Jump to content

TapperD

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I removed the extension directly in chrome, and ran the scan once again and it all came out clean. I do get that this is not the way to use an ad-blocker, but how can I fix the issue when nothing comes on *any* scan after those first initial threats that were detected and removed? Also, I've been using the FBunseen extension for over two years now way before this issue started happening and unlike PCs, the options for mac are very few in terms of solutions. I've disabled some of the extensions I have, but if the problem is not any malicious extensions, this doesn't seem to fix anything either..?
  2. Hi Treed, thanks a lot for your reply and apologies for writing back so late. Here's the snapshot of the system: Malwarebytes Anti-Malware 1.2.6.730 system report - May 27, 2017 at 12:13:59 GMT+2 Mac OS X version Version 10.11.6 (Build 15G1421) System uptime: 0d 00:02:07 Helper tool version: 1.2.6.730 Signatures version: 201 Safari extensions ----------------------- Minxy Minxy Name: DivX Plus Web Player HTML5 <video> Path: /Users/Minxy/Library/Safari/Extensions/DivXHTML5.safariextz Modified: 2013-07-19 09:57:58 +0000 Chrome extensions ----------------------- Minxy Default Name: Duolingo on the Web Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/aiahmijlpehemcpleichkcokhegllfjl Modified: 2016-07-06 17:50:30 +0000 Name: Google Drive Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf Modified: 2015-10-23 03:41:09 +0000 Name: YouTube Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo Modified: 2015-10-02 19:24:54 +0000 Name: uBlock Origin Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/cjpalhdlnbpafiamejdnhcphjbkeiagm Modified: 2017-05-20 10:03:38 +0000 Name: Google Search Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/coobgpohoikkiipiblmjeljniedjpjpf Modified: 2015-10-31 18:01:19 +0000 Name: Session Buddy Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/edacconmaakjimmfgnblocblbcdcpbko Modified: 2017-05-08 13:16:46 +0000 Name: Closed tabs Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/eonffnnfmbfnmjpaiigdclmfelolemah Modified: 2016-08-18 09:53:59 +0000 Name: QCLean:Remove Facebook Ad,Suggested Page&Post Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/fdhhejjkjfjkchkimomgfegnpapndjne Modified: 2017-01-21 14:24:06 +0000 Name: Wunderlist - To-do and Task list Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/fjliknjliaohjgjajlgolhijphojjdkc Modified: 2016-01-22 01:30:11 +0000 Name: PDF Mage Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/gknphemhpcknkhegndlihchfonpdcben Modified: 2016-10-21 10:58:55 +0000 Name: Pinterest Save Button Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/gpdjojdkbbmdfjfahjcgigfpmkopogic Modified: 2017-04-22 11:15:22 +0000 Name: Symphonical Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/hcgllakjbbignhambejggdljofdagfja Modified: 2013-11-09 19:11:39 +0000 Name: LastPass: Free Password Manager Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/hdokiejnpimakedhajhdlcegeplioahd Modified: 2017-05-12 18:30:07 +0000 Name: feedly Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/hipbfijinpcgfogaopmgehiegacbhmob Modified: 2016-08-23 08:18:08 +0000 Name: Eye Dropper Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/hmdcmlfkchdmnmnmheododdhjedfccka Modified: 2016-10-06 23:45:40 +0000 Name: Unseen Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/iicapmagmhahddefgokbabbgieiogjop Modified: 2017-03-20 05:50:44 +0000 Name: Grammarly for Chrome Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/kbfnbcaeplbcioakkpcpgfkobkghlhen Modified: 2017-05-18 08:33:58 +0000 Name: The Great Suspender Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/klbibkeccnjlkjkiokjodocebajanakg Modified: 2017-03-05 20:10:25 +0000 Name: Save as PDF Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/kpdjmbiefanbdgnkcikhllpmjnnllbbc Modified: 2016-11-05 12:48:25 +0000 Name: Momentum Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/laookkfknpbbblfpciffpaejjkokdgca Modified: 2017-05-01 21:10:20 +0000 Name: Numerics Calculator & Converter Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/liglcienpnkhdajdfmnpbgmpjglonipe Modified: 2014-01-17 06:41:00 +0000 Name: Currency Converter Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/lncdobdbibdgoiohgnflmjajfphcnakg