Jump to content

Malicious websites blocked occasionally


Recommended Posts

Hi there,

 

I had an infection a few weeks ago that I thought had been removed completely, but now I'm not so sure. The MalwareBytes 'Malicious website blocked' message has popped up occasionally since then, so I'm now uncertain as to whether my computer is clean.

 

I'm afraid I couldn't run DDS because I'm on Windows 8.1.

 

All help appreciated.

 

Link to post
Share on other sites

Hello Kiljester and welcome to Malwarebytes forum.

 

Lets do a scan with MBAM and also get a report using the RSIT tool.

 

Start your  MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

look down the screen to Action for potentially unwanted programs  PUP  &
look down the screen to Action for potentially unwanted modifications PUM &

For each one
 select "Show in  results list and check for removal"  from the drop down (arrow) selections.

Next, Click the Update tab. Press the "Check for Updates" button.

Next, click the **Scanner** tab.
Do a **Quick** Scan.   .

When the scan is complete, click OK, then Show Results to view the results.
If detections are found, make sure that everything is checked, and click Remove Selected.

**Be sure to review all the list.  Scroll thru it.**
**  If any lines are not checkmarked, then do this ===>  To do so quickly, you can highlight one of the detections by left clicking on it. Then, right click on the highlighted detection, and select 'Check all items'. Next, click Remove Selected.**

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


When all done, ATTACH the MBAM scan log into a new reply for my review.
IF this is Windows XP, the log would be under this folder
C:\Documents and Settings\(Your Profile Name)\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

IF this is Windows Vista or  Win7 or Win8:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

I need the most current one that starts with the name **mbam-log-2014**    ( with the latest time & Date stamp)

 

Task 2

Download Random's System Information Tool (RSIT)
If your WIN8 is 32-bit from http://images.malwareremoval.com/random/RSIT.exe

If your WIN8 is 64-bit from http://images.malwareremoval.com/random/RSITx64.exe
and save it to your desktop.

Start on RSIT.exe   Do a RIGHT-Click on RSIT and select Run as Administrator and allow to run.
Accept the disclaimer:
Click "Continue" at the disclaimer screen.

 

Once it has finished, two logs will open. Please attach the logs in your next reply:
 both "log.txt" (<<will be maximized) and "info.txt" (<<will be minimized)
 

Link to post
Share on other sites

Hello,

There's an adware onboard by Conduit by the name of backgroundcontainer. It can be removed.
To prep beforehand, you need to clear the deck by Closing / exiting all the programs & apps you have opened.

These files will help you remove the adware and at the end it will shutdown and Restart your Windows 8 system.
Save the attached zip file named DELBAKC.zip to the desktop ( for ease of use).
Now, unzip ( extract all content) to the DESKTOP.
You should have two files there, Delbakc.reg + Delbakc.cmd

Do a RIGHT-click on DELBAK.REG and select MERGE and allow to merge with the registry.
You should get a confirmation when it is done.

2nd, do a RIGHT-click on DELBAKC.cmd and select RUN as Administrator and allow to run ( start).
It should run rather quickly in a black-Command-prompt windows and then it will restart Windows.

After Windows has restarted, and the system is ready, do this run with a free tool to look for some possibly other adware.

Close any open work documents, if any, saving your work.
Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and display information and disclaimer in a Command prompt window.
  • I'd suggest you close all internet browsers at this point.
  • Press a key on keyboard to start scanning your system.
  • Please be very patient as this will take several minutes to complete, depending on your system's specifications.
  • There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
  • Please Attach JRT.txt into a new reply.
  • Re-enable your security software.

Now then, tell me, How is the system now ?

IF you Close all your internet browsers and your instant messenger programs, and wait a couple of minutes, then .....
do you see "Outgoing IP blocks" ?

DELBAKC.zip

Link to post
Share on other sites

Hi Maurice,

 

Thanks for this. I've attached the JRT log to this post.

 

The only change I've noticed is that I got a couple of RunDLL pop-ups  like this:

 

---------------------------
RunDLL
---------------------------
There was a problem starting C:\Users\<me>\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll

The specified module could not be found.

---------------------------
OK   
---------------------------
 

 

 

cheers,

kj

JRT.txt

Link to post
Share on other sites

Hello,

There would appear to be 1 non-fatal remainder in Windows startup that looks for that rogue dll.  Lets go find where it is.

 

 

Please download SystemLook from the link below and save it to your Desktop.

Get the 64-bit version of the tool here 64-bit Download

  • do a Right-click on the exe and select Run as Administrator.

  • Copy the content of the following codebox into the main textfield  (4 lines):

    :filefindBackgroundContainer:RegfindBackgroundContainer
  • Click the Look button to start the scan.
  • Have infinite patience while it is scanning.
  • When finished, a NOTEPAD window will open with the results of the scan. Please attach this log in your next reply.
  • Press EXIT button when all done.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Link to post
Share on other sites

Hello,

No, no need for alarm. That was all about the Backgroundcontainer pest all along.

Save my file that I attached here, Jester.zip to your desktop.

Then un-zip ( extract all) to the desktop.

You will see a Jester.reg file there.

Do a Right-click on Jester.reg and select MERGE and allow to merge with registry.

You will see a confirmation when it finishes.

At this point, you should be all clear of the Backgroundcontainer pest. The two run keys are removed and thus you would no longer have a leftover trace; and no futher complaint at Windows startup.

Start MBAM. Click the Protection tab.

Be sure that all PRO realtime protections are ON & check-marked.

Tell me, How is the system now?

Are you ready to wrap this up?

Jester.zip

Link to post
Share on other sites

Hello,

 

Good to know that all is well.  To cleanup after the tools I had you use, locate and delete the following

RSIT.exe

Log.txt

Info.txt

Delbakc.reg

Delbakc.zip

JRT.exe

JRT.txt

Systemlook_x64.exe

Systemlook.txt

Jester.zip

Jester.reg

 

FYI:

Safer practices & malware prevention
Have a hardware router between the incoming internet-modem and your computer.

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html

 Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.

Check in at http://windowsupdate.microsoft.com]Windows Update and install any Important Updates offered.

Make certain that Automatic Updates is enabled.
How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (PSI) on a monthly basis.
See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
http://www.bleepingcomputer.com/tutorials/tutorial174.html
 
 
Download, install, and keep updated Spyware Blaster (free): http://www.brightfort.com/spywareblaster.html
(all Protections should be enabled at all times)
Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.
Get notified when the MVPS HOSTS file is updated
http://winhelp2002.mvps.org/updates.htm



 Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
Having a total image backup of your system stored on DVD/CD is highly important.
Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
 
Consider using Web of Trust    WOT add-on for your browser(s)
http://www.mywot.com/en/download
http://www.mywot.com/en/faq/add-on

Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
Don't plug in an unknown flash/thumb drive into your PC.
IF you must do so, hold down the SHIFT-key when you insert the drive.
Scan any file with your Antivirus prior to opening or using.
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.