Jump to content

Blocked outgoing Go.myimgt.com 50720 logs


cybor462

Recommended Posts

I have Windows 10 Have Malwarebytes Premium. I keep getting popups from Malwarebytes saying its blocking content outbound to (go.myimgt.com 50720)

I have scanned with Malwarebytes and Windows Defender and both do not find any threats. This started happening after I made online purchases from banggood.com and tomtop.com now it happens on a regular basis. Both these websites are ecommerce sites that I purchase from. I do not think they are malicious. I use both Firefox and Edge browsers. It just happened tonight while I was using Egde.

Please help.

 

Link to post
Share on other sites

Hello cybor462 and welcome to Malwarebytes,

Follow the instructions at this link and post the requested logs: https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Also post the last 3 block reports: Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Website Block" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...

Thank you,

Kevin
Link to post
Share on other sites

Please refrain from starting new threads, keep all replies in this thread. I`ve merged your last new reply.....

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs in your next reply...

Thank you,

Kevin

fixlist.txt

Link to post
Share on other sites

The virus scan came back clean. I am attaching the other files. I do have a question. I have 8 external hard drives that are used on this system on occasion. How do I scan all them only way I know would be 1 at a time. I also have a sata box with 4 additional drives. I used to produce video and these all contain video, audio, jpgs as well as personal docs and other misc stuff. Most of these are only connected maybe one time a year but there are others like the drive I use for my PC backups another that we keep our personal docs and misc on and one of jpgs that are connected more frequently. How should I check these?

As far as I can see these are all you asked for. Let me know what is next. Thanks

Fixlog.txt

AdwCleaner[C0].txt

Link to post
Share on other sites

If your hard drives were connected they would have been scanned with Sophos AV.....

Quote

The Virus Removal Tool scans the following areas of your computer:

  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

You can scan them with Malwarebytes custom scan. Open Malwarebytes, select "Scan" then "Custom scan" any connected drives will be listed, checkmark the ones you want scanned...

How is your PC responding now, do you have any remaining issues or concerns other than your ext hard drives...?

 

Link to post
Share on other sites

The hard drives were not connected when I got the outgoing block notice. My thought if there is or was a virus it could still be lingering on one of them and when I connect them its back again. I only had the block outgoing traffic when using the browser and seems after being on the two websites I listed banggood.com and tomtop.com. I fly r/c and I order models and parts from those two. I just ordered last night when I got the notice of Malwarebytes blocking outgoing traffic. I do not know if it happens in the cart or just browsing, but seems only when I was making payment for an order.

I saw adwcleaner had found pup files it cleaned. Was that the issue? What did the logs show you? 

I wont be ordering anything for a little bit and can keep a watch out for it happening again when I do. 

Let me know what you found. Yes I would like to scan the hard drives since only 2 can be connected at a time. I do not want to infest my PC if its now clean what did you find? How would I scan the externals without getting infested if something is lingering on one?  Thanks   Jim

Link to post
Share on other sites

Which Browser were you using when the blocks happen, logs show Edge as Default browser, blocks list Firefox as the source...

There was no malware/infection found in FRST logs....

Regarding connecting hard drives, you can install McShield. That program is free and will check any external devices that are connected to your PC

Please download McShield by dr_bora and save it to your desktop.
 
  • Install it on your system.
  • It will initially run a scan and show the result as a toaster by the system clock.
  • When complete plugin your ext hard drive, McShield will check it out...
  • Plug in any Flash Drives you may use, they will be checked out.
Link to post
Share on other sites

 Being a Windows computer Edge is the default browser but I've used Firefox for so many years I'm just so used to it. I normally will use Firefox. I do use Edge occasionally when it will open for whatever reason by itself but normally I use Firefox.  If I uninstall Firefox will that take care of the problem?

I will download that program you mentioned to scan the hard drives. Would you say my system is clean or don't we really know yet?

Thanks Jim

Link to post
Share on other sites

The FRST logs are not indicating any malware or infection. If the blocks are still happening when Firefox is used then a clean install may help.....

Make a "Clean" install Firefox:

Use the following link for instructions how to back up your bookmarks, same link can be used to import saved Bookmarks:

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Next,

Remove all synced data from Firefox to stop possible re-infection or exploitation.

https://support.mozilla.org/t5/Sync-and-Save/How-do-I-set-up-Sync-on-my-computer/ta-p/21417

Next,

Go here: http://www.mozilla.org/en-US/ download save the latest version of Firefox.. We will install this later...

