Web Protection

[Kpaul]

I am new to Malwarebytes  3.2.2, with Windows10 OS. My default setting had Web Protection "on", but searches in Chrome browser, for example, searching for "Mozart", resulted in "website blocked" by MB and an "ERR_SSL_PROTOCOL_ERROR. Turning web protection off, let's me run the search, but I now I am unprotected. ....what am I missing here?.  I would appreciate some guidance.

 

 

[exile360]

Greetings and welcome,

It sounds as though there might be something in your browser that may be redirecting your searches.  If you would, please open Malwarebytes and access the Settings tab and click on Protection then scroll down until you find the setting Scan for rootkits under Scan Options and check the box next to it to activate rootkit scanning, then return to the Scan tab and run a Threat scan.  Allow the scan to run until it completes, have Malwarebytes remove anything it detects if anything is detected and then allow Malwarebytes to restart your PC if prompted to do so.

Once that's done, assuming anything was detected and removed, go ahead and try browsing with Chrome again and let us know if it still displays the same behavior with web protection in Malwarebytes.

[Kpaul]

Thank you very much for the suggested steps - which I followed precisely.......400,000 items scanned, no issues were detected..... and I still have the same operating problem: if MB web protection is "On", any search is blocked, although I can go to fully spelled out websites. However, I tried the same thing with MS Edge browser - a search for "Mozart"  results in many pages of Mozart references with Edge, but results in the same error message indicated above with Chrome.......any ideas?

[exile360]

If it is happening in both browsers then it is possible that it is some sort of DNS hijacker or similar threat causing the issue.  In order to determine the cause and get it repaired/removed, please follow the instructions posted here and create a new topic in that part of the forums describing your problem (you may post a link back to this thread if you wish so that you don't have to repeat yourself) and also post the requested logs listed in the above linked topic and one of our malware removal specialists will assist you in checking your system and getting it cleaned up and in proper working order.

Please let me know if you have any additional questions before you get started and I'll do my best to answer them.

[Kpaul]

Samuel - the problem I described before (blocked searches, like "Mozart", when MB Web Protection is On) occurs ONLY on Chrome. Edge has no problems with such searches........can you suggest a solution?......paul

[exile360]

Ah, I misunderstood, my apologies.  If that is the case then it is likely that this is being caused by some browser add-on which is affecting your searches. It's possible that it's just a PUP (Potentially Unwanted Program) doing this so you can run ADWCleaner and JRT (Junkware Removal Tool) to see if either of them detects and fixes it since Malwarebytes 3 isn't picking it up in its scans.

If that doesn't resolve it then I would recommend following the instructions above to post in the malware removal area so that one of our specialists can take a look and fix whatever is causing the issue (again, most likely some rogue browser add-on; they're pretty common these days unfortunately).

[Kpaul]

Sam, I ran both tools you suggested - both cam up with nothing to clean up or remove. I did remember that I had disabled a Norton Internet Security plugin (Chrome or Outlook related, I can't recall which) that was in conflict with MS Outlook operation and causing  crashes. I have now enabled this feature in Norton again, but it seems to make no difference - searches are still blocked by Malware Bytes if web protection is enabled. Does this give you any further ideas?

So I now will follow you advice and post this on the malware removal section of the Forum, and hope an MB specialist will address the issue. Does my problem seem to be a new issue? 

Thanks for your prompt and diligent assistance.....paul

[exile360]

Honestly, it sounds a lot like one of the threats we've been seeing a lot of lately that uses a rootkit and a malicious browser plugin, but I don't want to scare you and there's certainly nothing concrete at this point to indicate that this is the case in your situation.

Yes, proceed with the malware removal and they will check your system and should be able to determine what the cause of the blocks is and get it resolved for you.

[Kpaul]

I went to download FRST64.exe as you suggested - however my Norton AV program considered it unsafe and removed it. So now I have a dilemma - what do I trust to find and remove a  potential threat that Norton, Malware Bytes, ADW Cleaner and JRT scans did not find?

