Jump to content

Tromador

Members
  • Content Count

    30
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by Tromador

  1. 11 minutes ago, kevinf80 said:
    Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings/syncSetup hit enter...

    In the new window that opens "Sync everthing" will probably be selected, scroll down to and select "Managed sync data on Google Dashboard"

     

    For reference, this screen was somewhat different. (Chrome Version 85.0.4183.102 (Official Build) (64-bit))
    It has a separate "manage what you sync" screen, rather than a "Sync Everything" checkbox.
    To reach the review page, the correct button/link is entitled "Review your synced data"

    I also manually removed the google update service and google update task user jobs.

    I'll let you know if I get further detections.

    • Like 1
  2. Sounds like you have the exact same issue as me. On the one hand it's nice to see the issue confirmed by another user, on the other, I'm sorry to hear you have this problem too.

    It's also useful to hear your experience as further evidence to rule out the problem existing in other browsers.

    Like you I've not deliberately installed any fastsearch software, nor have any appearing in my programs.

    It might help the staff if you followed the instructions in this link and scan with autoruns as in the post from Keith above, just possibly they show something my logs don't.

     

  3. I've not yet seen this happen with Edge, though given the intermittent nature of the issue with Chrome it's hard to tell if that's conclusive.

    I have also uninstalled and reinstalled Chrome, including deleting services and daily tasks, I'm not sure what your procedure is, but I'm fairly sure I cleaned it completely.

    I'm attaching the autoruns log as requested. As far as I can tell it's not found anything untoward.

    ORAC.zip

  4. 4 hours ago, kevinf80 said:

    If the issue returns I will give instructions to make a clean install of Chrome, occasionally that is the only option that works....

    The issue continues - 

    All we've tried is resyncing against cloud data which is generally used to stop a recurring detected problem, resyncing data which may be infected, isn't going to cure anything. Indeed, if I do a clean un/reinstall of chrome, it's possible that it will just download something back down from the cloud when I log my Google account back in. To be 100% sure, I'll need a procedure for cleaning my Google profile and also go through a stack of other devices to make sure they aren't storing that profile information either. 

    That said, is there no mileage in doing some digging, clearly something has infected Chrome, something which MB is unable to detect. A clean uninstall of Chrome might well cure the problem, but we learn nothing. What we have appears to be something new, would it not be helpful to MB in general if we found the problem. I don't feel entirely comfortable with leaving it for someone else to get infected via the same vector and something more serious than MB blocking its outbound.

  5. MB is (correctly as far as I can see) continuously (every 20 mins or so) blocking access to fastsearch.me from chrome. In addition, there are odd instances of other sites, such as stat1.info and adultsonly.pro being blocked.
    I've run a manual scan of my system and MB shows the machine as 100% clean.

    These two statements appear contradictory - either something has crawled inside chrome and is trying to outbound to these sites, or the machine is clean. I'm inclined to the former.
    I've had a quick web search and can't find anything reliable about fixing this other than multitudinous sites trying to sell me their particular removal tools.

    Does anyone have some advice?
     

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Protection Event Date: 01/09/2020
    Protection Event Time: 05:36
    Log File: a8be39e8-ec0c-11ea-994e-2c4d54d3c481.json

    -Software Information-
    Version: 4.2.0.82
    Components Version: 1.0.1025
    Update Package Version: 1.0.29291
    Licence: Premium

    -System Information-
    OS: Windows 10 (Build 18362.1016)
    CPU: x64
    File System: NTFS
    User: System

    -Blocked Website Details-
    Malicious Website: 1
    , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

    -Website Data-
    Category: PUP
    Domain: fastsearch.me
    IP Address: 212.83.190.17
    Port: 80
    Type: Outbound
    File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (end)

    log.png

  6. My mistake, apparently I whitelisted it and then erased the event from my memory. 

    Nevertheless, has there actually been any malware served from that site, or is it (as browser guard suggests) just a suspicion?

    If it definitely has been serving malware, it's a real shame as there are lots of high quality morrowind mods held only there and referenced in a number of guides so a definitive answer would help/inform that community.

  7. The website itself wasn't blocked, but I got a block action when I tried to download the software from their front page.

    I can't give the exact url, as it's called from a script, but the relevant element reads:

    <img class="downloadDiv undefined" onclick="window.location.href = 'FileSend.aspx?id=VoiceAttackInstaller.exe';" src="assets/images/downloadFlat.png" id="downloadIcon">

    I was able to work around by telling MWB not to block this again.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.