Jump to content
Lithering

Malwarebytes constantly blocks site coin-hive.com

Recommended Posts

Malwarebytes Premium Trial is constantly blocking a malicious website called coin-hive,com. Malwarebytes didn't detect any virus so i decided to use AdwCleaner. It detected PUP.Optional.Legacy, and it deleted it, but when i reboot the pc as adwcleaner asks me, malwarebytes continues blocking this website, and when i run AdwCleaner again, PUP.Optional.Legacy is there again. What do i do?

AdwCleaner report:

 

# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 19 16:54:04 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-18-2017.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: SafeBrowse - 

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1936 B] - [2017/2/11 18:0:13]
C:/AdwCleaner/AdwCleaner[C1].txt - [1262 B] - [2017/9/19 16:4:49]
C:/AdwCleaner/AdwCleaner[C2].txt - [1397 B] - [2017/9/19 16:29:55]
C:/AdwCleaner/AdwCleaner[S0].txt - [2044 B] - [2017/2/11 17:59:25]
C:/AdwCleaner/AdwCleaner[S1].txt - [1240 B] - [2017/9/19 16:4:29]
C:/AdwCleaner/AdwCleaner[S2].txt - [1374 B] - [2017/9/19 16:29:36]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########

 

Also, since this started youtube isn't working properly, videos just don't load. Is it related?

Edited by Lithering

Share this post


Link to post
Share on other sites

Continue please, tell me if the isssue is cleared when complete... Make clean reinstall of your default browser Chrome:

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Remove all synced data from Chrome go here: https://support.google.com/chrome/answer/6386691?hl=en-GB follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome :

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en

Does that help....?

 

Share this post


Link to post
Share on other sites

I did everithing you said but it keeps popping up, even when i had chrome uninstalled.

capture-20170919-150937.png

Edited by Lithering

Share this post


Link to post
Share on other sites

I've got the same problem with Firefox, Chrome OK......so I'll be watching this.  Did all the scans, MWB Premium, AVG, HerdProtect, HitmanPro, still the same outgoing block.

Share this post


Link to post
Share on other sites
Download RogueKiller and save it on your desktop, ensure to download correct version..

RogueKiller (X86)

RogueKiller (x64)
 
  • Exit all running applications.
  • Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue.
  • If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon.
  • Click "Start Scan" to begin the analysis. This may take some time.
  • Once the scan is complete, click the "Open TXT" button to display the scan report.
  • Copy/Paste it's content in your next reply.


Post that log, do not use the delete option until i`ve see the log...

Thank you,

Kevin

Share this post


Link to post
Share on other sites

This is a website that has this. Its not a local infection on the machine. Its a javascript embedded in the page usually. Just fyi.

What is the website you go to when this triggers?

 

Edited by shadowwar

Share this post


Link to post
Share on other sites

When you made clean install of Chrome did you follow my listed instruction, also to clear synced data....?

I`m not fully conversant with Chrome, but have read that one of the extensions you have installed in Chrome "SafeBrowse" is known to inject Monero miner from Coin-hive.com.... There is also evidence of HPRewriter2, That is known browser hijacker...

Run RogueKiller again, when complete checkmark all found entries and use the Delete option. Post that log....

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Let me see those logs.....

 

Share this post


Link to post
Share on other sites

I did not expect that you would have installed SafeBrowse, it came on your system 19 sept 2017, probably via hijacker...

Share this post


Link to post
Share on other sites

Safebrowse and browser hijacker are gone from your system, how is your PC behaving, any remaining issues or concerns...?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.