0

This question is about the SVG virus malware I got through Facebook, which adds a malicious Google Chrome extension. It's called one or ubo. Some articles write that it is ransomware.

I think I was infected by this, but I am not a programmer or a computer talented person, so I can just guess.

This question suggests that it adds a file to each page/ directory you are looking at via Google.

So what about my Google Drive? Will it take over Google accounts that I have had open in the time before I realised that I might be infected?

Over the past 2 weeks I kept using the computer over Google Chrome. So it knows my bank, Google accounts etc.

I opened my Google accounts using Google Chrome the other day, and they are locked, but they are not locked if I go via explorer.

schroeder
  • 125,553
  • 55
  • 289
  • 326
asbjørn
  • 11
  • 1
    Welcome to Information Security Stack Exchange! I've edited your question. I hope it is more clear now. Please see if you can find the exact name of the malware. Or at least the links where people wrote about it here. With more information, maybe we can help. Good luck! – S.L. Barth Mar 01 '17 at 13:38
  • I really don't have time to deal with this right now. Is it dangerous to keep using the computer while it is infected? I don't have backups of my family photos or my master thesis from before the infection occurred. Is it safe to restore backups made after the infection occurred? Do I need to worry about peripherals getting infected? Do I need to do anything about my router or other devices on my home network? – asbjørn Mar 01 '17 at 15:11
  • We cannot help unless we know what you are infected with. As you are guessing, so are we. We need details on the infection itself. As it stands now, from our perspective, it's like asking, "my toe itches, do I have cancer?" Yes, you might have cancer, or your toe itches. Or you might have ringworm. We need more data in order to help. – schroeder Mar 17 '17 at 10:15

1 Answers1

1

The extension, which was in the Chrome store, is the Nemucod downloader, which harvests credentials and is capable of spreading malware.

If affected remove the malicious extension from the browser, run an antivirus scan and change the Facebook password afterwards. You should also notify any people who received a malicious file from you.

torben feldthusen
  • 21
  • 2