12-23-2020, 01:34 PM
(This post was last modified: 12-23-2020, 02:09 PM by JustAnotherFrog.)
Ok, so I've been using Cent Browser for a few years now, quite happy with it.
Got a little notification in the lower right the other day that the version has been updated. Nice.
So I close and re-open Cent and up comes my standard homepage (www.google.com) and I start to search for something when several pop-ups show up saying my McAfee subscription is out of date (I don't use McAfee) and I have viruses, etc, and to click here to renew.
Concerned for several reasons, not least of which is I don't visit any sort of sites that might offer a vector for infection. Nor do I use pirated software.
Immediately, I close Cent, and do a Windows Defender scan, which says "clean", so I run a Malwarebytes scan. It too is clean. Ditto HitmanPro, and several other stand-alone virus scanners. All say my system is clean.
Figuring that possibly Google's homepage somehow got hijacked, I start looking through my task manager and Services for anything out of the ordinary.
Nothing seems unusual, but just this morning I open Cent to my home page, and just let it sit on my Secondary monitor, doing nothing.
After a minute or so of being idle, I get several pop-ups on my main monitor saying my Norton is out of date (I don't use Norton either) and the little window that has this "ad" has an even smaller chrome-like icon in the upper left, along with a gear wheel for "options"
Under "options" is an option to ignore ads from that site (some random URL.xyz)
The .xyz rings a bell to me, there's a malware infection for "search.xyz"
https://malwaretips.com/blogs/remove-search-xyz/
So I follow that, but again, my system is clean.
One other thing I've noticed in my Task Manager, is if I close Cent, several "chrome.exe *32" processes stay open, which include these little "ads" for Norton. Killing off the entire "chrome.exe *32" thread kills off these ads, so it seems to be coming from there. Since I don't have google's Chrome installed, but only Cent, I can only conclude the vector of infection is Cent Browser.
Now, I'm not pointing fingers, and I'm willing to admit my system may have been infected (and is infected still) but everything I've thrown at it comes up clean. This only happened when Cent was auto-updated to the newest version. So I"m raising some awareness for other users and perhaps the devs to check things out in their repository and ensure they are clean. I will continue to scan my system and see if I can narrow this issue down.
Thank you for your attention.
I believe the fault is mine, a recent visit to a site I normally use seemed to have gotten something injected into it. I apologize for any issue I have caused.
Got a little notification in the lower right the other day that the version has been updated. Nice.
So I close and re-open Cent and up comes my standard homepage (www.google.com) and I start to search for something when several pop-ups show up saying my McAfee subscription is out of date (I don't use McAfee) and I have viruses, etc, and to click here to renew.
Concerned for several reasons, not least of which is I don't visit any sort of sites that might offer a vector for infection. Nor do I use pirated software.
Immediately, I close Cent, and do a Windows Defender scan, which says "clean", so I run a Malwarebytes scan. It too is clean. Ditto HitmanPro, and several other stand-alone virus scanners. All say my system is clean.
Figuring that possibly Google's homepage somehow got hijacked, I start looking through my task manager and Services for anything out of the ordinary.
Nothing seems unusual, but just this morning I open Cent to my home page, and just let it sit on my Secondary monitor, doing nothing.
After a minute or so of being idle, I get several pop-ups on my main monitor saying my Norton is out of date (I don't use Norton either) and the little window that has this "ad" has an even smaller chrome-like icon in the upper left, along with a gear wheel for "options"
Under "options" is an option to ignore ads from that site (some random URL.xyz)
The .xyz rings a bell to me, there's a malware infection for "search.xyz"
https://malwaretips.com/blogs/remove-search-xyz/
So I follow that, but again, my system is clean.
One other thing I've noticed in my Task Manager, is if I close Cent, several "chrome.exe *32" processes stay open, which include these little "ads" for Norton. Killing off the entire "chrome.exe *32" thread kills off these ads, so it seems to be coming from there. Since I don't have google's Chrome installed, but only Cent, I can only conclude the vector of infection is Cent Browser.
Now, I'm not pointing fingers, and I'm willing to admit my system may have been infected (and is infected still) but everything I've thrown at it comes up clean. This only happened when Cent was auto-updated to the newest version. So I"m raising some awareness for other users and perhaps the devs to check things out in their repository and ensure they are clean. I will continue to scan my system and see if I can narrow this issue down.
Thank you for your attention.
I believe the fault is mine, a recent visit to a site I normally use seemed to have gotten something injected into it. I apologize for any issue I have caused.