Jump to content

msjg

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    West Coast, USA
  1. Yeah, I don't think I'm quite ready to close yet. I'm busy at work right now, but there was some other weird stuff happening. Will write again in a few.
  2. Told the boss about the issue, explained what we've been doing, what the issue was, and showed him this page, and the logs. He called one of his 'security' friends, who basically told him to disconnect the routers, place them in the driveway, and run them over with his truck. Then after he's done that, to go out and buy a couple of AirPort Extremes, and lock them down. He didn't do that. (Though I kind of wish he had. I would've liked to witness that.) Instead he reset the router, changed the password, called the service provider, and basically spent the entire day running around disconnecting, reconnecting and reconfiguring things while on the phone with various tech support people. He was still at it when I left. I've never encountered anything like this before... A Chrome specific router malware. WTF?
  3. Okay. I'm at work now, connected to the wifi. MBAM, MCShield and Windows Defender are all up and running, and now I'm going to open Chrome. [...] And there it is again. MBAM is blocking. So, router malware?
  4. WiFi. I'm thinking the same thing. Machine has been working fine all night/morning. It's 5:45 AM here now, and I'm getting ready to shut down and head out. It'll be a couple of hours before I'm able to boot up there. I'll let you know what happens.
  5. Okay, I fully scanned my system again using MBAM (Premium) and Windows Defender; installed and ran MCShield and all scans came up clean for all drives - internal and external. Now it's time for a little experiment. This is what happens - Clean -> Everything looks great -> Use Chrome with no outbound crap happening and all drives connected -> Shut down -> Disconnect external drive -> Go to work -> Start up -> Open Chrome -> Issue immediately reappears with MBAM blocking the whatever it is. So now that I've run everything again, and my system appears to be clean, I'm going to open Chrome and do some basic stuff (read the news, browse reddit, watch stupid videos on youtube). Then I'm going to close everything down. Disconnect everything from my laptop, then start up and see if the issue occurs again. Be back in an hour or so.
  6. Yeah, so, I may have celebrated too soon. Same thing happened again this morning. Wasn't getting the notifications until I got into work, booted up and started Chrome. Same poop, different day. So I did everything I did yesterday again, with the fews steps you added above. Then this got me to thinking (which I should have done yesterday): The only difference between when I'm work and home, besides the personal vs. employer wifi, is that at home I have an external drive. Yesterday morning I was unable to access my external drive (F:), but I dismissed it because I was in a hurry to leave for work and shut down my laptop. The issue began when I booted back up again when at work. Now, last night my laptop was still not recognizing my external drive until *after* all of the scans/steps were completed and laptop rebooted. Everything worked fine (or seemed to be) until I shut down (disconnecting from external drive) and booted back up when I got to work - then the outgoing crap started again. So now I am back home, with my external (F:) drive connected and am doing a full scan (rootkit, treat PUP/PUM as malware, etc) on it. I'll follow all of the steps you listed in your replies above on it as well (unless you think it's not necessary). Anyway, the latest requested results files are attached. Fixlog.txt mrt_001.txt checkup.txt
  7. Hi Kevin, Followed all of your instructions, and all of the logs are attached. I haven't started Chrome yet since doing all of the scans [...] Okay, just opened it and there were no occurrences. Hopefully that's a good thing. Now I just have to figure out where/how the hell I picked whatever that was. I'm usually pretty good about keeping my machines clean, so this is bothersome. :-/ Addition_002.txt AdwCleanerC5.txt FRST_002.txt JRT.txt scan_log_08Sept2015_1906.txt
  8. Thanks, Kevin. I'm running the Malware Bytes scan again. Just FYI, I already had set "scan for rootkits" and for PUP and PUM "treat as malware" - been set that way since I first starting using MBAM. I'll follow the rest of the steps you have outlined and will post the results when done. It'll be a few hours.
  9. It started this morning after I booted my laptop at work. I had been online, and using Chrome from home from about 2 AM to 5 AM, (mostly on reddit and Google News) then shut down to pack up and go into the office. When I got into the office, I booted up as usual, but when I opened Chrome MWB started blocking repeated outgoing attempts to IP 198.105.244.114. All of the fake domain names were 'randomjumbleofletters.home' and all with the IP 198.105.244.114. Here's just a few: Detection, 9/8/2015 7:29 AM, SYSTEM, BLACK, Protection, Malicious Website Protection, IP, 198.105.244.114, bxustfudke.home, 60995, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,Detection, 9/8/2015 7:29 AM, SYSTEM, BLACK, Protection, Malicious Website Protection, IP, 198.105.244.114, bxustfudke.home, 60995, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,Detection, 9/8/2015 7:29 AM, SYSTEM, BLACK, Protection, Malicious Website Protection, IP, 198.105.244.114, fnpjlcqdj.home, 60996, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,Detection, 9/8/2015 7:29 AM, SYSTEM, BLACK, Protection, Malicious Website Protection, IP, 198.105.244.114, fnpjlcqdj.home, 60996, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,Detection, 9/8/2015 7:29 AM, SYSTEM, BLACK, Protection, Malicious Website Protection, IP, 198.105.244.114, xjkwmkamrtdvlg.home, 60997, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,Detection, 9/8/2015 7:29 AM, SYSTEM, BLACK, Protection, Malicious Website Protection, IP, 198.105.244.114, xjkwmkamrtdvlg.home, 60997, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,Detection, 9/8/2015 7:29 AM, SYSTEM, BLACK, Protection, Malicious Website Protection, IP, 198.105.244.114, xjkwmkamrtdvlg.home, 61002, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,I immediately shut down Chrome and did a Threat Scan, and when that found nothing, I went back and did a full, custom scan, including the rootkit scan option. Again, nothing was found. Attached are the full MWB Daily Log; FRST and Addition texts for more information. I'm using Firefox now, and have it set as my default browser until this issue is resolved. Addition.txt daily_log_08-Sept-2015.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.