Modified: 2017-04-26 12:14:40 +0000 Name: Boomerang for Gmail Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/mdanidgdpmkimeiiojknlnekblgmpdll Modified: 2017-05-17 10:07:58 +0000 Name: Do It (Tomorrow) Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/nfagjoblnoeagfhfhohcdklnddjaiglo Modified: 2014-12-28 10:10:35 +0000 Name: Save to Pocket Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj Modified: 2017-04-25 14:20:23 +0000 Name: Chrome Web Store Payments Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda Modified: 2017-03-10 11:40:15 +0000 Name: Buffer Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/noojglkidnpfjbincgijbaiedldjfbhh Modified: 2017-05-10 10:31:02 +0000 Name: Print Friendly & PDF Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/ohlencieiipommannpdfcmfdpjjmeolj Modified: 2017-02-04 12:29:27 +0000 Name: Gmail Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia Modified: 2015-04-03 15:35:55 +0000 Name: Chrome Media Router Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm Modified: 2017-05-17 10:07:58 +0000 Profile 2 Name: Google Slides Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/aapocclcgogkmnckokdopfmhonfmgoek Modified: 2016-02-22 00:08:22 +0000 Name: Google Docs Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/aohghmighlieiainnegkcijnfilokake Modified: 2016-02-22 00:08:36 +0000 Name: Google Drive Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/apdfllckaahabafndbhieahigkjlhalf Modified: 2016-02-22 00:08:36 +0000 Name: YouTube Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo Modified: 2016-02-22 00:08:36 +0000 Name: Google Search Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/coobgpohoikkiipiblmjeljniedjpjpf Modified: 2016-02-22 00:08:36 +0000 Name: Session Buddy Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/edacconmaakjimmfgnblocblbcdcpbko Modified: 2017-05-08 17:20:57 +0000 Name: Closed tabs Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/eonffnnfmbfnmjpaiigdclmfelolemah Modified: 2017-03-17 18:14:30 +0000 Name: Google Sheets Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/felcaaldnbdncclmgdcncolpebgiejap Modified: 2016-02-22 00:08:17 +0000 Name: Google Docs Offline Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/ghbmnnjooekpmoecnnnilnnbdlolhkhi Modified: 2016-10-16 12:55:37 +0000 Name: LastPass: Free Password Manager Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/hdokiejnpimakedhajhdlcegeplioahd Modified: 2017-05-14 11:04:38 +0000 Name: feedly Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/hipbfijinpcgfogaopmgehiegacbhmob Modified: 2017-04-07 10:55:30 +0000 Name: Save to Pocket Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/niloccemoadcdkdjlinkgdfekeahmflj Modified: 2017-04-25 18:15:46 +0000 Name: Chrome Web Store Payments Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/nmmhkkegccagdldgiimedpiccmgmieda Modified: 2017-03-12 20:50:33 +0000 Name: Gmail Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/pjkljhegncpnkpknbcohdijeoejaedia Modified: 2016-02-22 00:08:36 +0000 Name: Chrome Media Router Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm Modified: 2017-05-17 12:03:54 +0000 Chrome Name: [unknown Chrome extension format] Path: /Users/Minxy/Library/Application Support/Google/Chrome/External Extensions/lmjegmlicamnimmfhcmpkclmigmmcbeh.json Modified: 2015-01-13 22:41:03 +0000 Firefox extensions ----------------------- Minxy a6qold36.default-1475404622954 Name: [name not found in install.rdf] Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/ffext_basicvideoext@startpage24.xpi Modified: 2016-10-22 12:28:23 +0000 Name: Xmarks Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/foxmarks@kei.com Modified: 2017-02-19 15:35:38 +0000 Name: LastPass: Free Password Manager Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/support@lastpass.com Modified: 2017-05-20 17:31:05 +0000 Name: [name not found in install.rdf] Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/vdpure@link64.xpi Modified: 2016-10-22 12:30:46 +0000 Name: Session Manager Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi Modified: 2017-02-01 13:58:12 +0000 Name: Download YouTube Videos as MP4 Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi Modified: 2017-02-19 15:43:44 +0000 Name: Video DownloadHelper Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi