Jump to content

Ditch67

Honorary Members
  • Posts

    65
  • Joined

  • Last visited

Posts posted by Ditch67

  1. I reinstalled Chrome, and then installed Ad Block on both that and Edge.

    CPU use went from 100% down to 2% with Edge and as low as 0.2% with Chrome.

    It blocks 8 ads on Words With Friends (Facebook). So far haven't had any pop-ups or hijack attempts.

    It may happen, but at the least I can play the bloody game!

     

    Wish I'd known about this a year ago. Prolly wouldn't have sold my old computer.

    Thanks, Jonny Q for the suggestion.

     

    PS It's INSANE that Facebook still allows malvertising, given its billions $$$. 
    Too bad Senator McCain never passed a law covering it, years ago.

  2. 1)  I don't own any other devices at all, and we turned off and cleared Sync awhile back.

    Sync was in Off position.  I ran the tenforum's regedit to be sure to shut off Reading Lists and Favorites.

    I did not use their Option 2: "To Turn On or Off Sync Content in Microsoft Edge using a REG file" portion. 

    Not familiar with that, and the other two things I mentioned should've covered that.

    2) No extensions are listed. It only offers suggestions on what to add. I've never added any to Edge. 

    (I don't much trust extensions to begin with.)

     

    The one thing that never quite worked right was in resetting Edge... I recall one webpage

    you gave me saying to paste the instructions (powershell as admin) while still in Safe Mode,

    but I always got an error on that, and had to run the instructions after reboot to normal mode.

    Are you able to run the code while in Safe Mode? 

    https://www.thewindowsclub.com/reset-microsoft-edge-browser-to-default-settings-in-windows-10

     

     

     

     

  3. Playing Words With Friends still goes up to 100% CPU and then either

    quickly crashes and reloads, or is taken over by virus.  This one just now on Edge.

    (Am I the only one with this malware? I'd hoped MWB heuristics would've reported

    the pattern, or enough people would get it that it'd be a priority fix.) 

     

    WWF.txt

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Protection Event Date: 6/26/18
    Protection Event Time: 4:49 PM
    Log File: 62273998-7982-11e8-91cb-509a4cc94828.json
    Administrator: Yes

    -Software Information-
    Version: 3.5.1.2522
    Components Version: 1.0.374
    Update Package Version: 1.0.5641
    License: Premium

    -System Information-
    OS: Windows 10 (Build 17134.112)
    CPU: x64
    File System: NTFS
    User: System

    -Blocked Website Details-
    Malicious Website: 1
    , , Blocked, [-1], [-1],0.0.0

    -Website Data-
    Category: Fraud
    Domain: ocsp.comodoca4.com
    IP Address: 40.136.60.65
    Port: [49204]
    Type: Outbound
    File: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

     

    (end)

     

  4. Also, this is todays hijack attempt log:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Protection Event Date: 6/23/18
    Protection Event Time: 2:52 PM
    Log File: 8a32107a-7716-11e8-aa07-509a4cc94828.json
    Administrator: Yes

    -Software Information-
    Version: 3.5.1.2522
    Components Version: 1.0.374
    Update Package Version: 1.0.5599
    License: Premium

    -System Information-
    OS: Windows 10 (Build 17134.112)
    CPU: x64
    File System: NTFS
    User: System

    -Blocked Website Details-
    Malicious Website: 1
    , , Blocked, [-1], [-1],0.0.0

    -Website Data-
    Category: Hijack
    Domain: westerndigitalmeasure.com
    IP Address: 192.241.254.144
    Port: [53317]
    Type: Outbound
    File: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

     

    (end)

     

    hijack.txt

     

  5. 'Unhack me' pointed to 2 other antimalware programs... not very helpful. Two other hits looked questionable.

    I chose to ignore its removal hints, so there's no log.

    Zemana found one thing which I allowed to have quarantined.  (text attached)

     

    "Hosts file - 0.0.0.0 - ft.com"   That site appears to be the legitimate Financial Times...

    Not sure why that would be there, but I've never seen it as a pop-up. And I doubt it

    leads me to fake Mcafee sites, etc. Odd.

     

     

    2018.06.23-16.01.41-i0-t92-d1.txt

  6. I reset the router. But got this today while at my local news page using Edge [Malwarebytes didn't prevent it]
    It showed up while I was in the middle of reading the article, changing to the page shown below.

