Auto Refresh Malware

Auto Refresh Malware is a deceptive Google Chrome addon that is underrated for causing redirects and displaying pornographic ads

Auto Refresh Malware (a.k.a. Auto Refresh Premium or Auto Refresh Plus) is a web browser’s extension that has been launched in 2016 by a team of young and ambitious developers with an intention to ensure an on-time refresh and reload of visited websites. According to the community reports^[1], this browser-based plug-in was quite popular up until now. However, experts included it in the malware and potentially unwanted programs (PUP) databases after its update in 2019 October when the 1.3.14 version has been released. 

According to experts, the Auto Refresh extension has received the crucial Privacy Policy changes, as well as some advertising policies. It seems to be injecting potentially dangerous scripts from static.trckingbyte.com, static/js/background.js, cwpx.armeriaalbenganese.it, static.privacytrck.com, Eaes.2track.info, and similar third-party domains. As a consequence, the affected web browser starts redirecting to affiliate third-party websites and generating new tab windows without permission. Based on people’s reports, some of the Auto Refresh ads may contain pornographic content or redirect people to infamous dating websites. 

Auto Refresh Malware has been a quite popular extension of web browsers until its developers decided to fill it with potentially dangerous, highly obfuscated scripts. Although it’s not dangerous, experts and users agree that the extension became a crapware and malware, the affiliated of which may be redirecting web browser’s pages to porno sites. 

The first Auto Refresh Premium was created in 2016 with limited functionalities and since then we have added some useful features that have been requested from you – e.g. several auto refresh timers for the different websites.

Unfortunately, the features that its developers claim^[2] to be useful are not useful at all. The scrips are not the only problem that provoked the negative reaction of the users. It seems that the Auto Refresh virus may be closely related to the js/background.js file, which may try to download a malicious payload of the JS/Chromex.Agent.AP trojan. 

The latter trojan-related Auto Refresh Malware may not reroute web browser to misleading third-party sites that contain porno or dating offers. Based on the latest reports, the app most frequently redirects to the Eaes.2track.info, dirtyflirt9.com, and similar domains. However, it can also track some pieces of personal information and perform other highly questionable browser-based performances:

• extract search engine queries;
• redirect the web browser to sponsored Yahoo-based search results instead of Google;
• record information stored on the browser’s cookies;
• read page URLs and replace referrer codes if needed;
• identify interaction with the e-commerce domains (register what products the user was interested in, the location of the service, the amount paid, etc.). However, there are no traces that the Auto Refresh Chrome extension would be capable of gathering PII (Personally Identifiable Information), such as banking information or names. 

To generalize, the Auto Refresh Plus and Premium Chrome extension is non-malicious on its own. However, it has been reported by many users on Reddit and other forums for potentially dangerous advertising schemes that may be used by third parties not only to promote dubious content but can also expose people to malware download sites. 

Auto Refresh extension is often dubbed as virus or malware due to the usage of malicious scripts that trigger redirects to x-rated sites

Auto Refresh extension is often dubbed as virus or malware due to the usage of malicious scripts that trigger redirects to x-rated sites

In some rare cases, this extension may directly affect web browsers by changing default settings, including start page, search engine, new tab, etc. by altered Yahoo search or other browser hijackers. The whole tandem of malware on the system may be difficult to remove. Therefore, we recommend you remove Auto Refresh virus from the extensions and programs list with the help of a professional anti-malware tool. 

If Auto Refresh Malware removal is disrupted some malicious processes, you should restart your machine into Safe Mode with Networking to disable all malicious malware-run processes. After that, launch a thorough system scan with a robust antivirus.

Finally, the users of the AutoRefresh extension should not forget to reset the web browser’s settings to default and repair the system’s performance. Windows registries and core OS components can be repaired with the help of Reimage Reimage Cleaner Intego tool. 

Shady third-party websites and misleading links can make people download malware

Most of the cyber threats are distributed in a misleading manner. Even though most of the potentially unwanted programs, malware, adware, browser hijackers, etc. have their official websites. However, that stand-alone fact does not make them reliable. The official website may be treated as a camouflage allowing to disguise stealthy distribution methods. 

According to LosVirus.es^[3], malware and potentially unwanted programs are usually distributed by bundling (attached to freeware apps as optional downloads). Nevertheless, this method, despite being misleading, is legitimate as it allows potential victims to deselect additional components. However, it’s a must to select the Advanced or Custom installation technique to see all setup windows. 

In addition to that, people can download malware-laced files via spam emails, dangerous third-party ads displayed on hacked websites, hyperlinks injected into random texts, pirated software, software cracks, keygens, etc. In general, all content that is accessible online should be inspected with carefulness. 

You should immediately leave the pages that you are forced to visit. Browser’s redirects are usually triggered by third-party extensions that seek to promote affiliate parties, their services, products, or simply boost traffic. However, in practice, the browser’s redirects can cause redirects to malware download sites, offensive or adult content where less experienced users can be tricked into giving away personal information or even money. 

Auto Refresh may be promoted as a legitimate extension, though it’s a PUP and adware in reality

Auto Refresh may be promoted as a legitimate extension, though it’s a PUP and adware in reality

Auto Refresh Malware elimination guide 

You may think that Auto Refresh extension is useful for your browsing activities until you start seeing intrusive redirects to websites full of pornographic scenes or ads promoting some dubious services. The extension must have been popular some time ago, however, its latest update seems to contain some potentially dangerous script that are programmed to reroute websites to pre-selected domains, as well as harvest some browser-based data.  

The app is under investigation right now, though there are some references for the Auto Refresh Premium Chrome extension to the js/background.js or JS/Chromex.Agent.AP trojan. Therefore, it’s advisable to scan the machine as soon as Auto Refresh ads emerge on the web browser. 

If you are using a professional anti-malware tool already, Auto Refresh Malware removal should not be a difficult task for you to perform. All you have to do is launch the AV scanner or, at best, restart the machine into Safe Mode before launching the scanner. 

If, however, you are not using an anti-malware tool, try installing Malwarebytes or SpyHunter 5Combo Cleaner tools to remove Auto Refresh Malware once and for all. As a final point, perform Windows repair with the help of Reimage Reimage Cleaner Intego utility, which may address Windows Registry entries, system files, and cache. 

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.