Jump to content
Hnaam

Blocked Pop-up unvisited webpage in Firefox

Recommended Posts

Hi.

Nearly 1 weeks ago suddenly Malwarebytes(Trial) started to Pop-up me a message about a blocked webpage I never visited. It always happened when I used Firefox and I use uBlock Origin(nothing happened with chorme yet).

Always the same page was blocked so I run malwarebytes, adwcleaner, ,win defender, eset, Zemana and neither found anything. Hitmanpro found some non dangerous tracking cookies and I deleted them. Still the pop-up continued. Once it stopped without Finding anything. Before the stop I run Ccleaner and clear everything however I dont know the last pop up was before or after the clear. My computer turned on slow so I deleted both eset and Malwarebytes and bit later installed Mba again.

A week passed and during browsing the same page started to pop up once again. I run again malware, adwcleaner and they found nothing again. At last Hitmanpro found mbae64.sys as a suspicious item.

 

Here is one of the log from Mba

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 17/02/2018
Protection Event Time: 16:26
Log File: db95b2bb-13f6-11e8-9f51-08606e7eb1ef.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3962
Licence: Trial

-System Information-
OS: Windows 10 (Build 16299.248)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Unspecified
Domain: go.pub2srv.com
IP Address: 78.140.191.74
Port: [51361]
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

 

Edited by Hnaam

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Hello and Welcome...

Let's try and get some logs first so the team can review them and see if they can tell what may be causing your issues....
 

  1. FIRST: Create and obtain Farbar Recovery Scan Tool (FRST) logs
  2. Download FRST and save it to your desktop
    Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  3. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  4. Press the "Scan" button
  5. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
    • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  6. NEXT: Create and obtain an mb-check log
  7. Download MB-Check and save to your desktop
  8. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK"
  9. This will produce one log file on your desktop: mb-check-results.zip
    • This file will include the FRST logs generated from the previous set of instructions
    • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area


 

Share this post


Link to post
Share on other sites

I will. Is it safe to export and import bookmarks or better to copy their address?

I dont know it is related with my problem but sometimes if I visit some wiki webpage what has a bacground image I got lot of text in the top of screen and the background image didnt load. After refreshing the page it loads correctly. Its not happen very often. Barely sometimes.

Edited by Hnaam

Share this post


Link to post
Share on other sites
1 hour ago, Hnaam said:

Is it safe to export and import bookmarks or better to copy their address?

You can do that, Bookmarks are not causing your issues.

Share this post


Link to post
Share on other sites

Is it possible Malwarebytes blocked that pop-up web page even if uBlock blocked too?

 

Share this post


Link to post
Share on other sites

I run again Hitmanpro and found this tracking cookie "ads.servebom.com". Hitmanpro said its not dangerous however I deleted this a few times already. Is it something related with my problem? If not is it something dangerous?

Edited by Hnaam

Share this post


Link to post
Share on other sites
12 minutes ago, Hnaam said:

I run again Hitmanpro and found this tracking cookie "ads.servebom.com". Hitmanpro said its not dangerous however I deleted this a few times already. Is it something related with my problem? If not is it something dangerous?

Did you do the firefox reset like I asked?

Share this post


Link to post
Share on other sites
Just now, Porthos said:

Did you do the firefox reset like I asked?

Yes I Did a moment ago, after Fifrefox refreshed itself and Restarted malwarebytes immediately blocked the pop up again

Share this post


Link to post
Share on other sites

I run again Hitmanpro and now found two new tracking cookies, ads.pubmatic.com and pubmatic.com. Also delted this ones several times. The blocked pop up page is "go.pub2srv.com"

Can we find a fast solution? My malwarebyes trial will expire within 2 days.

Edited by Hnaam

Share this post


Link to post
Share on other sites
3 minutes ago, Hnaam said:

I run again Hitmanpro and now found two new tracking cookies

You will always have tracking cookies. They are harmless. 

What is your "home page" in firefox?

Share this post


Link to post
Share on other sites
2 minutes ago, Porthos said:

You will always have tracking cookies. They are harmless. 

What is your "home page" in firefox?

The Basic homepage, but I usually used blank page .

Share this post


Link to post
Share on other sites
7 minutes ago, Hnaam said:

The Basic homepage, but I usually used blank page .

Get a new set of logs, please. FRST etc. 

 

Share this post


Link to post
Share on other sites
2 minutes ago, Porthos said:

Get a new set of logs, please. FRST etc. 

 

Here the logs

I dont know its important or not but before this problem started I got a Blue screen while watched Twitch. Afer I restarted my PC the account I used got damaged, nothing worked like commands the toolbar didnt work too. So I needed to reinstal my system howerer Im not really know how to so asked my trusted friend to do it.Hopefuilly I could saved every my files to a different HDD and the PC got reinstalled. My internet connection is slow so I asked him to save for me the needed drivers and he brought it with his pendrive. He installed them and  some another programs like Office, LAME, LADSPA,qBitorent and foxit reader, nothing more. After we was done I imported the bookmarks I saved from my prev system and I started to load every saved page and got the first blocked message from Malware

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Uninstall the Foxit reader plugins for now. Also, Do you use Firefox Sync?

 

Quote

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)

 

 

Share this post


Link to post
Share on other sites
2 minutes ago, Porthos said:

Uninstall the Foxit reader plugins for now. Also, Do you use Firefox Sync?

 

 

No, I never used. Try to refresh after deleted foxit reader? IS it enough to uninstal foxit reader plugins to delete program with Clenaer?

Edited by Hnaam

Share this post


Link to post
Share on other sites
2 minutes ago, Hnaam said:

IS it enough to uninstal foxit reader plugins to delete program with Clenaer?

Edited just now by Hnaam

All I am looking at is your plugins. Something in firefox is sending you to that web address.  The reason is Some free software includes advertising and the site that is getting blocked is an ad server. 

Also look at your ublock 3rdparty filters and add the checks from this picture that you do not already have checked. 

ublock filters.png

Share this post


Link to post
Share on other sites

These are my Ublock settings

I deleted foxit reader but some leftflover folder cant be deleted. It says its the fodler ot he file is opened in an another program.

 

I didnt have these progams in my prev system: LAME, qbittorrent, LADPSA, office(but already deleted), Foxit reader,

sdg.jpg

Share this post


Link to post
Share on other sites

My filters already looks like yours.

In the prev picure Adguard Spyware Filters wasnt selected so I left it unselected too. Now you circled it but still unselected. Need to turn on?

Edited by Hnaam

Share this post


Link to post
Share on other sites
3 minutes ago, Hnaam said:

Need to turn on?

Yes, Do you still get the block? If so get a full screenshot of firefox open with the block

Share this post


Link to post
Share on other sites
6 minutes ago, Porthos said:

Yes, Do you still get the block? If so get a full screenshot of firefox open with the block

Sadly got it, malwarebytes put it 2 times to the reports

add.jpg

Edited by Hnaam

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.