Jump to content

Job48

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by Job48

  1. Having same issue on my system. Win10pro x64. Current version of Malwarebytes Premium. The daily scan finds one potentially unwanted program that is a registry key, and 2 potentially unwanted modifications. I can exclude files, but when I check the boxes to the left of the threat scan results, the next button at the bottom right changes to "Quarantine Selected". On the settings tab, under Exclusions. when I click Add Exclusion, there is no option listed to add a registry key or otherwise tell Malwarebytes Premium to not bring these 3 items up again. I have had this computer setup for over a year. No changes in this regard. All of a sudden a few weeks ago I get these threat scan issues.
  2. 1-27-18 Was using my computer. Received an error message from Malwarebytes Premium 3.3.1. Running Win10 Pro x64. See file malwarebytes1.png. Tried rebooting. No change. Web Protection will not enable. Ultimately get malwarebytes2.png. I turned on beta updates, ran update. No application updates. This may be unrelated, but when I restart computer, both times I get a holdup on shutdown for .net-broadcasteventwindow.4.0.0.0.358a177.0. Based on above conversation, I assume this will not be solved by reinstalling.
  3. I removed all extensions but 1, and only have 8 web pages in my startup now. So far, not come back. Thanks for your help.
  4. These are the starting pages: http://slickdeals.net/www.foxnews.comwww.cnsnews.comwww.facebook.comwww.theblaze.comwww.breitbart.comhttp://www.jewishworldreview.com/cols/sowell1.asphttps://mail.google.com/mail/u/0/#inboxmy ISP webmail pagehotmail (live.com)http://www.drudgereport.com/https://twitter.com/#!/http://www.bookbub.com/ebook-deals/freehttp://slickdeals.net/forums/forumdisplay.php?f=4- opens slickdeals.net to the free items forum amazon free kindle books listing http://freebooksy.com/http://www.ereaderiq.com/freebies?s=ratinghttp://www.amazon.com/wishlist/http://www.amazon.com/mobile-apps- listing of free android app of the day http://www.mp3va.com/http://www.yugster.com/todays-deals/sneak-preview-offerhttp://wvrch.incentrev.com/
  5. It only happens on opening Chrome, never after. I am not opening a particular website. Happens on launch of Chrome. My router has DD-WRT firmware on it. Are you wanting me to put the factory firmware back on it? Just reset to DD-WRT defaults?
  6. I have eliminated all startup pages from Chrome. I opened and closed Chrome at least 30 times and nothing happened. When it happens, it is always the 7th tab in starting from the left.
  7. The website changes every time this happens, though it has a very similar look and feel.
  8. It's back. Attached is a screen capture of Chrome with the latest iteration of the madness. I also got the full tab this time including the pop up message. Chrome is locked up. I tried to load Chrome's task manager with Shift Escape, no success. After hitting X to close, another window popped up saying flash player was ready to install. I X'd that window too. I have uninstalled all extensions to Chrome. I have uninstalled many of the programs that I installed since 1-1-2015 last night. So far, nothing is helping. Next?
  9. Done. Thanks for the help. Will see if it comes up again. Have not figured out how to make it happen. Now that you have an informed view of my computer, why didn't MBAM catch this?
  10. Several months ago, this started, but only happened every 2 or 3 weeks. It is happening more frequently now, 2 days ago and today. The first 3 or 4 times the message was the same, but the website always changed - there was a tab opened to the listed website, but with nothing loaded. You could close the message and go on using Chrome. Here is an example: Yesterday downloaded and ran AdwCleaner. Results: AdwCleanerS0.txt cleaned, rebooted, the search provider stuff came back as soon as i opened Chrome. Figured out later. Discovered there was a bunch of files on MBAM Malware Exclusions. Removed all from the list. Ran full scan, found nothing. Run Norton Internet Security Version 21.6.0.32, ran full scan, found nothing. Today, the message totally changed. Top left was first, hit X, tall right was second, hit X, bottom left repeatedly came up until killing Chrome in Task Manager. It completely takes over Chrome, can't do anything else Ran AdwCleaner again. Results are: AdwCleanerS1.txt Finally figured out the search provider list in Chrome had these in the list, deleted all search providers except Google & DuckDuckGo. Subsequent scans show AdwCleanerR5.txt Downloaded and installed MBAR, came up clean, results are: mbar-log-2015-03-11 (18-07-24).txt Please help. For what it is worth, I NEVER search or view porn or anything like it. I bring this up because I saw it mentioned in another post asking for help. This seems to be some sort of Malware. BTW, searched for the phone number that came up today, found 855-999-8144 Old Assembly Point Rd, Lake George, New York at http://www.cjb.net/855/999.html AdwCleanerS0.txt AdwCleanerS1.txt
  11. It came up today, with totally different messages. Not fixed. Attaching JPG of the 3 messages that came up, the bottom left kept coming up every time I hit X in the upper corner. Finally used task manager to kill Chrome.
