troubleshoot with different anti-spyware but it was ineffective.

I want to intercept ANY call to Chrome which is opening the page called "ads". When it happens I want to know what was the caller process (if outside Chrome) or the extension (if inside Chrome).

Can you help me?

The supposed duplicate question is extremely generic so the answers assume to deal with kind of virus which are dangerous and thus the proposed solution may involve a system format or a previous backup. Here the idea is completely different. While an antivirus is a software and it doesn't have any artificial intelligence I know very well the solution I need: "simply and immediately block and delete whatever tries to open the ads page".

The problem is just technical. If this operation would be obvious through the antivirus or windows many adware problems could be easier to solve. That's why I see this question as being important. Because it's about a methodological investigation which can be used against a whole class of problems.

thilina R
  • 2,943
  • 5
  • 26
  • 35
Revious
  • 355
  • 2
  • 5
  • 17
  • Use [procmon](https://technet.microsoft.com/en-us/library/bb896645.aspx) to find a process that open chrome – thilina R Apr 28 '15 at 18:17
  • @slayernoah: I know procmon but how can I tell to filter on any process which opens chrome? Usually I use it for checking what a single process is doing.. – Revious Apr 28 '15 at 18:43
  • 1
    If it's like most malware these days, simply identifying and removing the executable that's launching Chrome probably won't fix anything. It most likely has far more sophisticated concealment abilities than that. – Carey Gregory Apr 28 '15 at 18:46
  • @CareyGregory: usually I'm very lucky with virus. I've never faced a virus challenge all over my life. I think there are really a few strong one.. I'm also very sceptical about antivirus. I think the medium user is so ignorant that antivirus don't get any value from investing to fight virus well. But if you have a good tool suggestion tell me! – Revious Apr 28 '15 at 18:52
  • 1
    @Revious (1) enable capture (2) as soon as chrome is called, disable capture (3) review events that occurred just before chrome was called. This [tutorial](http://www.howtogeek.com/school/sysinternals-pro/lesson3/) shows how you can use it more effectively and provides an example to investigate malware (which has some similar characteristics to adware) and how to detect calls to open browsers etc. – thilina R Apr 28 '15 at 18:52
  • 1
    @Revious You've simply been lucky. Newer variations of malware aren't like viruses of the past. They're almost all difficult to remove, and some are virtually impossible. The last malware I encountered was of the latter type. After 3 days of trying to remove it I gave up, wiped the machine and reinstalled the OS. None of the several AV tools I tried could even identify it, much less remove it. I'm a software engineer with 25+ years of experience, so if was that hard for me, the average user has no chance whatsoever. – Carey Gregory Apr 28 '15 at 19:10

1 Answers1

0

Use Microsoft Sysinternals Process Monitor to find any process(es) that may open chrome.

  1. Enable capture on Process Monitor
  2. As soon as Chrome is opened, disable capture on Process Monitor
  3. Review events on Process Monitor that occurred just before chrome was called

This tutorial shows how you can use it more effectively and provides an example to investigate malware (which has some similar characteristics to adware) and how to detect calls to open browsers etc.

thilina R
  • 2,943
  • 5
  • 26
  • 35