Microsoft Edge CP issue

[snappypappy]

Hi, I am occasionally getting a Malwarebytes block on what appears to be an outbound Microsoft Edge CP redirect to "optimizedperformancebetter.com". I can not seem to find any information at all anywhere about this, and I apologize if this issue has already been dealt with. Every virus program and malware program I have tried comes up clean. The report lists the fraud domain as "jcibj.com". Does anyone out there know anything about this at all? Other than that, the computer runs perfectly. Thank you.

Here is the report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/29/18
Protection Event Time: 12:44 PM
Log File: 8df83aec-4bcc-11e8-866b-30e171c685a4.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4916
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Fraud
Domain: jcibj.com
IP Address: 104.20.137.14
Port: [53605]
Type: Outbound
File: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

 

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!!

Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact a Moderator or Administrator to let them know.

 

First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details:

Spoiler

Malwarebytes can detect and remove most malware with no further actions required for free.

If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below.

1. Open Malwarebytes for Windows
2. To the left, click Scan > Scan Types.
   
3. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available.
   
4. Click Start Scan

Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool:

Spoiler

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

1. Double-click to run it. When the tool opens click Yes to the disclaimer.
2. Press the Scan button.
   
3. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
4. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually.

Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply and Follow this topic to get notified when an expert has replied. Click "Reveal Hidden Contents" below for details.

Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

 

After posting your new post, make sure you click the Follow button near the top right of this page, and select the option "An email when new content is posted Change how the notification is sent" so that you're alerted by email when someone has replied to your post.

Please Note the Following:

• One of our expert helpers will give you one-on-one assistance when one becomes available.
• Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
• Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help
• If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here.

Troubleshooting Tips

• FAQ - Malwarebytes won't run or failed to resolve my issues
• Groups authorized to help with Malware Removal for Windows logs

[truenorth]

I've seen this too, from wunderground.com

[nasdaq]

Please download Malwarebytes Anti-Malware from here
 

• Right-click on the MBAM icon and select Run as administrator to run the tool.
• Click Yes to accept any security warnings that may appear.
• Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
• On the left menu pane click the Settings tab, and then select the Protection tab on the top.
• Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
• Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
• Note: The scan may take some time to finish, so please be patient.
• If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
• While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
• The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  

Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click the Scan button and wait for the process to complete.
• Click the LogFile button and the report will open in Notepad.
  

IMPORTANT

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions.

[snappypappy]

Here are the Malwarebytes and AdwCleaner reports. Both of them are clean. I am reluctant to use FRST because the Norton warnings are pretty clear that this might be a really bad idea. Although everything I read seems to indicate that bleepingcomputer is a reliable source, I'm not sure the risk is worth it. It would be easier for me to just use Chrome, since this problem seems directly connected with Microsoft Edge.

Malwarebytes Scan.txt

AdwCleaner[S01].txt

[nasdaq]

Hi,

I know, it does the same when I download the new version.

Trust it. Dequarantine it it's safe I can assure you.

 

 

[snappypappy]

FRST.txt

Addition.txt

[nasdaq]

Hi,

The file is good and in the correct path.

Navigate to this page and follow the instructions suggested by the Moderator in post no. 2.
https://answers.microsoft.com/en-us/edge/forum/edge_other-edge_win10/microsoftedgecpexe/9effffbf-171f-46fb-9982-62f9a15c954b

Start at the No. 2 and run DISM as suggested.

Do no 3 as well.

Keep me posted. 

[snappypappy]

Hi, nasdaq. It appears this has solved the problem. Excellent work. Many thanks. 

[nasdaq]

Hi,

Glad we could help.

[Heresiarch]

FYI, Some additional info on this redirect: I'm getting it in Chrome, MWB reports the system clean, looks to me like an errant ad. I first got a redirect to:

https://peer2fly.com/out?out=https%3A%2F%2Falfatarget.com%2F%3Fpid%3D8%26sid%3D4444444%26kw%3Dbuy%26f%3Dclick%26bu%3Dhttps%253A%252F%252Fpeer2fly.com%252Fclick.php%253Fkey%253Dsaptev8wpdbs7m6irm89%2526t1%253Dzone%2526t2%253D4444444%2526t3%253Dhttps://imgur.com/gallery/kdhvg0c%2526cost%253Dusdcost

Note that this is coming from imgur, which is where I got a redirect from previously. This redirected to:

https://trackingboox.com/click?node=17&time=1527043140&id=46&pid=8&fid=8&sid=9&rank=0&ad=eyJ0aXRsZSI6ImJ1eSIsInVybCI6InRyaXBob2JvLmNvbSJ9

(note that it's boox, not box), which redirected to

http://optimizedperformancebetter.com/index50A.php?eps=pNPPlOr9tvbKa7GV0jFpSDplRAcyu8lfASPtxTemSAWGTsEmo4mhjzn_0ot5_r6-Cl7wLE_T_N7Vphjl5IzgWA,,&F=*&G=buy&H=0.04

which is what hosted the "please call MS support" popup. I saw this yesterday as well. The final popup (I think, not gonna load this page) was:

http://combines.stream/live/?a=AZ&pagex=0&s1=pNPPlOr9tvbKa7GV0jFpSDplRAcyu8lfASPtxTemSAWGTsEmo4mhjzn_0ot5_r6-Cl7wLE_T_N7Vphjl5IzgWA%2C%2C&os=Windows&browser=Chrome&isp=[redacted]&ip=[redacted]

but with the two redacted bits in there.

[nasdaq]

Hi,

I think we have to use the big gun.
Follow the instructions in the order listed.

Remove Chrome from your Computer and reinstall a fresh copy later.

Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Restart the computer normally.

Re-install Chrome and the Bookmarks.
====

Do not resync Chrome just yet.

Run MBAM and remove any entry found.

Restart the computer normally.

Run MBAM and is should be gone.

Work with the computer for a day or two and if all is well resync Chrome if you want.

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks