Kaspersky
Solved

Kapersky not identifying popups "gsu.st" [MOVED] [Closed]

  • 17 November 2019
  • 5 replies
  • 4866 views

  • Anonymous
  • 0 replies

Hey All, 

I recently purchased a premium subscription for Kaspersky after Malwarebytes and Bitdefender both failed to identify the problem here.

Kaspersky still isn’t identifying the problem after a full scan but I have what looks like a Google Chrome popup appear regularly (2-3 times a minute) in the lower right hand corner of the screen with random advertisements. It interrupts anything that I have open and is affected the PC performance.

I’ve searched for on installed programs, extensions on Chrome for anything that may have managed to find its way on as a bundle but can’t spot anything. 

Can you help please? 

Dan

 

//Mod Note: moved to the correct section.

icon

Best answer by Anonymous 17 November 2019, 17:12

View original

This topic has been closed for comments

5 replies

Userlevel 7
Badge +11

Hello @Screentan,

Welcome!

Please tell us:

  1. Operating system version & build?
  2. Kaspersky software name, version & patch
  3. Go to Kaspersky application, select More Tools, select Reports, select Detailed Reports, select All Events, select 24hrs or 7days, select Export, export the Report, save as a .txt (test) file & attach to your reply please?
  4. What browsers are used, or is the issue only happening in Chrome, please provide names & versions?
  5. Does the issue happen in any other browsers?
  6. Are Kaspersky Protection extensions installed & enabled?
  7. Have you checked and verified all browser extensions (other than Kaspersky)?
  8. May we have an image of the Google Chrome "gsu.st" popup?

Please let us know?

Thank you. 

 

Hey @FLOOD 

Okay, details below: 

Please tell us:

  1. Operating system version & build?

W10 Home x64, v. 1903 (OS Build 18362.476) 

  1. Kaspersky software name, version & patch

Kaspersky Anti-Virus

20.0.14.1085 (e)

DB release date: today, 06:48

  1. Go to Kaspersky application, select More Tools, select Reports, select Detailed Reports, select All Events, select 24hrs or 7days, select Export, export the Report, save as a .txt (test) file & attach to your reply please?

Attached. 

  1. What browsers are used, or is the issue only happening in Chrome, please provide names & versions?

I only use Chrome. IE is installed but I never use it. 

  1. Does the issue happen in any other browsers?

Above. 

  1. Are Kaspersky Protection extensions installed & enabled?

Yes. 

  1. Have you checked and verified all browser extensions (other than Kaspersky)?

Yes. 

  1. May we have an image of the Google Chrome "gsu.st" popup

Attached. 

 

Thanks for your help! 

 

Userlevel 7
Badge +11

Hello @Screentan

You’re very welcome! 

Thank you for the information, report & image:pray_tone3:

(A)

May I please have images of:

  1. All installed programs?
  2. All Chrome extensions?
  3. Run Taskmanager, when the popup alert shows in Applications, Task, please capture an image?
  4. In your Windows Notification Centre, there are 14 Notifications, may I know what they are please? 

(B)

:octagonal_sign: Create a system restore point:octagonal_sign:

:one: In Chrome: have you performed a Reset and clean up > Restore settings to their original defaults ? If not please do so.

:two: Checked: Chrome shortcuts, on  Desktop, Taskbar and  Start menu

  • Target must be: 

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

  • Start in must be: 

C:\Program Files (x86)\Google\Chrome\Application

  • Check there is no chromium in either path

:three: Open Task Manager Processes, check the description of all processes. Any unknown processes, follow back to the starting directory. Search for random, unusual or strange file names. In the first instance make a list, then, when you’re sure, kill each “unknown” process one by one.

:four:Registry Editor, start as Administrator

  1. :warning: Export & save Registry:warning:
  2. Search Registry for gsu.st & gsu - at this stage do not delete, copy the name of each, add to a text file & attach to your reply please? 

:five: Delete everything in: C:\Windows\Temp, there may be a few files & folders requiring Admin permission, select OK, & there may be a few files & folders “in use”, select Skip

:six: Delete everything in: C:\Users\YOURNAME\AppData\Local\Temp, there may be a few files & folders requiring Admin permission, select OK, & there may be a few files & folders “in use”, select Skip

Perform step  :six:  for all user profiles on the computer (if there’s more than one).

:seven: Download and run AdwCleaner

:eight: At the completion of all steps, reboot computer using Full Shutdown not Restart. 

 :x: As KAV has not picked up “gsu.st”, it would also be good if the issue was escalated to Kaspersky Lab Technical Support, choose the Malware, Unwanted Ads, Banners & Popups template, add all the information you’ve provided here, and History, when did it start? Any new programs installed, any sites visited that “may” have caused the infection, all steps taken to resolve… 

As much information as possible, more is better. 

Also include a GSI & Windows Logs

 

When the request is submitted you’ll receive an automated email with an INC# number, within 5 business days a Kaspersky Lab (human) will contact to assist with the issue, you can continue to communicate with the Lab via replying to the email or updating the INC directly in your MyKaspersky account:x:

 

Please let us know any results?

Thank you

Userlevel 7
Badge +8

@Screentan: also try this:

 

https://support.google.com/chrome/answer/3220216?co=GENIE.Platform%3DDesktop&hl=en

 

Delete those ones You are getting...

Hey All, 

@FLOOD I was going through the steps to forward you the information requested when I saw what @harlan4096 put here on Chrome notifications. 

Interestingly, I’ve had a fair few instances of malware before but have never seen this. Chrome was allowing notifications from this gsu.st URL (see pic attached). The 14 notifications you mentioned were either email notifications or notifications from this gsu.st site. 

I’ve reset Chrome to default like you mentioned which has now removed the notifications from Chrome. I’ve going to wait and see if this fixes it but I have a feeling it will. 

Thanks for your help!