CrimsonMoon Posted June 26, 2016 ID:1047689 Share Posted June 26, 2016 yesterday I scanned my PC and ran into a PUP called terraclicks though right after closing it and shutting the PC down since I needed to go to the city and after a re-scan when I went back home , the PUP was gone without any trace. earlier today however when I did a re-scan it popped itself out again. can anyone help me with this? I don't know why it suddenly goes away then pops itself back out again. attached are FRST Logs and the MBAM Scan Log that had the PUP hit. Addition.txt FRST.txt scanresultmbam.txt Link to post Share on other sites More sharing options...
CrimsonMoon Posted June 26, 2016 Author ID:1047701 Share Posted June 26, 2016 Found the culprit.. checked all links in history and loaded them, checked cache and voila.. I think it's an ad or external link on an adult website which was probably visited by one of my brothers. on cache i found this after I reloaded the website which had a lot of pop-ups. terraclicks com/multi-cookie.gif?c076=a01 removed the dot and separated the com to avoid anyone misclicking it; but that's what it looks like on the cache. I also found the website on our Smart TV and wondered if it would have been infected or somewhat? malwarebytes does however only find it in the cache from time to time whenever i think the website is opened but mb doesn't detect it as soon as it is removed from the cache. should I be worried? what pre-cautions or action should I take? Thanks in Advance! Link to post Share on other sites More sharing options...
CrimsonMoon Posted June 26, 2016 Author ID:1047705 Share Posted June 26, 2016 Never found the first one that Malwarebytes detected though, I wonder why can anyone help? Link to post Share on other sites More sharing options...
CrimsonMoon Posted June 27, 2016 Author ID:1047897 Share Posted June 27, 2016 Can someone help me please? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 27, 2016 Root Admin ID:1047997 Share Posted June 27, 2016 Hello @CrimsonMoon Someone from our Support Team will be in touch with you shortly to assist you. Thank you Link to post Share on other sites More sharing options...
CrimsonMoon Posted June 28, 2016 Author ID:1048143 Share Posted June 28, 2016 17 hours ago, AdvancedSetup said: Hello @CrimsonMoon Someone from our Support Team will be in touch with you shortly to assist you. Thank you Alright thank you! Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 28, 2016 Staff ID:1048164 Share Posted June 28, 2016 I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome. You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed. Then I need you to go to >> Google Sync << and sign into your account. Scroll down until you see the “reset sync” button and click on the button At the prompt click on “Ok”. .Reset Your Browser Settings . In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines) Select “Settings”. At the bottom, click “Show advanced settings…” Scroll down until you see “Reset settings”, Then click on the button “Reset Settings”. In the dialog that appears, click “Reset”. .Close Chrome and restart it and check it out for me please Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 1, 2016 Staff ID:1048817 Share Posted July 1, 2016 Greetings I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time. Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools . Gringo Link to post Share on other sites More sharing options...
CrimsonMoon Posted July 2, 2016 Author ID:1048941 Share Posted July 2, 2016 Hello and my apologies I haven't contacted you in awhile.. i have been busy with work for the past few days. I did indeed reset my browser as you wanted me too and the scans show nothing apparent. but i still do re-scans just to make sure. before doing the reset it only popped out twice and I suspect it was because of the website that my brother or someone in the house visited/re-visited hence the detection. in another topic that I started it was suggested by @blender and @shadowwar that it was a "cookie" or a "browser cache" since the scan found it in the Google Chrome Preferences file and I did indeed find traces in my cache and cookies a terraclicks dot com which was apparently an ad or something on the website. I also checked and scanned my system using roguekiller and it didn't detect anything on my browsers. should be worried? was I infected? or was it just a coincidence that Malwarebytes detected it as a PUP? moreover i found out that the website was also visited using our Smart TV's browser. what actions or pre-cautions should I take? Hoping for your quick response, Crimson Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 2, 2016 Staff ID:1049032 Share Posted July 2, 2016 Hello Being in those locations I would not be worried - that is also why I started with resetting the browser - it would also clear out the cookies Gringo Link to post Share on other sites More sharing options...
CrimsonMoon Posted July 3, 2016 Author ID:1049079 Share Posted July 3, 2016 Alright Thank you! so the unit is not really infected right? MBAM just detects it since it's in the "cookies" correct? should I also just reset my smart tv? or should I just clear out it's cookies and cache? Crimson Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 4, 2016 Staff ID:1049293 Share Posted July 4, 2016 Hello That is correct - I would not worry about it unless you start to see it again then come back and let me know. Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 8, 2016 Staff ID:1050060 Share Posted July 8, 2016 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts