Landets

According to Microsoft Defender, everything is fine on my system, and I think everything will be okay for now on. I don't know how that trojan got into my system when I was running ESET, but luckily Windows Defender reactivated itself and quarantined it. I will delete Google folder immediately. The original problem with Windows Defender was probably a bug in Windows 10 which seems to be fixed now, as I don't get that weird notification anymore. So even that issue seems to be cleared now.

Is this good thing or not? At the moment I don't have a need to reinstall Chrome unless you think it is needed to accomplish something. I have heard that Mozilla is much safer and better browser than Chrome.

Yes the Google folder is still there. It contains Crash Reports and Software Reporter Tool folders inside it

Hello Kevin, I decided to uninstall Malwarebytes yesterday. When I did that I found out something very interesting which might interest you. Before I started to run the ESET Online Scanner, I disabled the active protection from Malwarebytes, and during the ESET Online Scan I had no active protection in my PC. It seems like when ESET Online Scanner was running, Microsoft Defender did reactivate by itself and quarantined a trojan from my PC. I will paste the log below to this reply now: Microsoft Defenderin virustentorjunta on havainnut haittaohjelman tai muun mahdollisesti ei-toivotun ohjelmiston. Lisätietoja: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Denali.A!ml&threatid=2147742223&enterprise=0 Threat Name: Trojan:JS/Denali.A!ml Threat ID: 2147742223 Severity Name: Vakava Category Name: Troijalainen Path: file:_C:\Users\kukkuu\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000082 Origin Name: Paikallinen tietokone Type Name: Nopea polku Source Name: Reaaliaikainen suojaus User: DESKTOP-ORVKSU4\kukkuu Process Name: C:\Users\kukkuu\Desktop\esetonlinescanner.exe Security Intelligence Version: AV: 1.327.1577.0, AS: 1.327.1577.0, NIS: 1.327.1577.0 Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5 For some reason this log say that process name is C:\Users\kukkuu\Desktop\esetonlinescanner.exe. Does this mean that it was ESET Online Scanner what actually detected the trojan or was it caused by it? I decided to uninstall Google Chrome with Geek Uninstaller for safety's sake. Then I ran a full scan with Windows Defender and also used a Microsoft Safety Scanner, and they both did not find any threats. -Landets

Hi Kevin I think this case might be resolved by now, and it seems like I have been overreacting a little bit. I only have few questions left. Question 1: Can these sporadic blocks with inbound connection type occur to anyone, and it doesn't necessarily mean that there is something wrong in my PC? If I understood right, these sporadic blocks are quite random and that's why the sniffers eventually go away. Question 2: Because Malwarebytes has blocked everything and every scan I have used now finds zero infections, does that mean that I am safe and can use my PC for example to use online bank service? Question 3: Does Malwarebytes Browser Guard clash with Adblock Plus and/or uBlock Origin? If you think this case is resolved now, I wish that every log and every log I have pasted as text to this topic will be hidden in future.

Hello Kevin I want to thank you again for your great effort in helping with my issue. So now that we have cleared the Chrome and Steam issues, the only thing left is those pesky attacks targeted towards my system files using ports 445 and 135, which occur sporadically. If I remember correctly, there isn't much to do to about them because their connection type were inbound, and only options were to just wait until they stop appearing after some time and block those ports and malicious IP-addresses. If I don't remember this correctly, please correct what the next steps are. I will continue monitoring this topic while I study, so I will keep up in the development of this case. But after all it looks like to me that the situation actually isn't that bad as it looked like for a while. -Landets

The only outbound blocks which happened from Chrome were caused by me and the local clothing brand's website, so to me it looks like Chrome has no issues. It is always better to be safe than sorry though. About the Steam issue, did you look up the thread I linked earlier to this topic? I suspect I have similar case with that one, because like in that topic the blocks only appear when I open the community server browser in game. I'd like to hear your thoughts about it. I searched the IP-addresses myself too and one IP-address was linked to bulgarian community server in Counter Strike: Global offensive. In this case I also think it is better to be more safe than sorry.

The scan is now completed, no threats were found. I attached the log from the scan to this reply eset scan log.txt

I started the scan now but the software didn't have at all that kind of prompts provided in this reply. For example there were no advanced setting anywhere, and the .exe file was esetonlinescanner.exe, not esetonlinescanner_enu.exe. -Landets

The file I get from this site is esetonlinescanner.exe, not esetonlinescanner_enu.exe. Is this okay or am I missing something?

Hi Kevin, I will run the ESET scanner now. Last night while I was doing my studies, I got another inbound block, similar to the ones I had before. I will attach the log about it in this reply log 18.txt

Hi Kevin Any idea how to fix this issue? Removing everything from htmlcache-folder didn't work. -Landets

So it looks like to me that the Chrome and Steam issues are unrelated to the original problem I had, and they were most likely false-positives.

I did a Google search with term "malwarebytes csgo trojan" and it found many results. Seems like Malwarebytes is protecting me from community servers which are malicious.

I launched Counter Strike: Global Offensive yet again. To me it seems that launching the game, opening the community server browser or pressing the refresh list button triggers the block/attack. I post my latest log yet again in case it is needed. log 17.txt

Okay I will turn it off and see what is going to happen.

I see, do you think that my problem is not a false positive?

When I installed Malwarebytes, I turned on this option shown in this photo. By default it was off. This might be stupid question but what does this do/mean?

Here is the log from the block which happened when Counter Strike: Global Offensive was on. The log shows that the attack targets the game's .exe file. log 16.txt

Also Counter Strike: Global Offensive triggered a block because of Trojan. I noticed that the block happened when I entered into the community server browser, where you can join to community ran server. The block occured when I pressed the refresh list button on server browser.

Entering into the https://karhu.com/juoksukengat/ website still triggers the block because of hijack. Maybe this Google Chrome problem is related to that website instead of my PC? LOG 15.txt

I have now done both fixes to Google Chrome and Steam. In the instructions how to reset the google sync I did not understand this line: If you use Chrome to log in to any Google service from any other computer, please follow these steps before turning on Chrome sync on those computers as well. Does that mean that I need to do the same thing to my mobile phone too?

Hi, I will do use these instructions immediately. I confirmed that the site which caused the hijack block was https://karhu.com/juoksukengat/ , because I got exactly same block from same domain and IP-address.

I just launched a game from Steam to test things, and I got another outbound block because of trojan. So removing stuff from htmlcache-folder seems to not have worked. the game I launched was Counter Strike: Global Offensive. The log is attached to this reply. Do you think these outbound blocks are connected to the inbound blocks I got earlier and to my Windows Defender Antivirus's weird malfunction? log 14.txt

Hello Kevin I just got another outbound block, this time it was a hijack. I have attached a log about it to this reply. When this block happened, I was browsing internet in Google Chrome's incognito mode. The block happened when I entered into this clothing brand's website: https://karhu.com/juoksukengat/ , and I had also local newspaper's article open too https://www.is.fi/kotimaa/art-2000007640893.html . Before that I was browsing Google Maps and Wikipedia, and I had a Twitch Stream open in normal window when the block happened. I haven't used Steam today so I haven't had any blocks from there yet. -Landets log 13.txt