Jump to content

Multiple Malicious Website Blocked Pop-ups


Recommended Posts

Hello Dida and welcome to Malwarebytes,

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

My screen name is kevinf80, i`m here to help clean up your system, continue as follows please:

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

edge.pngChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     

  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs, also give an update on any remaining issues or concerns...

Thank you,

Kevin

 

Link to post
Share on other sites

Hi Kevin,

Thanks for the reply, here are the logs for the Malwarebytes and AdwCleaner scans. Was not required to restart after the malwarebytes scan. Currently doing the Sophos scan and it looks like it will take a long, long time. Will provide that log once it finishes. Thanks again for your time.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/06/2016
Scan Time: 7:39 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.03.02
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305777
Time Elapsed: 12 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

# AdwCleaner v5.119 - Logfile created 03/06/2016 at 19:59:01
# Updated 30/05/2016 by Xplode
# Database : 2016-05-30.3 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Admin - DESKTOP-N2E61VA
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [986 bytes] - [03/06/2016 02:40:25]
C:\AdwCleaner\AdwCleaner[C2].txt - [785 bytes] - [03/06/2016 19:59:01]
C:\AdwCleaner\AdwCleaner[S1].txt - [819 bytes] - [03/06/2016 02:34:11]
C:\AdwCleaner\AdwCleaner[S2].txt - [918 bytes] - [03/06/2016 19:56:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1001 bytes] ##########

 

 

Link to post
Share on other sites

Yeah I get the feeling it might be just the site, the website is supercoach.heraldsun.com.au - a fantasy type football game. Have contacted them regarding the issue, no issues with the site until the message appeared on 2/06/2016. Apologies if I have wasted your time with this, was just worried after being infected before.

Supercoach - Malwarebytes warning message.png

Warning message 2.png

Link to post
Share on other sites

Run the two following scans to recheck your system....

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/
 
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!


Post those logs to your next reply...

Thank you,

Kevin....
Link to post
Share on other sites

Zemana AntiMalware 2.20.2.911 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/6/4
Operating System       : Windows 10 64-bit
Processor              : 6X AMD FX(tm)-6300 Six-Core Processor
BIOS Mode              : Legacy
CUID                   : 12A3B0A2B918997FB5AAFB
Scan Type              : Smart Scan
Duration               : 6m 20s
Scanned Objects        : 8123
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects

Link to post
Share on other sites

RogueKiller V12.3.1.0 [May 30 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Admin [Administrator]
Started from : C:\Users\Admin\Desktop\RogueKiller.exe
Mode : Scan -- Date : 06/04/2016 21:07:24

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{aef11ba4-f412-4d0a-a03f-b9347fc8803f} | DhcpNameServer : 10.1.1.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{aef11ba4-f412-4d0a-a03f-b9347fc8803f} | DhcpNameServer : 10.1.1.1 ([])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] f65807c9aa60c2afabc728178af88440
[BSP] b0eadc17efcdbcafc2fe5b06a76c34db : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953067 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

Link to post
Share on other sites

Nothing of interest with those logs, I suppose the issue still occurs with Firefox... Run the following and tell me if the issue clears, part of this scan will reset Firefox to default settings:

user posted imageScan with ZOEK

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

*.exe Mirror http://smeenk.247fixes.com/Tools/zoek.exe

Temporary disable your AntiVirus and AntiSpyware protection - instructions here or here
 
  • Right-click on user posted image icon and select user posted image Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
createsrpoint;
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b
FFdefaults;
 
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply. Don't forget to re-enable security software!

 

Let me see that log in your reply, also let me know if the Firefox issue has stopped..

Thank you,

Kevin...

Link to post
Share on other sites

Hi Kevin,

Completed the scan and currently still receiving the warnings on the previously mentioned website. I had an issue when scanning my system due to a blackout, so had to scan a second time. Here is the log.