Next,

Lets totally remove Firefox and start over.

Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions...

Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present):

(32-bit Windows) C:\Program Files\Mozilla Firefox
(64-bit Windows) C:\Program Files (x86)\Mozilla Firefox

It is essential the installation folder is removed. Re-boot your system when that is completed....

Next,

To remove all remaining data and profile information...

Press "Windows key + R" to open the Run box
In the Run box, type in or copy and paste %APPDATA%
Click OK. A Windows Explorer window will appear.
In this window, choose/open in succession Mozilla > Firefox > Profiles.
Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete.

Re-boot your system when complete!

Next,

Use the Mozilla Firefox installer to reinstall your Browser....

When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons/extensions, use, start, stop or disable those features etc....

Ensure to use search to find and install AdBlock plus, Flashblock and DrWeb Anti-Virus Link Checker plus any other addons you normally use.... Now try surfing, see what happens...
 
Next,

The default browser can be changed: https://support.microsoft.com/en-gb/help/4028606/windows-change-your-default-browser-in-windows-10

Link to post
Share on other sites

Thanks for all your help I'm going to be leaving now but I will try to do the Firefox browser at some point tomorrow I could even probably just uninstall it and learn to live with Edge I guess but I may just try your method and see if that works and if it does then I guess I can use either one but again thanks a lot and I'll be in touch when I reinstalled Firefox per your instructions

Link to post
Share on other sites

I did the clean install and installed a number of plugins as you suggested. When I went to one of those websites the plug in stopped 2 trouble links. I blocked them permanently and it then continued to the website. I am guessing this site must have trouble links but it is a legit site. It is in China so who knows what they are up to.

I have found one problem now since all this was done on the PC. When I am in Outlook 2007 and I try to click on a link in an email, yours for example taking me to this topic it gives me a popup window saying that due to restrictions on this PC the function can not be completed. See your system admin. What happened here. There are a number of emails that I trust that I clink on links like for forums I am part of. When I am notified of a new post I can click on a link that takes me to the post. Now none of these work. How can I correct this?

 

Thanks

Edited by cybor462
Link to post
Share on other sites

I disabled DR Web as well as a couple other add ons but does not fix it. Also I scanned the first set of external drives MCshield found some files on one and deleted them. Then I scanned all four (enclosure with 4 drives) with Malwarebytes which found files on 2 of the drives and Quarantined them. 1 drive is compressed as it is used for backing up my PC. Will MWB or MCS scan the compressed files or does it just see it as one file? If so how do I scan it without decompressing it? Any other ideas why Outlook will not allow links to be clicked on?

 

Thanks

Link to post
Share on other sites

Regarding outlook, go here: https://support.office.com/en-us/article/Turn-on-or-off-links-in-email-messages-2D79B907-93B6-4774-82E6-1F0385CF20F8

Instructions show how to turn links on or off in emails,  does that help..

malwarebytes has an option for Archive scanning, that option is available via a Custom scan so you can point directly at the HD of choice. I`m not sure about McShield.

 

Link to post
Share on other sites

Not really an option. I have 9 email addresses with many emails needed to keep. I store them in place I know not a good thing but that's the way it is right now. Also Outlook 2007 it does not install well in Win 10. I had to pay for help to get it to install properly and it has been running flawlessly until we ran the scanners and virus tools. I rely on email and do not want to take any chance of messing with it now. Also I do not sync and Win 10 forces it to sync which I had addressed as well. Is there anything else that can be done to fix it? I do not want to purchase a new Outlook as this one has been working just fine until we scanned and removed files.

Link to post
Share on other sites

What I mean by sync Win 10 platform forces all your Windows equipment to sync with each other. I have laptops and tablets that I do not want to sync to this computer. I had it worked on so this computer does not sync with the others. If I install a new Outlook or re install it will need to be fixed again and I just had that done last year. Not looking to pay all over again. 

Link to post
Share on other sites

MCshield found files and deleted them in the very beginning. They were PUP files on the C: drive. I have also been finding them on the external HD's as well. Malwarebytes has been finding them. I have been working on them all day. It seems there were files but they were quarantined and deleted. Cant know if they were the cause since I did not run Firefox again until I did the clean install of it. They may have been the cause or maybe part of it. There were a couple exe files I think called unlocker.exe if I remember right which was deleted as well.

Edited by cybor462
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.