Jump to content

Nasty Malware.. Constant 'Successfully blocked website' popups

Recommended Posts

Hello there,


I recently downloaded MBAM, and was shocked when every 2 minutes 'Successfully blocked website' appeared.. I ran a scan with MBAM and nothing was picked up with that nor Hitman Pro, but the popups kept coming, sometimes there is no popups for an hour and sometimes there is one every 2 seconds..


What is strange about these popups is that they do indeed seem to link to malicious domains, as I have googled these and they appear on a few Malicious domains list, what is more worrying is that these domains appear to not only be being accessed by firefox/chrome.exe, but also other legit applications like jusched.exe, steam.exe and VCDDaemon.exe.. leading me to believe maybe something is injecting some malware into these applications


The computer seemed to be functioning completely normally until a few hours ago, now when I open Chrome I only see the window appear for about half a second before (something) closes it? I decided to look at some of the similar problems here to see if I could self diagnose the problem, I decided against doing anything else as I think this is outside my expertise..


I did run RogueKiller and it located a 'Supicious' file in "C:\Users\Nat\AppData\Roaming\.minecraft\assets\objects\03\DisplaySwitch.exe" I tried to upload the file to VirusTotal, but when I went to upload the file it was disappeared from the browse dialog? I checked to see if it was there, and it certainly was, I could see it in Windows Explorer, but not in the browse dialog box? I decided to add the exe to an empty zip folder, and upload the zip to Virustotal, the zip folder was found immediately, so is the .exe cloaking itself somehow? VirusTotal reported the .zip to have a detection rate of 4/51, the detections included 'W32.HfsReno.155f', 'Malware.QVM19.Gen', 'PE:Malware.XPACK-HIE/Heur!1.9C48', 'Suspicious.Cloud.5'.


I tried to delete the DisplaySwitch.exe, and it disappeared. For about 2 minutes, after which it came back again all by itself?


I believe this file may have some kind of link to the malware, although I don't know if this is it, whatever help you can offer is greatly appreciated although I thought that would be a potential lead onto the malware.


Thank you for again help you can offer it is greatly appreciated.

Link to post
Share on other sites

  • 1 month later...
  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.