Jump to content

m77.dnsqa.me blocked from Steam store, can't remove


Recommended Posts

I recently found that DNSUnlocker was on my computer. I uninstalled it, and soon started having issues where I would be redirected to unwanted web pages from normal pages in Chrome. I installed the trial version of Malwarebytes and did a scan, and it found 2 malware files and a bunch of PUP files, which I then deleted using the tool. I also ran HitmanPro and Adware Cleaner, which also both found files that I deleted. Now Chrome appears to be working normally, but the instant I open up the "store" page from Steam, Malwarebytes informs me that it has blocked the domain "m77.dnsqa.me". Earlier, when this happened I was redirected to a dell support page where I was told to call a certain number for help because my information was being stolen, but we determined that this was a scam. 

Basically, for some reason it keeps trying to redirect me to this domain from inside the Steam application (going to the Steam store online doesn't bring up the problem), and nowhere else. I believe that DNSUnlocker hasn't been completely removed, and I need help getting rid of it for good. I have tried uninstalling Steam, but that hasn't fixed it. None of the scans come up with anything at this point. I believe some people have had this problem resolved using the Farbar Recovery Scan Tool, it just looks like I need a specific "fix" file that only someone here can give me, because they are user-specific. 

This person had a similar problem: https://forums.malwarebytes.org/topic/179404-struggling-with-dnsunlocker/#comment-1022700

I downloaded the tool and did a scan, here are the two resulting files, if anyone is able to help:

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply

Next,

Please open Malwarebytes Anti-Malware.


  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:


  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:   Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt  under "Optional scan" Select scan, when done post the new logs....

Let e see those logs, also give an update on any remaining issues or concerns...

Thank you,

Kevin

 

 

 

Link to post
Share on other sites

I ran the FRST, and it got stuck trying to delete a file, so I terminated it and ran it again as administrator, and then it finished very quickly. 

The Malwarebytes scan didn't detect anything, but here is the log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/22/2016
Scan Time: 11:05 AM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.22.07
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jordan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374023
Time Elapsed: 7 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Here is the log from the JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Jordan (Administrator) on Tue 03/22/2016 at 11:21:21.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 13 

Successfully deleted: C:\Users\Jordan\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
Successfully deleted: C:\Windows\system32\drivers\swdumon.sys (File) 
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CCL0F7G (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLKTI67B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOWPHI8D (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2L9XPHY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CCL0F7G (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLKTI67B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOWPHI8D (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2L9XPHY (Temporary Internet Files Folder) 

Registry: 4 

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{910B3CBD-EB2B-457B-B4F9-0216EC9BB5AD} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/22/2016 at 11:22:25.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I then ran the FRST scan again like you said, and thought I might have forgotten to run the JRT as administrator so I ran that again too (even though it looks like I did run it as admin the first time). Here's the log from the second JRT run:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Jordan (Administrator) on Tue 03/22/2016 at 11:33:47.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 2 

Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLKTI67B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLKTI67B (Temporary Internet Files Folder) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/22/2016 at 11:35:01.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

So when I start Steam and go to the store page, Malwarebytes still says that it is blocking this m77.dnsqa.me domain. I think there is still a problem somewhere, because that shouldn't be happening I don't think.

FRST.txt

Addition.txt

Link to post
Share on other sites

Can you post the most recent protection log from Malwarebytes...

Open Malwarebytes,


  • Click on the History tab > Application Logs.
  • Double click on the Protection Log which shows the most recent Date and time..
  • Click Export > From export you have three options:   Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Post that log....

