Ditch67
-
Posts
65 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Ditch67
-
-
I reinstalled Chrome, and then installed Ad Block on both that and Edge.
CPU use went from 100% down to 2% with Edge and as low as 0.2% with Chrome.
It blocks 8 ads on Words With Friends (Facebook). So far haven't had any pop-ups or hijack attempts.
It may happen, but at the least I can play the bloody game!
Wish I'd known about this a year ago. Prolly wouldn't have sold my old computer.
Thanks, Jonny Q for the suggestion.
PS It's INSANE that Facebook still allows malvertising, given its billions $$$.
Too bad Senator McCain never passed a law covering it, years ago. -
This article https://www.theregister.co.uk/2015/08/27/malvertising_feature/ contains a graphic of it from Malwarebytes.org.
-
"Poisoned Ads"... This what we're getting?
http://www.archersecuritygroup.com/did-you-see-a-poisoned-ad-on-tmz-or-other-big-sites/
-
Okay. For fun I tried using Firefox. (It had run even slower when I tested it so I'd
only been using Edge.) Got same fake McAfee attempt as on Edge, but Firefox itself stopped it.
Was playing Words With Friends on Facebook.
-
Got the Fake McAfee Warning a few minutes after reset and reboot.
Was on the Weather Channel site, so... not likely their fault.
-
1) I don't own any other devices at all, and we turned off and cleared Sync awhile back.
Sync was in Off position. I ran the tenforum's regedit to be sure to shut off Reading Lists and Favorites.
I did not use their Option 2: "To Turn On or Off Sync Content in Microsoft Edge using a REG file" portion.
Not familiar with that, and the other two things I mentioned should've covered that.
2) No extensions are listed. It only offers suggestions on what to add. I've never added any to Edge.
(I don't much trust extensions to begin with.)
The one thing that never quite worked right was in resetting Edge... I recall one webpage
you gave me saying to paste the instructions (powershell as admin) while still in Safe Mode,
but I always got an error on that, and had to run the instructions after reboot to normal mode.
Are you able to run the code while in Safe Mode?
https://www.thewindowsclub.com/reset-microsoft-edge-browser-to-default-settings-in-windows-10
-
Playing Words With Friends still goes up to 100% CPU and then either
quickly crashes and reloads, or is taken over by virus. This one just now on Edge.
(Am I the only one with this malware? I'd hoped MWB heuristics would've reported
the pattern, or enough people would get it that it'd be a priority fix.)
Malwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 6/26/18
Protection Event Time: 4:49 PM
Log File: 62273998-7982-11e8-91cb-509a4cc94828.json
Administrator: Yes-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5641
License: Premium-System Information-
OS: Windows 10 (Build 17134.112)
CPU: x64
File System: NTFS
User: System-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0-Website Data-
Category: Fraud
Domain: ocsp.comodoca4.com
IP Address: 40.136.60.65
Port: [49204]
Type: Outbound
File: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe(end)
-
Command was accepted. Rebooted.
Side note, I haven't seen/reported as many errors over the last week as
Words With Friends was broken for web-users (it still is, but the progs gave me a work-around link yesterday).
-
Also, this is todays hijack attempt log:
Malwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 6/23/18
Protection Event Time: 2:52 PM
Log File: 8a32107a-7716-11e8-aa07-509a4cc94828.json
Administrator: Yes-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5599
License: Premium-System Information-
OS: Windows 10 (Build 17134.112)
CPU: x64
File System: NTFS
User: System-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0-Website Data-
Category: Hijack
Domain: westerndigitalmeasure.com
IP Address: 192.241.254.144
Port: [53317]
Type: Outbound
File: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe(end)
-
-
'Unhack me' pointed to 2 other antimalware programs... not very helpful. Two other hits looked questionable.
I chose to ignore its removal hints, so there's no log.
Zemana found one thing which I allowed to have quarantined. (text attached)
"Hosts file - 0.0.0.0 - ft.com" That site appears to be the legitimate Financial Times...
Not sure why that would be there, but I've never seen it as a pop-up. And I doubt it
leads me to fake Mcafee sites, etc. Odd.
-
Shortcut text attached.
