unknown script on every website when inspect element

Question

whenever I inspect any page from any website with my google chrome, I get this script in the page header always:

<script type="text/javascript" src="//js.ktwt.ru/main_en.js?guid=340fbe57eb2704a03d7e55d47615754e0c00e51f&amp;s=%5B%22youtube%22%2C%22noads%22%2C%22lang_en%22%2C%22youtube_downloader_ext%22%5D" charset="utf8"></script>

and this Iframe in the body:

<iframe src="//s.ktbt.ru/t.html?d=www.google.com&amp;preload=%5B%22youtube%22%2C%22noads%22%2C%22lang_en%22%2C%22youtube_downloader_ext%22%5D" scrolling="no" style="width: 1px; height: 1px; margin: 0px; padding: 0px; overflow: hidden; display: none;"></iframe>

I'm just curious to know if this is a malware or might affect my PC, I don't see any of the above when View Page Source. My Bitdefender and Malwarebytes are not detecting anything wrong.

Do you have an Idea? I am sure something ending with .ru is not authentic!

Answer 1

After two weeks of :

• Internet investigations about AdsOffers, OfferWizard
• Hard drive scanning ... none of the antivirus have detected something bad !?!

-> almost nothing to get rid of that invasive attack on web scouting.

SOLUCE :

I have simply used AdBlock extension of Chrome browser.

I had a look at the "show the resource list" of your attacked webpage. You can then detect some suspicious URL traffic.

Then :

• I went to the AdBlock Options
• Added to my filter list :

||js.ktbt.ru

||jso.donediv.net

||pub.adk2.co

for more info, how to add filter url https://adblockplus.org/en/filters

Things looks more under control, now !!!

Problem solved.

Answer 2

::UPDATE:: -<ktbt.ru>- ::SOLVED:: (shortened explanation Uninstall HISTORY TRENDS UNLIMTED)

READ on to learn what this is all about!

[SUBJECT: ktbt.ru, js.ktbt.ru, s.ktbt.ru]

Picture explains a bit to the investigation multiple photos combined! I've got this bazaar cookie that i can't get rid of. FUnny statement! Most of you generally would have a clue what i'm talking about! LOL

Simple location to remove the extention
%USERDATA%\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pnmchffiealhkdloeffcdnbgdnedheme_0
or simply remove from within chrome! Like in the picture provided

No seriously though i have a residing cookie from this Russian site. i recommend not clicking the link im only posting for informational sharing and gathering to see if like minded folk have similar problem or even a solution

If i had Linux i would just use grep!

grep -iR "js.ktwt.ru"
grep -iR "s.ktwt.ru"
grep -iR ".ktwt.ru"

THis is being blocked now by my router and parental controls and website/DNS Blocking
js.ktbt.ru/main_en.js?guid=A5A5a2b3b77efi2d2b13994227a8cb24G934258ea17dcc&s=%5B%22noads%22%2C%22lang_en%22%2C%22voice_input%22%2C%22v_fb%22%5D

Look at the GUID that bothers me! I did insert bogus random digits into the GID seemed to much like a violation and collection and personal identifier which would say something to someone that created it in there hands! to the average and mostly all lamaans or Neanderthal Like myself! =-)

cookies always trying to checking here
s.ktbt.ru
js.ktbt.ru
[*.]ktbt.ru

frustrating though im pretty silly smart when it comes to reversing data! This has proven to be a bugger!

Justin Cram (DyingJedi) solution with image & Link back address
https://plus.google.com/109698160122468898362/posts/5VAG6oyLVX2

#Chrome   #chromeextension  #ktbt.ru #s.ktbt.ru #js.ktbt.ru #cookies   #chrome bug #History Trends Unlimited 
#pnmchffiealhkdloeffcdnbgdnedheme #%USERDATA%\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pnmchffiealhkdloeffcdnbgdnedheme_0

Please share or plus one if you found this helpful! HI5 DJ

  https://lh5.googleusercontent.com/-OGUIu0gXg3s/UkO_kw5Cv6I/AAAAAAAAuxc/y2xkRhap8rQ/w1578-h691-no/KTBT.ru_SOLVED_Found_culprit+to+my+crappy+chrome+running+terrible+always+trying+to+get+to+ktbt.ru.png