Auto Refresh Malware


Auto Refresh Malware is a deceptive Google Chrome addon that is underrated for causing redirects and displaying pornographic ads

Auto Refresh Chrome extension

Auto Refresh Chrome extension

Auto Refresh Malware (a.k.a. Auto Refresh Premium or Auto Refresh Plus) is a web browser’s extension that has been launched in 2016 by a team of young and ambitious developers with an intention to ensure an on-time refresh and reload of visited websites. According to the community reports[1], this browser-based plug-in was quite popular up until now. However, experts included it in the malware and potentially unwanted programs (PUP) databases after its update in 2019 October when the 1.3.14 version has been released. 

According to experts, the Auto Refresh extension has received the crucial Privacy Policy changes, as well as some advertising policies. It seems to be injecting potentially dangerous scripts from static.trckingbyte.com, static/js/background.js, cwpx.armeriaalbenganese.it, static.privacytrck.com, Eaes.2track.info, and similar third-party domains. As a consequence, the affected web browser starts redirecting to affiliate third-party websites and generating new tab windows without permission. Based on people’s reports, some of the Auto Refresh ads may contain pornographic content or redirect people to infamous dating websites. 

Name Auto Refresh or Auto Refresh Premium
Classification Malware, potentially unwanted program (PUP), adware
Distribution The extension is usually installed purposely for increasing the website’s load time and ensure a regular reload/refresh functions. However, it can also sometimes be promoted via freeware bundles and infiltrate machines without being noticed
The problematic version Upon the release of the updated Auto Refresh version (1.3.14) users started reporting the extension for displaying intrusive ads and redirecting people to x-rated adult websites
 Symptoms The most prominent symptom – the presence of a new extension on the default web browser. However, the extension can start causing redirects to irrelevant websites, generate intrusive ads among search results, deliver altered search results, etc. 
Related The extension can regularly initiate redirects via the following: 
-static.trckingbyte.com
-static/js/background.js
-cwpx.armeriaalbenganese.it
-static.privacytrck.com
 Elimination Since this extension is accused of installing malicious scripts and trojan JS/Chromex.Agent.AP, it’s advisable to remove Auto Refresh malware using a professional AV engine
 Fix & Repair  Every time when malware affects the machine, it’s recommended to repair Windows registry entries. For this purpose, you can try using Reimage Reimage Cleaner Intego tool

Auto Refresh Malware has been a quite popular extension of web browsers until its developers decided to fill it with potentially dangerous, highly obfuscated scripts. Although it’s not dangerous, experts and users agree that the extension became a crapware and malware, the affiliated of which may be redirecting web browser’s pages to porno sites. 

The first Auto Refresh Premium was created in 2016 with limited functionalities and since then we have added some useful features that have been requested from you – e.g. several auto refresh timers for the different websites.

Unfortunately, the features that its developers claim[2] to be useful are not useful at all. The scrips are not the only problem that provoked the negative reaction of the users. It seems that the Auto Refresh virus may be closely related to the js/background.js file, which may try to download a malicious payload of the JS/Chromex.Agent.AP trojan. 

The latter trojan-related Auto Refresh Malware may not reroute web browser to misleading third-party sites that contain porno or dating offers. Based on the latest reports, the app most frequently redirects to the Eaes.2track.info, dirtyflirt9.com, and similar domains. However, it can also track some pieces of personal information and perform other highly questionable browser-based performances:

  • extract search engine queries;
  • redirect the web browser to sponsored Yahoo-based search results instead of Google;
  • record information stored on the browser’s cookies;
  • read page URLs and replace referrer codes if needed;
  • identify interaction with the e-commerce domains (register what products the user was interested in, the location of the service, the amount paid, etc.). However, there are no traces that the Auto Refresh Chrome extension would be capable of gathering PII (Personally Identifiable Information), such as banking information or names. 

To generalize, the Auto Refresh Plus and Premium Chrome extension is non-malicious on its own. However, it has been reported by many users on Reddit and other forums for potentially dangerous advertising schemes that may be used by third parties not only to promote dubious content but can also expose people to malware download sites. 

Auto Refresh virus
Auto Refresh extension is often dubbed as virus or malware due to the usage of malicious scripts that trigger redirects to x-rated sites

Auto Refresh virus
Auto Refresh extension is often dubbed as virus or malware due to the usage of malicious scripts that trigger redirects to x-rated sites

In some rare cases, this extension may directly affect web browsers by changing default settings, including start page, search engine, new tab, etc. by altered Yahoo search or other browser hijackers. The whole tandem of malware on the system may be difficult to remove. Therefore, we recommend you remove Auto Refresh virus from the extensions and programs list with the help of a professional anti-malware tool. 

If Auto Refresh Malware removal is disrupted some malicious processes, you should restart your machine into Safe Mode with Networking to disable all malicious malware-run processes. After that, launch a thorough system scan with a robust antivirus.

Finally, the users of the AutoRefresh extension should not forget to reset the web browser’s settings to default and repair the system’s performance. Windows registries and core OS components can be repaired with the help of Reimage Reimage Cleaner Intego tool. 

Shady third-party websites and misleading links can make people download malware

Most of the cyber threats are distributed in a misleading manner. Even though most of the potentially unwanted programs, malware, adware, browser hijackers, etc. have their official websites. However, that stand-alone fact does not make them reliable. The official website may be treated as a camouflage allowing to disguise stealthy distribution methods. 

According to LosVirus.es[3], malware and potentially unwanted programs are usually distributed by bundling (attached to freeware apps as optional downloads). Nevertheless, this method, despite being misleading, is legitimate as it allows potential victims to deselect additional components. However, it’s a must to select the Advanced or Custom installation technique to see all setup windows. 

In addition to that, people can download malware-laced files via spam emails, dangerous third-party ads displayed on hacked websites, hyperlinks injected into random texts, pirated software, software cracks, keygens, etc. In general, all content that is accessible online should be inspected with carefulness. 

You should immediately leave the pages that you are forced to visit. Browser’s redirects are usually triggered by third-party extensions that seek to promote affiliate parties, their services, products, or simply boost traffic. However, in practice, the browser’s redirects can cause redirects to malware download sites, offensive or adult content where less experienced users can be tricked into giving away personal information or even money. 

Auto Refresh official website
Auto Refresh may be promoted as a legitimate extension, though it’s a PUP and adware in reality

Auto Refresh official website
Auto Refresh may be promoted as a legitimate extension, though it’s a PUP and adware in reality

Auto Refresh Malware elimination guide 

You may think that Auto Refresh extension is useful for your browsing activities until you start seeing intrusive redirects to websites full of pornographic scenes or ads promoting some dubious services. The extension must have been popular some time ago, however, its latest update seems to contain some potentially dangerous script that are programmed to reroute websites to pre-selected domains, as well as harvest some browser-based data.  

The app is under investigation right now, though there are some references for the Auto Refresh Premium Chrome extension to the js/background.js or JS/Chromex.Agent.AP trojan. Therefore, it’s advisable to scan the machine as soon as Auto Refresh ads emerge on the web browser. 

If you are using a professional anti-malware tool already, Auto Refresh Malware removal should not be a difficult task for you to perform. All you have to do is launch the AV scanner or, at best, restart the machine into Safe Mode before launching the scanner. 

If, however, you are not using an anti-malware tool, try installing Malwarebytes or SpyHunter 5Combo Cleaner tools to remove Auto Refresh Malware once and for all. As a final point, perform Windows repair with the help of Reimage Reimage Cleaner Intego utility, which may address Windows Registry entries, system files, and cache. 

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

The government has many issues in regards to tracking users’ data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.