One of my clients apparently got some malware somewhere. He pays for a help-desk-type service, and they wound up installing a paid version of Windows Defender which restored function, but completely changed all of his settings, his desktop, etc.
Okay, I wasn’t around for any of that. What I tried very earnestly to do for him today is restore his Chrome bookmarks, which disappeared. It was an unbelievable pain, because the “folder options” “view” tab had been not just greyed out, but cleared of any information or buttons, so I couldn’t even see the folder the bookmarks are stored in.(because they are hidden by default) So I had to reboot in safe mode and use the “attrib” command to remove the “hidden” attribute just to look in the folder.
I found the “bookmarks.bak” file, dated the day before the disaster, 4 megs so I know it’s the right one. But the plain bookmarks file and the backup file are identical in size. They appear to be exactly the same. I did the filename switch anyway (method for restoring bookmarks from backup), restart chrome, and instead of bookmarks returning there is now a message from chrome saying he has to sign into his google account to retrieve the bookmarks. But he doesn’t have one, never has. He just uses the chrome browser.
Decided to try the “forgot your password?” button, went through process, got email with one-time code to sign in, but after entering code, the next message is “we cannot verify that this is your email.”
Well of course they can’t, because he has never told them what it was!
So now he’s in a Catch-22 Loop of Doom. Is there any way out?
Oh, I forgot to mention this. Sorry. He already had Internet Explorer, and I had already installed firefox. Trying to use their import functions results in an offer to import, but only from I.E. Neither of them list chrome as an import source.The bookmark file, oddly enough, has no file format, and firefox is specifically looking for HTML. (it can be opened with notepad.)
The export function in chrome appears to be missing. Not just grayed out, gone. :rolleyes:
God, it sure does! I am pretty sure he has an ongoing contract with a tech service of some kind. It looks to me like they may have done a reinstall, the kind that’s overlaid on the existing OS so that things like programs you’ve added on remain. Or maybe it was SFC; I am not conversant with how Windows Defender works. But his desktop was returned to generic & nearly all shortcuts were gone.
Another thing I noticed was that no browser of the three would let me download anything. All downloads “failed.”
It really was acting just like ransomeware. If the tech was not familiar with this new variant, god knows what kind of unholy hybrid may have been created.
When I finally had to leave, firefox had started asking for a password out of the blue. I could only get around that by opening a new window. (the old net zero trick ho ho.)
I was wondering about your statement “paid version of Windows Defender”. As far as I know Windows Defender doesn’t have a paid version–it is completely free from Microsoft. While a tech support firm which he has a contract with might probably charge a service charge they would say that. So again this supports the idea of a scam. https://www.microsoft.com/en-us/windows/comprehensive-security
If the problems with the system will still allow you to manually rename the file, you can add an extension to it. Sometimes that is enough to then allow a file to be opened.
If the file is encrypted, as Chrome is suggesting, then you may be out of luck.
Chrome stores its bookmarks in a SQLite file. You can find SQLite database browsers online, and see if any of them can open the file and view the bookmarks. Something like thismight do the trick.
On another note, based on what you’ve described about the state of this computer, I’d back it all up and do a wipe and reinstall of Windows. Go back to a clean state. (And yes, whoever gave him a “paid” version of Windows Defender must have been pulling some kind of scam, like PastTense says.) God knows what has been done to this poor computer; wipe it and reinstall.
EDIT: sorry; the above info is wrong. Chrome’s history file is a SQLite database. Its bookmarks file is a simple JSON file. Any text editor should be able to open and view a JSON file, again, assuming it hasn’t been encrypted in which case all bets are off.
That’s the version of Windows Defender sold to corporations that have hundreds of computers to manage & protect. Not something that a help-desk service would install for an individual user.
More likely the “paid version of Windows Defender” is part of the scam.