  12. I have no idea if the problem is fixed, because it only comes up every 10-14 days. The graphic displays a different THE PAGE AT ...... SAYS: - it is always a different website that it claims to be trying to help you. I guess time will tell.
  13. This is an infection that pops up in a browser on some random basis (like 1 in every 10 starts). It tries to take you to an Adobe looking website, purporting to update your media player. In my case, this has come up in Chrome, both at home and at work. I have MalwareBytes Premium on both computers. Full system scans find nothing, yet it keeps happening. Google searching for the Topic Title, you will find a website http://malwaretips.com/blogs/update-media-player-virus/ which recommends adwcleaner.exe. On running this program, it finds some things in Chrome, the registry, and the file system. I expect MWB to detect and prevent stuff like this. VERY disappointed. Here is the log from ADWCLEANER: # AdwCleaner v4.112 - Logfile created 10/03/2015 at 18:50:51# Updated 09/03/2015 by Xplode# Database : 2015-03-05.1 [server]# Operating system : Windows 7 Professional Service Pack 1 (x64)# Username : Our - CM3# Running from : C:\Users\Our\Desktop\adwcleaner_4.112.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\StarAppFolder Deleted : C:\ProgramData\cOontinuetoysAveFolder Deleted : C:\Program Files (x86)\CouponsFolder Deleted : C:\Users\Our\AppData\Local\apnFolder Deleted : C:\Users\Our\AppData\Local\cool_mirageFolder Deleted : C:\Users\Our\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Our\AppData\LocalLow\cOontinuetoysAveFolder Deleted : C:\Users\Our\AppData\Roaming\NCdownloaderFolder Deleted : C:\Users\Our\AppData\Roaming\download ManagerFolder Deleted : C:\Users\Our\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopopFile Deleted : C:\Users\Our\AppData\LocalLow\SkwConfig.binFile Deleted : C:\Users\Our\AppData\Roaming\Mozilla\Firefox\Profiles\4fz7ma69.default.old\searchplugins\Askcom.xmlFile Deleted : C:\Users\Our\AppData\Roaming\Mozilla\Firefox\Profiles\4fz7ma69.default.old\searchplugins\bingp.xmlFile Deleted : C:\Users\Our\AppData\Roaming\Mozilla\Firefox\Profiles\4fz7ma69.default.old\searchplugins\safesearch.xmlFile Deleted : C:\Users\Our\AppData\Roaming\Mozilla\Firefox\Profiles\4fz7ma69.default.old\user.jsFile Deleted : C:\Users\Our\AppData\Roaming\Mozilla\Firefox\Profiles\xmlmowsf.default\user.jsFile Deleted : C:\Users\Our\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journalFile Deleted : C:\Users\Our\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152281}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152281}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKCU\Software\BrothersoftKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\ImInstallerKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKLM\SOFTWARE\SProtectorData Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 192.168.*.*;*.local ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17689 -\\ Mozilla Firefox v35.0.1 (x86 en-US) [4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);[4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", false);[4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");[4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("extensions.518b90b063477.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...][4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Bing ");[4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Bing ");[4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.youtube.com/");[4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://www.bing.com/search?FORM=U038DF&PC=U038&dt=062613&q=");[4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");[4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");[4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");[4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");[4fz7ma69.default.old\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={B1B60A39-F213-11E2-A996-C86000BC024A}"); -\\ Google Chrome v41.0.2272.76 [C:\Users\Our\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={B1B60A39-F213-11E2-A996-C86000BC024A}[C:\Users\Our\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}[C:\Users\Our\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}[C:\Users\Our\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321733&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPC7C9C436-AE67-4A44-95ED-51E5EF77ADDF&q={searchTerms}&SSPV=[C:\Users\Our\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}[C:\Users\Our\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={B1B60A39-F213-11E2-A996-C86000BC024A}&crg=3.5000006.10045&st=23 ************************* AdwCleaner[R0].txt - [7484 bytes] - [10/03/2015 18:43:55]AdwCleaner[R1].txt - [6780 bytes] - [10/03/2015 18:47:43]AdwCleaner[s0].txt - [6714 bytes] - [10/03/2015 18:50:51] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6773 bytes] ########## I am attaching a JPG of the last pop-up, that blocks any usage of Chrome until you answer. I labeled the file virus.jpg, but really it is malware. Will anyone from MWB read this or respond as to why the program EPIC FAILed?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.