-
I reset the router. But got this today while at my local news page using Edge [Malwarebytes didn't prevent it]
It showed up while I was in the middle of reading the article, changing to the page shown below.(http://upnorthlive.com/news/local/3-democrats-running-for-michigan-governor-have-1st-debate)
-
Thank you. I will do that next.
-
I got another hijack attempt on Edge. Is westerndigitalmeasure.com a legitimate address/company?
If all it does is try to breach security, why can't it be shut down? Also, does my computer have a virus,
or are regular websites and their legitimate ads being tampered with?
Malwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 6/16/18
Protection Event Time: 9:21 PM
Log File: ca253422-71cc-11e8-91b4-509a4cc94828.json
Administrator: Yes-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5512
License: Premium-System Information-
OS: Windows 10 (Build 17134.112)
CPU: x64
File System: NTFS
User: System-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0-Website Data-
Category: Hijack
Domain: westerndigitalmeasure.com
IP Address: 192.241.254.144
Port: [53773]
Type: Outbound
File: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe(end)
-
I've given up on Chrome and installed Firefox. Keeping Edge
(not like people have a choice there).
Unfortunately, since yesterday, Words with Friends for Facebook will
not load on either browser. Any chance Malwarebytes did this?
I only ask because they once blocked Candy Crush on Facebook
and only allowed it thru after I wrote to them.
(Installed Revo. Chrome is not listed as being found.)
-
Oddly you have to turn the Computer's setting Sync to On in order to turn the
Edge's Syncing Off. (Otherwise it's locked and greyed out.) … It's now off.
Malware Bytes was already set with the Notifications switch Off.
I will report results here for information's sake.
(I'm guessing Chrome is unsalvageable, then.)
-
Okay, total failure. Attached things...
As usual just running Edge, Words with Friends and watching Task Manager.
I see "phobos.exe" now in my tasks. That's bad, right? … unless someone named a file after a virus.
-
Edge hasn't show a pop-up yet, but during Words With Friends it went up
to 4.1GB of RAM and 100% CPU usage. As I type this it's using over 3GB of RAM.
Reminds me of what I've read about bitcoin mining viruses.
-
Have reinstalled Edge. It says "Something went wrong, but we resolved it
Microsoft Edge couldn't start properly, so we had to clear some data to get you back to browsing the web." It retained passwords. I have not imported the Favorites yet.Would note to people that "Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" -Verbose}" Can NOT be entered while in Safe Mode.
"Get-AppXPackage : This service cannot be started in Safe Mode
This service cannot be started in Safe Mode
At line:1 char:1
+ Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Ad ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AppxPackage], Exception
+ FullyQualifiedErrorId : System.Exception,Microsoft.Windows.Appx.PackageManager.Commands.GetAppxPackageCommand"Despite the instructions: You have to resume normal mode, then use it, then reboot.
Would also note that I found a Google folder (odd since we deleted Chrome).
It contains the folders "CrashReports" and "Software Reporter Tool". I found this because another user messaged
me about having the same Chrome problems where she ended the Task "process_reporter_tool" and that cleared it up.
I've kept the files from it, if you'd like to see them... let me know.
Am keeping an eye on Edge for now. Have not reinstalled Chrome.
-
Note that Arc Chat restored itself. Which is fine. It's for voice during a legitimate game I play.
The capture is of Edge starting to use vast amounts of memory and CPU. I don't think
it does that for other people playing Words with Friends on Facebook. It spikes for no
reason, when I haven't touched it. 3.7GB of ram and up to 100% CPU use is insane, right?
No other pages are open. No other programs running.
-
Deleted Chrome for now. Not a fan of Edge.
Edge hasn't hit an ad recently, but task manager (like with Chrome) shows
the CPU run to 100%. At that point Chrome forced me to an ad page,
but Edge tends to reboot the page I was already on. At least lately.
Is there a loophole in java that overloads a game and forces a page change?
-
Virus pop-up came back within 1 minute. I had not signed into google or anything.
It should've had no way to synch. Same kind of deal as in post #53.
I did restore my favorites from the html file Chrome created.
No idea if viruses can hide in that.
-
My guess failed. westerndigitalmeasure.com got thru again. Can Malwarebytes block that domain?
Will now re-try deleting Chrome.
Infected but can't find it
in Resolved Malware Removal Logs
Posted
Please close the topic. Thank you and the people who helped.