    (http://upnorthlive.com/news/local/3-democrats-running-for-michigan-governor-have-1st-debate)

    Malware address: http://mcafeesecurity.application-center.me/4/?utm_source=dhara1&utm_pubid=d4908ba5-c683-48e4-9324-4a755d8a986c&x-context=wBFHLMDILJIDFDQE1JC7API0&xm=lm.vxilehikc0dxq.stream

     

    mcaffeefake.jpg.4757e59db6bdfe85c2835dcd8bce5efa.jpg

     

     

     

     

  7. Rats....  At http://upnorthlive.com/news/nation-world/federal-judge-jails-ex-trump-campaign-chair-paul-manafort-ahead-of-trial

    I got another hijack attempt on Edge.  Is westerndigitalmeasure.com a legitimate address/company? 

    If all it does is try to breach security, why can't it be shut down? Also, does my computer have a virus,

    or are regular websites and their legitimate ads being tampered with?

     

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Protection Event Date: 6/16/18
    Protection Event Time: 9:21 PM
    Log File: ca253422-71cc-11e8-91b4-509a4cc94828.json
    Administrator: Yes

    -Software Information-
    Version: 3.5.1.2522
    Components Version: 1.0.374
    Update Package Version: 1.0.5512
    License: Premium

    -System Information-
    OS: Windows 10 (Build 17134.112)
    CPU: x64
    File System: NTFS
    User: System

    -Blocked Website Details-
    Malicious Website: 1
    , , Blocked, [-1], [-1],0.0.0

    -Website Data-
    Category: Hijack
    Domain: westerndigitalmeasure.com
    IP Address: 192.241.254.144
    Port: [53773]
    Type: Outbound
    File: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

     

    (end)

  8. I've given up on Chrome and installed Firefox. Keeping Edge 

    (not like people have a choice there).

     

    Unfortunately, since yesterday, Words with Friends for Facebook will

    not load on either browser.  Any chance Malwarebytes did this? 

    I only ask because they once blocked Candy Crush on Facebook

    and only allowed it thru after I wrote to them. 

     

    (Installed Revo. Chrome is not listed as being found.)

     

  9. Oddly you have to turn the Computer's setting Sync to On in order to turn the

    Edge's Syncing Off. (Otherwise it's locked and greyed out.)  … It's now off.

     

    Malware Bytes was already set with the Notifications switch Off.

     

    I will report results here for information's sake. 

     

    (I'm guessing Chrome is unsalvageable, then.)

     

  10. Have reinstalled Edge. It says "Something went wrong, but we resolved it
    Microsoft Edge couldn't start properly, so we had to clear some data to get you back to browsing the web." It retained passwords. I have not imported the Favorites yet.

    Would note to people that "Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" -Verbose}"  Can NOT be entered while in Safe Mode

    "Get-AppXPackage : This service cannot be started in Safe Mode
    This service cannot be started in Safe Mode
    At line:1 char:1
    + Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Ad ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Get-AppxPackage], Exception
        + FullyQualifiedErrorId : System.Exception,Microsoft.Windows.Appx.PackageManager.Commands.GetAppxPackageCommand"

    Despite the instructions: You have to resume normal mode, then use it, then reboot.

     

    Would also note that I found a Google folder (odd since we deleted Chrome). 

    It contains the folders "CrashReports" and "Software Reporter Tool".  I found this because another user messaged

    me about having the same Chrome problems where she ended the Task "process_reporter_tool" and that cleared it up.

    I've kept the files from it, if you'd like to see them... let me know.

     

    Am keeping an eye on Edge for now. Have not reinstalled Chrome.

     

     

     

     

  11. Note that Arc Chat restored itself. Which is fine. It's for voice during a legitimate game I play.

    The capture is of Edge starting to use vast amounts of memory and CPU. I don't think

    it does that for other people playing Words with Friends on Facebook. It spikes for no

    reason, when I haven't touched it. 3.7GB of ram and up to 100% CPU use is insane, right?

    No other pages are open. No other programs running.

    FRST6-8.txt

    Addition6-8.txt

    EdgeOverload1.jpg.463b794e4b548c6aefad2f60da256c19.jpg

     

  12. Deleted Chrome for now. Not a fan of Edge.  

    Edge hasn't hit an ad recently, but task manager (like with Chrome) shows

    the CPU run to 100%. At that point Chrome forced me to an ad page, 

    but Edge tends to reboot the page I was already on. At least lately. 

    Is there a loophole in java that overloads a game and forces a page change?

     

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.