Perhaps you could answer a couple of questions:

1. Is there a known incompatibility between Malware Bytes and Norton Internet Security, when both are operating on the same system?
2. MB Web Protection blocks my searches on Chrome, but not on Edge - is this  more likely to be an indication of malware in my system, or some incompatibility between MB and Chrome?
3. Since I can search on Edge (but not on Chrome), if I used Edge as my default browser, does MB Web Protection actually protect me or more likely just allows the threat to  redirect my searches undetected?
4. How can I view and remove all Chrome extensions?....perhaps just reinstall Chrome?

  

[exile360]

1. No, none that I'm aware of and I do know that not only do we test with Norton among others for compatibility, but I also know of several users who have visited these forums who run them together.
2. Most likely it is malware or a PUP (Potentially Unwanted Program) installed in Chrome, and the reason I believe it may be related to a rootkit is because recently there have been many such rootkits installing PUPs in Chrome and other browsers for profit.  With Chrome  being one of the most popular browsers today, if Malwarebytes was incompatible with it we'd have a major issue on our hands and tons of posts about this issue in our forums yet there are none that I am aware of.
3. Yes, it protects all browsers and in fact your entire system from connecting to sites in our block list because it actually works through the network stack, not via any plugin installed in any one browser.
4. You could do this, but if an infection is the cause, it will likely just reinstall it.

Regarding Norton's detection of FRST, simply have Norton allow it or temporarily disable Norton while running it so that you can get the log.  I assure you that file is indeed safe, however such diagnostic tools are often detected as potential threats by AVs because of their advanced scripting capabilities which malware removal experts use for the removal of malware.

Edited October 17, 2017 by exile360

[Kpaul]

Sam - thanks for your  succinct and clear reply to my questions. I thought that before I would let FRST clean up my system (an apparently invasive procedure), I would first reinstall Chrome, and see if the search blocking problem continues, or returns after a time, which would tend to confirm the infection hypothesis you articulated in your answer to my question #4. In getting ready to reinstall Chrome, I took these steps:

1. signed in to Chrome and took a look at Settings/Managing Search Engines
2. finding that in the "Default" section of Search Engine listings, Google had next to it the word "DISABLE" (not "DISABLED"), I clicked on it, causing it to disappear, and then set Google as the default s. engine.
3. in the "Other Search Engines" section there were many (20+?) engines listed, most were familiar based on my travels on the web. I deleted a bunch of search engines, including  Costco, Home Depot, TurboTax,  figuring they will come back if and when I go to these sites. But there was one I did not recognize: "1 und 1 Suche Schnell" - I have no idea what this is, but I deleted it.
4. After this, I tried a search for "Mozart", as before - and I got references to all things Mozart, without being blocked by Malware Bytes. I tried several other searches - no problems! It seems 3 and/or 4 above resolved the issue at least for now, so I did NOT reinstall Chrome,  and did NOT use that Farbar tool.
5. I regret that I made two changes at once, so I cannot be sure which one solved the problem, but I suspect #3, setting Chrome as the default browser. So my last question for now is, would all this explain the symptoms of blocked searches with MB web protection ON, and thus negate the malware infection hypothesis?

Once again, I greatly appreciate your help in chasing this issue. ..............paul

[exile360]

Yep, I think you got it with the removal of that search engine which you didn't recognize.  In all likelihood it was a malicious/spammy search provider which had been added to Google at some point and that's what was causing the blocks.

Also, just for future reference FRST when run as a scanner for the purpose of creating the log (per the instructions I linked to above) does not make any changes to your system, so it's not at all invasive.  It's simply a useful tool for showing the malware removal experts what's going on with a system and it also includes additional capabilities they may use to have you remove things which shouldn't be there such as malware, PUPs, broken settings etc. and that's the scripting capabilities I was referring to.

Anyway, it sounds like you've solved the issue and that you're in good shape now, but if the problem comes back or you have any other questions or issues please don't hesitate to let us know and we'll do all we can to assist.

[Kpaul]

I made a quick search for "1&1", and found a sizable footprint of a company involved with website hosting, search engine design and marketing, etc......seems "solid" and professional, though I reviewed it only superficially. In any case, I will observe my system's performance and review changes in the Search Engines listings.

thanks again.......paul

[exile360]

Sounds good.  You're most welcome, I'm glad to be of service and thank you for choosing Malwarebytes to keep you safe online  

Edited October 17, 2017 by exile360