I use Chrome + Hola + Netflix. In the last 2 days I have had a popup Chrome window twice now trying to get me to install Malware.
The first I didnt take much notice of it - but fl_setup.exe 80kb looked suspicious - wasnt detected by MS Security Essentials - so decided to test via online virustotal.com - seems to run the file against most of the av tools. It came back with a hit on 9 detections in the file.. Microsoft was shown on the site as passing the file, no detection. Access to the URL of the detections may be possible via https://www.virustotal.com/en/file/5cfc2e5c20c37fc11a920ffb2571cc0dbf2dca69c847bd8b6d1197b664217f71/analysis/
Antivirus Result Update
AVG Generic.4A4 20140916
AVware AdKnowledge (fs) 20140916
Avira ADWARE/iBryte.Gen7 20140915
Comodo Application.Win32.AgentCV.HWYE 20140915
DrWeb Trojan.DownLoader11.32333 20140916
ESET-NOD32 a variant of Win32/AdWare.iBryte.BF 20140916
F-Prot W32/A-34fffba4!Eldorado 20140916
Malwarebytes PUP.Optional.OptimunInstaller 20140916
VIPRE AdKnowledge (fs) 20140916
So I deleted the file, and was perplexed..
Today while trying to access the same netflix + hola via Chrome I had the second new popup window.. this time wanting me to install "Internet Download Manager".. this was the popup link
I decided against pushing the "install button" within this window - and seek advice...
I ran a Malwarebytes check just now and got (the first file is the fl_setup.exe file in the recycle bin)
Scan Type: Threat Scan
Objects Scanned: 321394
Time Elapsed: 9 min, 3 sec
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-3884892844-2165067486-330871413-1000\$RNW6G2Q.exe, , [aeabb6383d3e280e9e3cb5943cc40000],
PUP.Optional.BetterDeals.A, C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, , [0b4e5d91accfca6c86b3f720fe05956b],
PUP.Optional.BetterDeals.A, C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, , [1e3b36b88cef3600e356e4337f8427d9],
Anyone else noticed this behavior ? Or have any advice ?
I am using the free Hola version..