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Admin on Sun 05/06/2016 at  1:43:32.42.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-06-04-151302.log    2526 bytes

==== System Restore Info ======================

5/06/2016 1:44:33 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Admin\AppData\Local\ActiveSync deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oax424xr.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oax424xr.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

"C:\WINDOWS\Installer\225427a6.msi" not found

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oax424xr.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [12/05/2016 12:02 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [12/05/2016 12:02 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oax424xr.default
- English Australian Dictionary - %ProfilePath%\extensions\en-AU@dictionaries.addons.mozilla.org
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oax424xr.default
18CF51689186AEB9D1D149AEB0E92D03    - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -    Microsoft Office 2013
258693279212838A6A879A69A17BE215    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/05/2016 12:01 PM]

Avast Online Security - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A0A5CBD84C137C642B25B695E31AA178 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A0A5CBD84C137C642B25B695E31AA178 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oax424xr.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=26 folders=29 35710325 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Admin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 05/06/2016 at  2:09:02.12 ======================

 

Link to post
Share on other sites

Make a "Clean" install Firefox:

Use the following link for instructions how to back up your bookmarks, same link can be used to import saved Bookmarks:

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Lets totally remove Firefox and start over. Make sure you still have a working Browser available, eg Internet Explorer or similar...

Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions...

Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present):

(32-bit Windows) C:\Program Files\Mozilla Firefox
(64-bit Windows) C:\Program Files (x86)\Mozilla Firefox

It is essential the installation folder is removed. Re-boot your system when that is completed....

Next,

To remove all remaining data and profile information...

Press "Windows key + R" to open the Run box
In the Run box, type in or copy and paste %APPDATA%
Click OK. A Windows Explorer window will appear.
In this window, choose/open in succession Mozilla > Firefox > Profiles.
Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete.


Re-boot your system when complete!

Next,

Go here: http://www.mozilla.org/en-US/ download and install the latest version of Firefox...

Next,

When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons/extensions, use, start, stop or disable those features etc....

Ensure to use search to find and install AdBlock plus, Flashblock and DrWeb Anti-Virus Link Checker plus any other addons you normally use.... Now try surfing, see what happens...
Link to post
Share on other sites

Having trouble deleting Mozilla Firefox install folder... Getting an error: Folder Access Denied - You need permission to perform this action. You require permission from Administrators to make changes to this folder.

No Admin confirmation box popping up when I try delete it... just says try again.

Link to post
Share on other sites

Have taken ownership of the file, getting a similar notice which says I need permission from DESKTOP-N2E61VA\Admin to delete. Not particularly great with computers, so I am stumped at how to remove it's permission.... 

Link to post
Share on other sites

If you have uninstalled Mozilla Firefox successfully and the only remaining action is to delete remaining folders we can use FRST as follws:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

When FRST is completed you can reinstall Firefox and see if the issue is cleared...

Thank you,

Kevin...

 

fixlist.txt

Link to post
Share on other sites

Hi again Kevin,

Used the fix and reinstalled Firefox, still having the same issue. Out of interest i visited the website with Microsoft Edge browser and the same warning popped up...

Here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by Admin (2016-06-06 12:47:21) Run:1
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
C:\Program Files (x86)\Mozilla Firefox
C:\Users\Admin\AppData\Roaming\Mozilla
Emptytemp:
end

 


*****************

Restore point was successfully created.
C:\Program Files (x86)\Mozilla Firefox => moved successfully
C:\Users\Admin\AppData\Roaming\Mozilla => moved successfully
EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:48:37 ====

Link to post
Share on other sites

Hello Dida,

Is this issue still only related to one site, but not only Firefox browser. I assumed it was only related to Firefox.. Can you upload a recent protection log from Malwarebytes...

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the Protection log, use most recent log date..
  • Click Export > From export you have three options: > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Link to post
Share on other sites

The issue is only related to the one site, and it appears to be present with different browsers. Below i uploaded the message i received when using Microsoft Edge browser.