Thanks,

 

Kevin

 

 

 

Link to post
Share on other sites

Sure thing, here it is:

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 3/22/2016 9:43 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, 
Update, 3/22/2016 10:15 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, 
Scan, 3/22/2016 10:18 AM, SYSTEM, SPUDBOX2000, Context, Start:3/22/2016 9:43 AM, Duration:34 min 40 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.21.11, 2016.3.22.4, 
Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Malware Database, 2016.3.21.6, 2016.3.22.7, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, 
Update, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.22.4, 2016.3.22.5, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, 
Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, 
Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, 
Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, 
Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, 
Scan, 3/22/2016 11:12 AM, SYSTEM, SPUDBOX2000, Manual, Start:3/22/2016 11:05 AM, Duration:7 min 50 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopping, 
Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopped, 
Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, 
Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, 
Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49515, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 11:39 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49576, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 11:40 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49611, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 

(end)

Link to post
Share on other sites

Thanks for the log, as you know the problem is happening via Steam. When you have steam loaded it makes an outbound call which Malwarebytes deems suspicious and blocks the call. Looking at info from the steam website it would seem the file resposible for the call is legitimate. To be sure it is probably worth uploading the file to VirusTotal to be checked out further

Have  a read at Steam:

http://steamcommunity.com/discussions/forum/1/38596747725659150

Next,

Upload a File to Virustotal

Go to http://www.virustotal.com/

 

  •  
  • Click the Choose file button
  • Navigate to the file C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Thanks,

Kevin...

 

 

 

Link to post
Share on other sites

Okay, thanks a lot. The results of the analysis are below. So should I add this domain to Malwarebytes' list of web exclusions and just not worry about it? I think you are probably right that it is fine, because the last time I had opened Steam, I didn't realize Malwarebytes wasn't running, and nothing happened when I went to the Store page, but once I enabled it again it gave me the website blocked notification. 

 

SHA256: 9beef4212db81701212c2398e88403dec3f63a1173bf9b617388e5c6a918e7df
File name: steamwebhelper.exe
Detection ratio: 0 / 56
Analysis date: 2016-03-22 20:21:32 UTC ( 0 minutes ago )
chart?chs=120x60&cht=gom&chco=d60c1A,379
0
 
0
 
 Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
ALYac   20160322
AVG   20160322
AVware   20160322
Ad-Aware   20160322
AegisLab   20160322
Agnitum   20160316
AhnLab-V3   20160322
Alibaba   20160322
Antiy-AVL   20160322
Arcabit   20160322
Avast   20160322
Avira (no cloud)   20160322
Baidu   20160322
Baidu-International   20160322
BitDefender   20160322
Bkav   20160322
ByteHero   20160322
CAT-QuickHeal   20160322
CMC   20160322
ClamAV   20160319
Comodo   20160322
Cyren   20160322
DrWeb   20160322
ESET-NOD32   20160322
Emsisoft   20160322
F-Prot   20160322
F-Secure   20160322
Fortinet   20160322
GData   20160322
Ikarus   20160322
Jiangmin   20160322
K7AntiVirus   20160322
K7GW   20160322
Kaspersky   20160322
Malwarebytes   20160322
McAfee   20160322
McAfee-GW-Edition   20160322
eScan   20160322
Microsoft   20160322
NANO-Antivirus   20160322
Panda   20160322
Qihoo-360   20160322
Rising   20160322
SUPERAntiSpyware   20160322
Sophos   20160322
Symantec   20160322
Tencent   20160322
TheHacker   20160321
TrendMicro   20160322
TrendMicro-HouseCall   20160322
VBA32   20160322
VIPRE   20160322
ViRobot   20160322
Zillya   20160322
Zoner   20160322
nProtect   20160322

There were green check marks in the middle column for all of the tests, that just didn't get copied over.

Link to post
Share on other sites

I guess we both new the file was legitimate, obviously it was still worthwhile running a check. There is a forum section for false positive identification, you may want to upload the suspect file, the Protection log and results from VT and Malwarebytes would probably be updated to stop the FP, go to following link:

https://forums.malwarebytes.org/forum/122-false-positives/

Other than that I guess we should clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…


Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif

 

Link to post
Share on other sites

I added the m77.dnsqa.me domain to the list of web exclusions, and upon going to the store page I immediately received notifications that several other sites had been blocked, and I got a separate JavaScript pop-up that said my computer must be infected with adware or something similar if I was seeing the pop-up. This JavaScript pop-up is something I had seen a few times before I made this forum post dealing with this problem. I will post the protection log below, the blocks I am referring to are at the bottom. I ran another Malwarebytes scan and it didn't detect anything.