Modified: 2017-05-16 13:49:50 +0000 Name: Adblock Plus Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Modified: 2016-12-03 17:28:38 +0000 User Login Items ----------------------- User: Minxy Name: iTunesHelper Path: /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app Name: Flux Path: /Applications/Flux.app Name: Stickies Path: /Applications/Stickies.app Name: Dropbox Path: /Applications/Dropbox.app Name: EvernoteHelper Path: /Applications/Evernote.app/Contents/Library/LoginItems/EvernoteHelper.app System startup items ----------------------- /Library/StartupItems/.DS_Store User launch agents ----------------------- /Users/Minxy/Library/LaunchAgents/.DS_Store /Users/Minxy/Library/LaunchAgents/com.adobe.ARM.df0ab5bbe6f698196fcc21e3c1e66dcb758bd911f4d637272d9d8109.plist /Users/Minxy/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist /Users/Minxy/Library/LaunchAgents/com.ea.origin.WebHelper.plist /Users/Minxy/Library/LaunchAgents/com.lastpass.LastPassHelper.plist /Users/Minxy/Library/LaunchAgents/com.valvesoftware.steamclean.plist /Users/Minxy/Library/LaunchAgents/uk.co.canimaansoftware.clamxav.UninstallWatcher.plist System launch agents ----------------------- /Library/LaunchAgents/com.google.keystone.agent.plist /Library/LaunchAgents/com.paragon-software.facebook.agent.plist /Library/LaunchAgents/com.paragon-software.NTFS.fsnotify.agent.plist /Library/LaunchAgents/com.sophos.uiserver.plist /Library/LaunchAgents/com.wacom.wacomtablet.plist System launch daemons ----------------------- /Library/LaunchDaemons/com.ea.origin.ESHelper.plist /Library/LaunchDaemons/com.google.keystone.daemon.plist /Library/LaunchDaemons/com.malwarebytes.HelperTool.plist /Library/LaunchDaemons/com.microsoft.autoupdate.helper.plist /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist /Library/LaunchDaemons/com.paragon-software.NTFS.fsnotify.daemon.plist /Library/LaunchDaemons/com.paragon.NTFS.launch.plist /Library/LaunchDaemons/com.sophos.common.servicemanager.plist /Library/LaunchDaemons/uk.co.canimaansoftware.ClamXavHelper.plist /Library/LaunchDaemons/uk.co.canimaansoftware.ClamXavHelperUpdater.plist Kernel extensions ----------------------- /System/Library/Extensions/BJUSBLoad.kext /System/Library/Extensions/EPSONUSBPrintClass.kext /System/Library/Extensions/hp_designjet_series.kext /System/Library/Extensions/hp_Deskjet_io_enabler.kext /System/Library/Extensions/hp_fax_io.kext /System/Library/Extensions/hp_Inkjet1_io_enabler.kext /System/Library/Extensions/hp_Inkjet3_io_enabler.kext /System/Library/Extensions/hp_Inkjet4_io_enabler.kext /System/Library/Extensions/hp_Inkjet7_io_enabler.kext /System/Library/Extensions/hp_Inkjet8_io_enabler.kext /System/Library/Extensions/hp_Inkjet_io_enabler.kext /System/Library/Extensions/hp_Officejet_io_enabler.kext /System/Library/Extensions/hp_Photosmart_io_enabler.kext /System/Library/Extensions/hp_psa640_io_enabler.kext /System/Library/Extensions/hp_qc_io_enabler.kext /System/Library/Extensions/LexmarkUSBMerge.kext /System/Library/Extensions/SiLabsUSBDriver.kext /System/Library/Extensions/SiLabsUSBDriver64.kext /System/Library/Extensions/Wacom Tablet.kext /Library/Extensions/ACS6x.kext /Library/Extensions/ArcMSR.kext /Library/Extensions/ATTOCelerityFC8.kext /Library/Extensions/ATTOExpressSASHBA2.kext /Library/Extensions/ATTOExpressSASRAID2.kext /Library/Extensions/BJUSBLoad.kext /Library/Extensions/CalDigitHDProDrv.kext /Library/Extensions/CIJUSBLoad.kext /Library/Extensions/HighPointIOP.kext /Library/Extensions/HighPointRR.kext /Library/Extensions/hp_io_enabler_compound.kext /Library/Extensions/PromiseSTEX.kext /Library/Extensions/SoftRAID.kext /Library/Extensions/SophosFileProtection.kext /Library/Extensions/SophosWebProtection.kext /Library/Extensions/ufsd_NTFS.kext launchd.conf contents ----------------------- Hosts file ----------------------- ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost ### Begin DesktopServer - do not edit this and proceeding lines ### 127.0.0.1 www.wpwebtest.dev ### End DesktopServer - do not edit this and preceeding lines ### Scan log ----------------------- 2017-05-11 16:33:58 : 2017-05-11 16:33:59 : ----- Scan Started ----- 2017-05-11 16:33:59 : Scanning with signatures version 196 (2017-5-9) 2017-05-11 16:34:01 : Adware.Spigot : /Users/Minxy/Library/Application Support/Spigot 2017-05-11 16:39:46 : PUP.Hotger : /Users/Minxy/hotger 2017-05-11 16:40:05 : *** Scan time: 0d 00:06:06 *** 2017-05-11 16:40:05 : ------ Scan Ended ------ 2017-05-11 16:40:15 : Removing detected threats... 