Microsoft Edge warning.png

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 6/06/2016 1:09 AM, SYSTEM, DESKTOP-N2E61VA, Scheduler, IP Database, 2016.6.2.2, 2016.6.5.1,
Update, 6/06/2016 1:09 AM, SYSTEM, DESKTOP-N2E61VA, Scheduler, Domain Database, 2016.6.5.2, 2016.6.5.3,
Protection, 6/06/2016 1:09 AM, SYSTEM, DESKTOP-N2E61VA, Protection, Refresh, Starting,
Protection, 6/06/2016 1:09 AM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Stopping,
Protection, 6/06/2016 1:09 AM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Stopped,
Protection, 6/06/2016 1:09 AM, SYSTEM, DESKTOP-N2E61VA, Protection, Refresh, Success,
Protection, 6/06/2016 1:09 AM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Starting,
Protection, 6/06/2016 1:09 AM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Started,
Scan, 6/06/2016 2:48 AM, SYSTEM, DESKTOP-N2E61VA, Context, Start:6/06/2016 2:43 AM, Duration:5 min 33 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Update, 6/06/2016 12:34 PM, SYSTEM, DESKTOP-N2E61VA, Scheduler, Malware Database, 2016.6.5.3, 2016.6.5.6,
Protection, 6/06/2016 12:34 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Refresh, Starting,
Protection, 6/06/2016 12:34 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Stopping,
Protection, 6/06/2016 12:34 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Stopped,
Protection, 6/06/2016 12:34 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Refresh, Success,
Protection, 6/06/2016 12:34 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Starting,
Protection, 6/06/2016 12:34 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Started,
Scan, 6/06/2016 12:41 PM, SYSTEM, DESKTOP-N2E61VA, Context, Start:6/06/2016 12:34 PM, Duration:7 min 10 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Protection, 6/06/2016 12:50 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malware Protection, Starting,
Protection, 6/06/2016 12:50 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malware Protection, Started,
Protection, 6/06/2016 12:50 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Starting,
Protection, 6/06/2016 12:50 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Started,
Detection, 6/06/2016 12:57 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.214, s3-ap-southeast-2.amazonaws.com, 62482, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 12:57 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.214, s3-ap-southeast-2.amazonaws.com, 62482, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 12:57 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.214, s3-ap-southeast-2.amazonaws.com, 62484, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 12:57 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.214, s3-ap-southeast-2.amazonaws.com, 61889, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 1:02 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.198, s3-ap-southeast-2.amazonaws.com, 61683, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 1:02 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.198, s3-ap-southeast-2.amazonaws.com, 61683, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 1:02 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.198, s3-ap-southeast-2.amazonaws.com, 61687, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 1:02 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.142, s3-ap-southeast-2.amazonaws.com, 61689, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 1:02 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.142, s3-ap-southeast-2.amazonaws.com, 61689, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 1:02 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.142, s3-ap-southeast-2.amazonaws.com, 61690, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 1:02 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.206, s3-ap-southeast-2.amazonaws.com, 59304, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 1:02 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.206, s3-ap-southeast-2.amazonaws.com, 59304, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 6/06/2016 1:02 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.206, s3-ap-southeast-2.amazonaws.com, 59305, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Update, 6/06/2016 5:05 PM, SYSTEM, DESKTOP-N2E61VA, Scheduler, Malware Database, 2016.6.5.6, 2016.6.6.1,
Protection, 6/06/2016 5:05 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Refresh, Starting,
Protection, 6/06/2016 5:05 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Stopping,
Protection, 6/06/2016 5:05 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Stopped,
Protection, 6/06/2016 5:05 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Refresh, Success,
Protection, 6/06/2016 5:05 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Starting,
Protection, 6/06/2016 5:05 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Started,
Detection, 6/06/2016 6:43 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.214, s3-ap-southeast-2.amazonaws.com, 64167, Outbound, C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,
Detection, 6/06/2016 6:43 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.214, s3-ap-southeast-2.amazonaws.com, 64167, Outbound, C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,
Detection, 6/06/2016 6:43 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.214, s3-ap-southeast-2.amazonaws.com, 65381, Outbound, C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,

(end)

Link to post
Share on other sites

Can you post the web address used that creates the following blocks:

Detection, 6/06/2016 6:43 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.214, s3-ap-southeast-2.amazonaws.com, 64167, Outbound, C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,

Detection, 6/06/2016 1:02 PM, SYSTEM, DESKTOP-N2E61VA, Protection, Malicious Website Protection, Domain, 54.231.252.206, s3-ap-southeast-2.amazonaws.com, 59304, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Link to post
Share on other sites

Every time i get a warning from each specific page the IP and Port change, even if i reload the current page they are different if that makes any sense. I couldn't get an exact replica on either of those two blocks. The warnings are all present on every page i visit of:

http://supercoach.heraldsun.com.au/afl/classic/

http://supercoach.heraldsun.com.au/afl/draft/

http://supercoach.heraldsun.com.au/afl/tipping/

http://supercoach.heraldsun.com.au/afl/perfect9/

I submitted a query with the webpage owner and they said they didn't find anything related to the warnings i encountered and i should still be safe to use the page, despite the constant warnings. Like i said i have used the webpage for years and until last Thursday (02/06/2016) i have had no problems at all. Very confusing.

Link to post
Share on other sites

This is frustrating for sure, we do not find anything on your system to attribute this issue to, it seems only the addresses you quote cause the problem, i`ve uploaded those URL`s and they comeback clean......sigh

Do this please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Post that log...

Thankyou,

Kevin..

 

Fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.