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 3/22/2016 9:43 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, 
Update, 3/22/2016 10:15 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, 
Scan, 3/22/2016 10:18 AM, SYSTEM, SPUDBOX2000, Context, Start:3/22/2016 9:43 AM, Duration:34 min 40 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.21.11, 2016.3.22.4, 
Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Malware Database, 2016.3.21.6, 2016.3.22.7, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, 
Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, 
Update, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.22.4, 2016.3.22.5, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, 
Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, 
Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, 
Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, 
Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, 
Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, 
Scan, 3/22/2016 11:12 AM, SYSTEM, SPUDBOX2000, Manual, Start:3/22/2016 11:05 AM, Duration:7 min 50 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopping, 
Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopped, 
Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, 
Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, 
Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49515, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 11:39 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49576, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 11:40 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49611, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Update, 3/22/2016 3:54 PM, SYSTEM, SPUDBOX2000, Scheduler, Failed, No Internet connection detected, 
Update, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Scheduler, Malware Database, 2016.3.22.7, 2016.3.22.8, 
Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, 
Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, 
Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, 
Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, 
Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, 
Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50850, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50850, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50853, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50854, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50855, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50856, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, IP, 8.34.112.226, ddc.terrestrialthese.com, 50864, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, IP, 8.34.112.226, ddc.terrestrialthese.com, 50864, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 8.34.112.229, jem.recombinantsunengaged.com, 50871, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 8.34.112.229, jem.recombinantsunengaged.com, 50871, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 8.34.112.227, kdv.decipheringwarns.com, 50883, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 8.34.112.227, kdv.decipheringwarns.com, 50883, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, 
Scan, 3/22/2016 4:56 PM, SYSTEM, SPUDBOX2000, Manual, Start:3/22/2016 4:49 PM, Duration:7 min 8 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 

(end)

Link to post
Share on other sites

If you can't find a way to help me get rid of whatever is on my computer, and I need to reformat my hard drive and start from scratch to know it is gone, I understand. It seems to be very well hidden. I have had to do that one other time when I needed to replace my hard drive. It's just a long process that I'm trying to avoid if I can, but I have the means to do it if it comes to that.

Link to post
Share on other sites

The issue at hand is down to Steam, not your system. A reformat is not really the answer. You should have uploaded the file in question as False Positive as I suggested to the relevent Malwarebytes FP section...

If you remove Steam (fully uninstall) the problem will no doubt cease.....

Link to post
Share on other sites

Hello again Spido

Can you try the following: (Courtesy of Metallica and LiquidTension)

Navigate to and clear the contents of the following folder,

C:\Users\{your username}\AppData\Local\Steam\htmlcache

Appdata is usually a hidden folder, if so you will need to change to show.... Instructions at following link if required..

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

reboot when complete, see if the issue clears...

Thanks,

Kevin

 

Link to post
Share on other sites

I had tried posting a false positive, but I got a bit mixed up and reported the wrong thing. I've tried uninstalling and reinstalling Steam and that didn't fix it. However, I just tried clearing the contents of the htmlcache folder like you suggested, and I am no longer receiving any block notifications from Malwarebytes (and yes, it is running). So, I don't think it really was a false positive, just that the problem was in that folder and needed to be removed. 

I think the problem is resolved now for good, I can't find anything wrong with my system. Thank you very much for all of your help. I plan to take some measures to make sure things like this don't happen to me again.

Link to post
Share on other sites

Yes the FP debacle is partly my fault, it certainly did look to be the cause and reason for the blocks. Since then a couple of Forum mods/experts have been involved with your thread and gave the last fix we tried. The infection is relatively new, obviously the DNS changer part was quite easily fixed, unfortunately there was also another hidden entry that continued the actions.

Emptying the cache folder ended in a positive result. I`ll leave your thread open for a couple of days, if there is no further reply from your goodself i`ll then close out...

Thank you,

Kevin

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.