takosan007

Thank you. Uninstalled.

Captain, it's been a crazy week. My friend has been using his laptop after cleaning/reseting the browsers so since Tuesday. So from your post on Wednesday, I have to: need to do this - right-click kprm_(version).exe and select Run as Administrator. need to do this - Please attach that file to your next reply. (not compulsory) I tell my friends to use an address book and also teach them on good password habits 😉 - Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ I've setup Dave with backup4all years ago with simple copies so when disaster strikes & needs to resotre, he can just use File Explorer (no extra stressor like needing to install the backup software on the new laptop to restore) - Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Neat software - thank you - Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Yes but unless urgent, avoid black tuesday becoming zero day by sitting back a week or two - Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Thank you - Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Browser Guard on Chrome; will verify FF & EDGE - Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security I stumbled upon the Privacy Eraser software https://www.cybertronsoft.com/products/privacy-eraser/ a month or two ago and I like it nukes a lot of temporary files in one fell swoop. ANy thoughts as I think it's not harmful but ...

Captain, I have doen the reset of Chrome under all accounts (standard, admin, admin). My friend has started using his laptop again. Thank you very much for the assistance! Takosan007

Understood Captain. My reply may come slower today but will do another reset following directions in the link provided tonight. FYI, before I saw your reply I remotely did a quick Chrome reset from settings & it loaded on3.com without block or Chrome putting up a warning. Is the same needed for EDGE or process of elimination so one by one?

Ran & resulting log attached. Question: can I log in as Dave (standard user) and test if all three browsers can open www.on3.com or should I wait for you next instructions? Fixlog.txt

Thanks, felt dumb. I didn't know that it appeared there as I've been using the standard user Dave. Thanks again!

Feel a little like "apprentice" geek rather than the old geek I am but where do I get the FRSTEnglish.exe 😅?

Thanks for the confirm. I will start run from the gwah account. Will report back.

Thank you. I read your reply in full and have one question of scope of the fix: I've been logging into my friend's computer as Dave (standard user) since he is the user. I then provide password for gwah (admin user) when needed to elevate to install, etc. When I log out as Dave, log in as gwah, run FRSTEnglish.exe from C:\Users\gwah\Downloads where the FIXLIST.TXT also will reside, will the fix also apply to c:\user\Dave? Again, Dave is setup as standard user used everyday while gwah and SuperDave as admin users used for admin stuff.

Done. I just posted the following: Posted Today, 07:41 PM Admin. My apologies. If you can take this post down as I did already post on the same issue in the MB Forums yesterday. I learned this evening that I shouldn't post so efforts are not duplicated since many of the same people work on these forums to help others. My apologies.

Thank you. I'll go over to BC now.

Oh, I am so sorry. No, I wouldn't want dual efforts either. If I can ask, does MalwareBytes Forum also try to help eradicate an infection using any tools and not only MBAM? If so then I will request the admins at BC to take out my posting. Kinda' stupid question, I know, but this afternoon I started thinking about this because of the forum name. I need to get some sleep! Again, my appologies

Attached is the zip. It's a little fuzzy since I've gone through the routine of scan, reboot, repeat too many times but: HitmanPro_x64 stopped picking up WebNavigator hijacker *but* the same symptom of hijacker malware infection is still there so is it some other hijacker malware now? Yesterday I reported that Firefox, after some time, although initially load the website without warning or block from MBAM but when refreshed will show the same symptoms. Since that last post, Firefox, even after refreshing, continues to be fine going to that website while Chrome & EDGE browsers show warning & MBAM blocks. mbst-grab-results.zip

A quick update. Now HitmanPro_x64 won catch the respawned WebNavigator 😫 This was the first time after regedit & reboot that I was able to confirm Chrome & EDGE & MBAM blocked on3.com website; firefox loaded on3.com fine but we shall see if that changes like the earlier pattern.

Greetings. Last night my friend called with his trifecta of browsers (Chrome, Firefox, & EDGE) each reporting that they couldn't get a secure connection to, what I currently know is only this college sports website www.on3.com. MBAM Premium on his laptop was also blocking the website so two red flags confirming each other. I noticed the word "outbound" in the window thrown up by MBAM so I figured it is his laptop and not a deprecated TLS/SSL version issue at the webserver. The last 16 hours has been fun (not!) and I'm still stuck with WebNavigator respawning itself. Running out of things to throw at. Is there a way for MBAM Premium to clean it, like a parameter/switch to force it to clean WebNavigator? Do I have to reinstall MBAM on his laptop? Below are things I've thrown at. I always restart/reboot in-between. MBAM Premium didn't catch WebNavigator. Over the 16 hours, it picked up PUP but not WebNavigator. "SCP /scannow" found corrupt files the first time I ran and it fixed them. Over the 16 hours, I've ran it seveal times in-between and all was successful. Task Scheduler (I read this online but never found an entry related to WebNavigator). Various tools from Bleeping Computer. adwcleaner FRST64 esetonlinescanner RogueKiller HitmanPro_x64 Interestingly, all above caught something *but* the only tool that caught WebNavigator was HitmanPro_x64. Running HitmanPro_x64 after restart/reboot is where I learned that WebNavigator was respawning. Regedit ... I used teh Find & Find Next function with the search term "WebNavigator" repeatedly. When I found an entry, export the section of the hive, & delete. If the hive was not exclusive to Webnavigator, I will export and then delete only the WebNavigator entry. Another observation is where after cleaning with HitmanPro_x64 of the three WebNavigator entries, if the first browser after reboot to load www.on3.com is Firefox it loads - temporarily (I'll explain this later). If the first browser is Chrome or EDGE (Chromium plumbing), it will get blocked. The Firefox that loaded this website normally, after some time, will get blocked by FireFox and MBAM after certain time has elapsed. Thank you for any help or ideas to try. Takosan007