I’ll try and keep this short because I’m just looking for reassurance, really.
Basically, on Monday I was doing some research for a blog post and clicked on what looked like a proper link in Google (the SEO meta description and title all looked like what I was looking for) but then it redirected me to fastsolvecaptcha.com. I stupidly clicked allow because I’d never seen it before, and a bunch of notifications came through, all claiming I had a trojan on my computer, but all for security programs I don’t have installed (so I knew they weren’t genuine). I accidentally clicked one while I was trying to get rid of it, and it took me to a website, but I closed the tab straight away. I went back into Chrome and revoked and removed all the permissions for fastsolvecaptcha, and I haven’t had another notification since.
I also did a system restore to an automatic restore point the day before. Then I ran Norton Security and their Power Eraser but nothing came up. One of their team ran their Forensic Toolkit and THAT didn’t find anything. I then followed the advice in the guide on the MalwareTips site and ran MalwareBytes, which said it found 18 threats, but it only quarantined and removed 17. They were all listed as riskware and crypto miners, but I have no way of knowing if they were already on my computer before I ran into this captcha nonsense. It’s a bit disconcerting about the 18th one, but it hasn’t found anything else since.
I then ran Hitman Pro as well and it only found tracking cookies.
I had a bit of an issue yesterday with Chrome, which changed its homepage to the main Google page (normally I have it open on Gmail) and then whenever I closed Chrome and reopening it, it was reopening tabs I’d had open the last time. I found a fix for that on a Google support thread and that now seems to be sorted, so I’m guessing a Chrome update might have been behind that one.
But I have pasted the contents of the FRST.txt and Addition.txt files below.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by ljsed (administrator) on LAPTOP-8SISSELD (LENOVO 81YU) (02-01-2021 15:01:54)
Running from C:UsersljsedDownloads
Loaded Profiles: ljsed
Platform: Windows 10…