cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 31 of 57

Re: go.deliverymodo virus

If the usual adware-removal tools do not remove this program, it is likely that it has injected an unwanted extension or add-on into the browser. That is possible at least for Chrome, I don't know about Edge.

The Malwaretips removal guide shows you (in Step 4) how to restore Chrome/IE/Firefox to default settings, but does not give an example for Edge. It's worth trying, I would have thought.

Before you do that though, have you tried AdwCleaner?

Highlighted
McAfee Employee dmeier
McAfee Employee
Report Inappropriate Content
Message 32 of 57

Re: go.deliverymodo virus

I'll need to get your full email address.  You can PM me.

- David

Re: go.deliverymodo virus

Oh it seems like I' m not alone. We all are in same boat and hit by go.deliverymodo.

I have McAfee total protection which is of 3 years and valid till 2019 installed and still I got attacked by this go.deliverymodo. McAfee tech support guys said existing antrivirus software is not always full proof against all kinds of spyware available in net.

Then I had a remote screenshare with the McAfee guys 3-4 times for 2-3 hours each and each of them tried the same method of cleaning the go.deliverymodo spyware from my Dell laptop. They cleaned some registry files, installed autorun.exe to get a report of suspicious files. I also tried malware bytes but no luck. Now it seems through email apps or my playstore email login , it has even encroached into my android smartphone and now both my laptop and cell have go.deliverymodo popups while trying to open any webpage with ads in it in a browser. I have not reached out to McAfee guys for one more time as its get really time consuming everytime debugging with the same set of steps.

Dear ,

In case you get any final solution from these McAfee support guys, please inform me as well so that I can also try same steps to fix it.

​, any help of yours on this will be much appreciated

Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 34 of 57

Re: go.deliverymodo virus

I have just reported this to David/Nick/Masthan at McAfee Labs.

Hopefully we will hear something in short order.

Your Escalated Ticket number is as follows; Ticket #: AM001092 - Malware

Cliff
McAfee Volunteer

Re: go.deliverymodo virus

Hi Amit,

Can you please run our GetSusp tool so I can get an idea on what is on your box. Please follow the instructions I've listed below.

Download Getsusp

https://www.mcafee.com/us/downloads/free-tools/getsusp.aspx

Download and Install a FTP client like FileZilla. You don't need to download the Pro edition.

https://filezilla-project.org/

Extract and launch McAfee Getsusp

1) Click on Preferences

2) Add your e-mail address

3) Change the Save location to your desktop

4) Click okay and then click Scan Now

5) After Getsusp is done scanning launch File FileZilla

6) Copy this into the host and then select Quickconnect ftp://custftp2.nai.com/incoming/msteg/am001092/

7) Once it connects you will need to navigate to your desktop in FileZilla so you can transfer the Gsusp zip file that was created. Drag and drop the zip file and it should transfer over. You may see an error about not being able to retrieve the directory listing and this can be ignored.

😎 Respond back to this thread once you have uploaded the file for review.

Thanks,

Kyle Smith

Security Researcher

Re: go.deliverymodo virus

Hi Kyle,

All above steps are performed and getsusps logs are uploaded in the path given by you now from my laptop. Please review the logs and let me know on it. It gave a list of couple of suspicious files . I could not get the absolute path of the locaiton where these files are there or else I would have manually deleted those.

Thank you,

Amit Sahoo

Re: go.deliverymodo virus

OMG!

I got this

C:\Users\<username>\AppData\Local\Microsoft\Windows\INetCache\IE\50SPUG4W\GCExInstaller[1].exe.

When i checked for its health in virustotal.com. It shows 28/63. I just deleted it manually.

Second file:

C:\Users\<username>\AppData\Local\Microsoft\Windows\TemporaryInernetFiles\...\

I was not able to get in to this "TemporaryInternetFiles" it showed access denied. Deleted this folder.

Let's see how it goes this time. Please let me know in case if you have any other input on it.

Could you also help me in removing this virus from my android phone?

Same virus has affected my android cell as well

Thank you,

Amit Sahoo

Re: go.deliverymodo virus

Hey Amit,

The mentioned file in the getsusp log installs an Extension in Google Chrome called TubeTab. I've reclassified the file GCExIn staller[1].exe as a PUP as well.

Here are instructions on how to remove the TubeTab Extension in Google Chrome. I didn't see TubeTab installed on FireFox or IE when I ran this on a VM.

-Launch Chrome

-Click on the Icon to the right with 3 bars stacked on top of each other

-Go to More Tools -> Extensions

-Deselect TubeTab and then click on the Trash Bin Icon so Chrome will remove the extension.

-Close out Chrome and reopen it and try and reproduce the issue.

Note: The default install of Google Chrome usually will show 4 Extensions installed and they will all begin with Google. If you see any additional extensions that you don't recognize then please disable those as well.

Thanks,

Kyle Smith

Security Researcher

Re: go.deliverymodo virus

This discussion is going in the wrong direction.

ISP and your social networks have got nothing to do with it.

I am not on facebook. My adroid device is not affected.

Also, I do not have tubetab extension. And this problem is browser agnostic.

I have the same problem on IE, Forefox etc.

Re: go.deliverymodo virus

Hey ​,

I don't see any extension in that name "Tube Tab" in chrome. I can only see (1) McAfee Web Advisor - enabled (2) Adobe Acrobat - not enabled.

I have even uninstalled/reinstalled chrome browser in the past to see if any similar issue is there.

Is there a possibility that this tube tab has been injected in to browser in some other name in some other config of chrome browser?

Thanks,

Amit

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community