Redirected cheapred.info Malwarebytes

[perrang]

I have been redirected by Malwarebytes when browsing any site, on any browser.

Addition.txt

FRST.txt

MB-threatScanLog1.txt

[AdvancedSetup]

Hello @perrang and

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

• If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• If you don't have Malwarebytes 3 installed yet please download it from here and install it.
• Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
• If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

• Right-click on the program and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Clean.
• Your PC should reboot now if any items were found.
• After reboot, a log file will be opened. Copy its content into your next reply.

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens, click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
• Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

[perrang]

Files attached.

Addition.txt

AdwCleaner[C1].txt

FRST.txt

MB-threatScanLog.txt

[AdvancedSetup]

What is this file for?

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\warsaw.cfg [2017-08-14] <==== ATENÇÃO

Something also caused our program to crash, at least once.

 

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Microsoft Edge
How to Reset Microsoft Edge in Windows 10

Firefox
Click on Help / Troubleshooting Information then click on the Refresh Firefox button.

Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.

• First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
• Scroll down until you see the   "reset sync" button to clear your data from the server and remove your passphrase.
• Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
• Press the Windows key + R at the same time, to bring up the run dialog box.
  • 
• Type in (or copy/paste) the following and press Enter:     %localappdata%\Google\Chrome\User Data\Default\

1. Press Ctrl + A to select all the files and folders.
2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them.
3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.
4. Example of all files and folders selected, except Bookmarks

 

Restart your computer now and make sure there are no longer any redirects or other browser issues. 

 

[perrang]

I don't use Firefox, but the warsaw.cfg is actually used by Brazillian bank's security applications aka "Guardian" or  GBPlugin/Warsaw.

Instead of being part of a security app, a lot of complaiments have been made in a vast amount of subjects related with warsaw files.

 

I made as you told me so and reset sync in Chrome and others browser, but MalwareBytes goes blocking some threats as soon as I have restarted my computer. Follow the report that I saved (sorry about PT-BR version):

 

Malwarebytes
www.malwarebytes.com

-Register details-
Data do evento de proteção: 28/08/17
Hora do evento de proteção: 07:47
Arquivo de registro: 45cb4628-8bde-11e7-8768-002197290a84.json
Administrador: Sim

-Informação do software-
Versão: 3.2.2.2018
Versão de componentes: 1.0.186
Versão do pacote de definições: 1.0.2672
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 10 (Build 15063.540)
CPU: x64
Sistema de arquivos: NTFS
Usuário: System

-Detalhes do website bloqueado-
Website malicioso: 1
, , Bloqueado, [-1], [-1],0.0.0

-Website info-
Domínio: inatye.com
Endereço IP: 69.64.147.10
Porta: [50457]
Tipo: Saída
Arquivo: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

 

[AdvancedSetup]

Okay, as I see. One to two things happened. Either you were not successful in removing one or more of the Chrome files in the reset link above, or your Google Chrome Sync was not disabled and it immediately re-downloads and syncs your setting again, or it's somehow due to another control file in Chrome and it will require a full removal and reinstall of Chrome.

I would first recommend that you verify that Google Chrome is disabled in your Google account. Then try the clean process again.

If that does not work, then export your bookmarks and save them some place outside of the Chrome folders. Then uninstall Chrome and reboot. Do not reinstall Chrome yet. Run FRST again and make sure you place a check mark on the Additions.txt check box and post back both new logs and I'll check for any remnants of Chrome and help you to manually remove it. Then once we're sure the computer is clean, we'll reinstall Chrome.

Thanks

Ron

 

[perrang]

Well... In despite of my last log, after Malwarebytes reported that blocked threat, I browsed normally during these last two days. None of those symptoms have happened again.

So I guess this is it... maybe it was the last infection in here.

Is there anything else that I could do?

[AdvancedSetup]

I've included a closing speech which includes links for further reading about keeping the computer clean. If you have any questions or concerns please let me know.

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
Download Delfix from here and save it to your desktop. (you may already have this)

• Ensure Remove disinfection tools is checked.
• Click the Run button.
• Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

• How Malware Spreads - How did I get infected
• Best Practices for Safe Computing - Prevention of Malware Infection
• Avoiding those unwanted free applications
• A close look at how Oracle installs deceptive software with Java updates
• IAC / Ask.com toolbars
• Malwarebytes Unpacked Blog

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Thanks

Ron