2017-05-11 16:40:15 : Removing Item: /Users/Minxy/Library/Application Support/Spigot 2017-05-11 16:40:15 : Removing Item: /Users/Minxy/hotger 2017-05-11 16:40:15 : ---- Threat Removal Complete ---- 2017-05-11 17:15:21 : 2017-05-11 17:15:22 : ----- Scan Started ----- 2017-05-11 17:15:22 : Scanning with signatures version 196 (2017-5-9) 2017-05-11 17:19:55 : *** Scan time: 0d 00:04:32 *** 2017-05-11 17:19:55 : ------ Scan Ended ------ 2017-05-11 17:51:06 : 2017-05-11 17:51:07 : ----- Scan Started ----- 2017-05-11 17:51:07 : Scanning with signatures version 196 (2017-5-9) 2017-05-11 17:54:51 : *** Scan time: 0d 00:03:44 *** 2017-05-11 17:54:51 : ------ Scan Ended ------ 2017-05-11 20:04:36 : 2017-05-11 20:04:36 : ----- Scan Started ----- 2017-05-11 20:04:37 : Scanning with signatures version 196 (2017-5-9) 2017-05-11 20:07:57 : *** Scan time: 0d 00:03:20 *** 2017-05-11 20:07:57 : ------ Scan Ended ------ 2017-05-13 23:00:30 : 2017-05-13 23:00:30 : ----- Scan Started ----- 2017-05-13 23:00:30 : Scanning with signatures version 198 (2017-5-12) 2017-05-13 23:03:49 : *** Scan time: 0d 00:03:18 *** 2017-05-13 23:03:49 : ------ Scan Ended ------ 2017-05-14 14:13:19 : 2017-05-14 14:13:20 : ----- Scan Started ----- 2017-05-14 14:13:20 : Scanning with signatures version 198 (2017-5-12) 2017-05-14 14:16:40 : *** Scan time: 0d 00:03:20 *** 2017-05-14 14:16:40 : ------ Scan Ended ------ _____End Snapshot______ Like I told FredHarrington, the issue does not seem to appear anymore, and I think it's because I've activated the malware filters that come with the uBlock origin extension for chrome. I hope it is safe to assume there is no threat creeping somewhere in there, especially since all the scans I've run come clean. Thanks a lot for your help with this!
  3. Well, apart from scanning my macbook with everything I could find out there, and resetting chrome two times, I added the uBlock origin extension and checked all the filters for malware domains and since then I haven't had a new tab open up. I don't know how effective this was, or if I'm in an adware illusion, but at least it worked. Let me know if you give this a try and if it works for you.
  4. Hello, I've tried everything I could find online to solve this, but nothing has actually helped. I do not have any malicious extensions or apps installed, I have tried resetting chrome, I have scanned my mac with ClamXav, Sophos Antivirus, Avast, Combo Cleaner, Kaspersky Internet Security, Bitdefender Adware removal tool and none of these found anything during the scans. Malwarebytes's scan found two things which it removed but all the rest, nothing. And every other scan with Malwarebytes comes clean. My search settings and homepage settings are all intact and there wasn't anything suspicious at all. But when chrome is idle for a while or I'm reading something on a website, there's suddenly a muted tab opened (first it was for a dating site, then betting, and most recently a clean my mac page). I also tried Bitdefender Virus Scanner for Mac, and it found a spigot extension for safari and quarantined it. The file appeared to be stored in ClamXav's folder for some reason. (I do not even use Safari, and when I checked before the scan, no extensions have been installed on that browser, and the same goes for Firefox). I've also checked whether the router has been hijacked (https://campaigns.f-secure.com/router-checker/en_global/) and everything seems to be fine. I tried changing the DNS settings to Google's, but it wouldn't connect for a long time so I left it as it was initially. It seems to have been passed to another Windows laptop at home, but when the PC was scanned with Malwarebytes, Clamwin, and CCcleaner nothing seemed to help and the problem occurs on both computers. Windows Defender found BrowserModifier:Win32/Diplugem and removed it, but the ad tabs keep coming. How can I get rid of this? Is it possible that the specific IP is targeted and it's not one of the two devices actually being infected? PS. I've attached the log file from Malwarebytes and from Bitdefender Virus Scanner.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.