Jump to content

Careerbuilder.com virus?

FASD

By FASD
in Resolved Malware Removal Logs

 Share

Recommended Posts

FASD

FASD

Posted
Posted

www.careerbuilder.com suddenly kept popping up in new browser tabs on December 3.  Microsoft Security Essentials deleted/quarantined Trojan:HTML/Broconer!rfm and Trojan:HTML/Vigorf.A, but careerbuilder.com resumed popping up again exactly one week later on December 10 (just after midnight again).  Even when I close my browsers (Chrome then IE) or disconnect from the Internet, a browser opens up again trying to go to careerbuilder.com in never-ending tabs.  Virus scans have detected no malicious items, but is this a malware issue?

I have attached the Malwarebytes Threat Scan log so far.  I will work on the FRST, Additions and fixlog files next.

MB_ScanLog.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @FASD and :welcome:

Sorry for the delay.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Chrome does not show that it has been uninstalled. There are still many entries for Chrome. If you have saved your bookmarks and are certain they are not saved in any of the Chrome folders, I can help you to fully remove Chrome, and then you can reinstall it.

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yes, otherwise it will come right back. Please move your bookmarks out of the Chrome data folder structure.  That is not saving them in a safe place to recover them Tools and scripts designed to clean up all traces of Chrome will delete the bookmarks too if they're left here.

Please copy them to your My Documents folder or on an external USB drive and once ready let me know and I'll help you to fully remove Chrome. You did log into Chrome and remove the Sync data did you not ?

 

Link to post
Share on other sites
FASD

FASD

Posted
  • Author
Posted
13 minutes ago, AdvancedSetup said:

You did log into Chrome and remove the Sync data did you not ?

No, after I had uninstalled Chrome, I have not tried to log into Chrome or remove the Sync data (not sure how to do either).  Is it necessary to do this in order to prevent the Careerbuilder.com tabs from popping up again?  If so, how can I save my passwords and other synchronized data so I don't have to start all over after reinstalling Chrome?

I have copied that ...\Default\Bookmarks file (424 KB) into both a backup folder and a USB stick. 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Do you have a Google account that you log into? If so, then you log into Google via Chrome and go to your settings as described below

https://support.google.com/chrome/a/answer/6309115?hl=en

I assume you have a phone you can login to Google to disable the Chrome Sync without having to install Chrome again yet, is that true? Or another computer?

 

Link to post
Share on other sites
FASD

FASD

Posted
  • Author
Posted (edited)

I installed Chrome, clicked on Settings, and changed the "On - sync everything" to move all eleven sliders below from the right to left (off).

What steps should I do next?  The careerbuilder.com problem seems to only happen on weekends, and hasn't popped up since Sunday.

image.thumb.png.97531ee7e28ca0b237ab29c7518768b0.png

Edited by FASD
Link to post
Share on other sites
FASD

FASD

Posted
  • Author
Posted
36 minutes ago, AdvancedSetup said:

Test and see if it works

I logged out of Google and opened Chrome.  Unlike previous installs of Chrome, I was not asked if I wanted to sync.  Clicking on "Settings" and "Sync" still shows all eleven sliders above in the off/left position.  Clicking on "Manage synced data on Google Dashboard"  shows "Last time synced on Today at 3:05 PM" (> 1.5 hours ago).  What else should I test?

Should I continue using Chrome to see if the careerbuilder.com problem will return?

Link to post
Share on other sites
FASD

FASD

Posted
  • Author
Posted

Adblock Plus is included in Chrome, but if I want to block a WEBSITE such as www.careerbuilder.com from being opened, would changing the hosts file in C:\Windows\System32\drivers\etc\ work?  Is there a site blocking feature in Malwarebytes?

:

# localhost name resolution is handled within DNS itself.
#    127.0.0.1       localhost
#    ::1             localhost

127.0.0.1 www.careerbuilder.com

 

Link to post
Share on other sites
  • 1 month later...
FASD

FASD

Posted
  • Author
Posted
On 2017-12-14 at 7:10 PM, AdvancedSetup said:

Yes, currently adding it to your hosts file would be the best way.

This malware of opening up a browser to go to careerbuilder.com has returned. ☹️ I have changed the hosts file and blocked the URLs, but eventually, the malware opens up Internet Explorer and tries to go to careerbuilder.com.  I close IE but it keeps opening up.

I tried to “Set program access and computer defaults” to disable access to IE, but now it opens infinite tabs in Google Chrome so I can’t do anything. ? Please help on what else I can do.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay, let's do one more scan and see what's up.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites
FASD

FASD

Posted
  • Author
Posted
6 minutes ago, AdvancedSetup said:

PING   careerbuilder.com

Pinging careerbuilder.com [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

NSLOOKUP     careerbuilder.com

 

Server:  router.asus.com
Address:  192.168.1.1

Non-authoritative answer:

Name:    careerbuilder.com
Address:  208.82.7.22

Link to post
Share on other sites
FASD

FASD

Posted
  • Author
Posted (edited)

The problem just happened again with Chrome trying to go to careerbuilder.com in a new tab then another tab then another...  :(  I changed the default browser to IE since it has a setting to "Open links from other programs in" the current tab, so at least careerbuilder.com is only in one tab in IE, while I can hopefully continue to use Chrome (or Firefox?).  Any other workaround or fix that I can try next time it happens?

Edited by FASD
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

If the browser is really reset I'm failing to see how that can happen. Let's do a router reset.

Please review the following website and read it before continuing and then do a Hard Reset back to Factory Defaults for your router.
This information is only for resetting the router DO NOT erase, install, or update the firmware, just reset your router to factory defaults.

Reset And Reboot

Hard reset or 30/30/30

 

Link to post
Share on other sites
  • 1 month later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept