Jump to content

Website blocked messages concerning online-metrix.net


Recommended Posts

Hello

I have Malwarebytes Premium 3.12 and when I try to access various web sites I find that messages are issued by MB concerning a website online-metrix.net. Two examples of the messages are in the graphics attached. I also attach a MB log file from one of the messages.

The messages are produced by MB when I use several different browsers including Internet Explorer, Vivaldi and Chrome. Clearing browser caches have had no effect. From this I conclude that there is nothing specific to each browser but that there is a piece of adware, malware etc. on the PC. However, I have been unable to find out much about what online-metrix.net.

Can anyone advise what MB knows about this site, malware etc.?

I am using MS Windows 10 Creators Update.

I had thought the messages were to do with Flash Player but having removed it, I am still getting the messages.

Thanks

Martin O'Shea.

A.png

B.png

Log.txt

Edited by MartinOShea
Link to post
Share on other sites

What I have found is a few web sites which refer to this online-metrix.net, e.g.:

https://help.vtex.com/en/faq/how-to-set-up-the-device-fingerprint-for-braspagcybersource 

https://forums.spybot.info/showthread.php?69149-Spybot-still-showing-spyware-after-attempting-to-fix-unsure-what-to-do

Always it is to do with Flash. Maybe a recent update of Flash is thew cause of this issue? I have tried disabling it on my PC but without success. I wonder can it be removed from Windows 10?

Link to post
Share on other sites

I finally found someone else having this issue, and it's recent, wow! I have been dealing with this nonstop for two days. I wiped my partition completely and received these immediately. I figured it may be Chrome, uninstalled completely and tried IE and the problem still persists. I even completely removed wireless from my PC and hard wired the connection, still have it. I have blamed both of my routers on being infected, nothing else makes sense. 

This COULD be a false positive, sometimes antivirus programs do that. I decided to remove all real time protection and close MWB, here i am typing to you with no pop ups. I did not have MWB Premium before my first wipe a few days ago, which is when the pop ups started. 

Anyone think it could be the program itself? 

Link to post
Share on other sites

I agree, haha. It's nuts though. This last time, I literally installed windows with a wiped partition, installed one driver for the internet and opened IE, boom, four pop ups right away. They are getting worse, too. I was going to try to block the IPs from the hosts file but there are like 40 variations of them and some are way too long to type out. 

I think I am going to stop being psycho and wiping Windows and just blame MWB :P

Link to post
Share on other sites

I too have been having this problem for about 5 hours now.  The problem happens with all the browsers I have.  I have noticed that the problem seems to be website specific.  e.g. there are loads of popups when going through my banks security questions....  A worrying time to get this sort of popup...  I still get the feeling though that this is a false positive, at least I hope it is...

Link to post
Share on other sites

Hi guys :)

This seems to be a false positive from what I can read. Or there could be an active threat on the domain that is blocked and that domain is widely used by many websites. This thread has been reported to Malwarebytes' Staff so they can take a look as soon as possible.

Sit tight!

Edited by Aura
Link to post
Share on other sites

Curious to see what they say. Fresh install again, didn't even install wireless. Also, a friend that works at my internet company just brought me over a brand new $400 modem and we were browsing YouTube fine to test my internet. 

As soon as I logged into Facebook I got 11 of them, Amazon brought on 8 more. 

I am convinced it is 100% false now, it's a fresh install of Windows with new hardware and nothing installed at all. How can we disable the service from popping up anything related to online-metrix.net?

Link to post
Share on other sites

I have dozens of these popping up, they're all different too.

 

aa.online-metrix.nmet:49880
aa.online-metrix.nmet:49881
aa.online-metrix.nmet:56915
usllpic0-741a43e95f7d8dc4ea5ab713bde08f0fe51e77e7-sac.d.aa.online-metrix
usllpic0-741a43e95f7d8dc4ea5ab713bde08f0fe51e77e7-sac.d.aa.online-metrix.net
aa.online-metrix.nmet:54446
usllpic0-da02a8135d3c5dcc8246f1395a12a09146155ded-sac.d.aa.online-metrix
j8ck72di-473e1d8bf2b1e04f91ac594ef7cfcb1f0e07e540-sac.d.aa.online-metrix.net
aa.online-metrix.nmet:49880

Link to post
Share on other sites

I blocked these in my hosts file:

0.0.0.0 aa.online-metrix.net
0.0.0.0 h.online-metrix.net

Will all of the strings attached to them be unblocked as well? Such as j8ck72di-07d0f1b0fd25f3ea686b2ba35552c998787c52df-sac.d.aa.online-metrix

I assume it's safe and nothing to worry about, right? I've been digging through Google results for about 7 hours and this dates back to about 2012, points to DNS problems and stuff.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.