Jump to content

Malwarebytes constantly blocks site coin-hive.com

Lithering

By Lithering
in Resolved Malware Removal Logs

 Share

Recommended Posts

Lithering

Lithering

Posted
Posted (edited)

Malwarebytes Premium Trial is constantly blocking a malicious website called coin-hive,com. Malwarebytes didn't detect any virus so i decided to use AdwCleaner. It detected PUP.Optional.Legacy, and it deleted it, but when i reboot the pc as adwcleaner asks me, malwarebytes continues blocking this website, and when i run AdwCleaner again, PUP.Optional.Legacy is there again. What do i do?

AdwCleaner report:

 

# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 19 16:54:04 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-18-2017.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: SafeBrowse - 

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1936 B] - [2017/2/11 18:0:13]
C:/AdwCleaner/AdwCleaner[C1].txt - [1262 B] - [2017/9/19 16:4:49]
C:/AdwCleaner/AdwCleaner[C2].txt - [1397 B] - [2017/9/19 16:29:55]
C:/AdwCleaner/AdwCleaner[S0].txt - [2044 B] - [2017/2/11 17:59:25]
C:/AdwCleaner/AdwCleaner[S1].txt - [1240 B] - [2017/9/19 16:4:29]
C:/AdwCleaner/AdwCleaner[S2].txt - [1374 B] - [2017/9/19 16:29:36]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########

 

Also, since this started youtube isn't working properly, videos just don't load. Is it related?

Edited by Lithering
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Continue please, tell me if the isssue is cleared when complete... Make clean reinstall of your default browser Chrome:

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Remove all synced data from Chrome go here: https://support.google.com/chrome/answer/6386691?hl=en-GB follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome :

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en

Does that help....?

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
Download RogueKiller and save it on your desktop, ensure to download correct version..

RogueKiller (X86)

RogueKiller (x64)
 
  • Exit all running applications.
  • Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue.
  • If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon.
  • Click "Start Scan" to begin the analysis. This may take some time.
  • Once the scan is complete, click the "Open TXT" button to display the scan report.
  • Copy/Paste it's content in your next reply.


Post that log, do not use the delete option until i`ve see the log...

Thank you,

Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

When you made clean install of Chrome did you follow my listed instruction, also to clear synced data....?

I`m not fully conversant with Chrome, but have read that one of the extensions you have installed in Chrome "SafeBrowse" is known to inject Monero miner from Coin-hive.com.... There is also evidence of HPRewriter2, That is known browser hijacker...

Run RogueKiller again, when complete checkmark all found entries and use the Delete option. Post that log....

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Let me see those logs.....

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.