Jump to content

Infected but can't find it

Ditch67
 Share

Recommended Posts

  • Replies 97
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

nasdaq

nasdaq

Posted
Posted

Hi,

Was Chrome open when you got this message?

Your copy of Chrome has been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step3.gifIf you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step4.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step5.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step6.gif Re-install Chrome and the Bookmarks.
====

If the problem is also with Edge or Firefox let me know.

Link to post
Share on other sites
Ditch67

Ditch67

Posted
  • Author
Posted

Yes. Chrome was opened to Facebook at the time. 

 

I should note that my laptop is wired directly to the router.

(Other devices in the house are iPads using the WiFi and have had no

problems.) Am spending today using my laptop with just WiFi to see

if the direct connection is what's leaving me open to attacks.  

If Chrome gets a pop-up on wifi, I will immediately delete and reinstall it.

Will let you know how it goes.

 

Link to post
Share on other sites
Ditch67

Ditch67

Posted
  • Author
Posted

Virus pop-up came back within 1 minute. I had not signed into google or anything.

It should've had no way to synch. Same kind of deal as in post #53. 

I did restore my favorites from the html file Chrome created.

No idea if viruses can hide in that. 

 

 

Link to post
Share on other sites
Ditch67

Ditch67

Posted
  • Author
Posted

Deleted Chrome for now. Not a fan of Edge.  

Edge hasn't hit an ad recently, but task manager (like with Chrome) shows

the CPU run to 100%. At that point Chrome forced me to an ad page, 

but Edge tends to reboot the page I was already on. At least lately. 

Is there a loophole in java that overloads a game and forces a page change?

 

Link to post
Share on other sites
Ditch67

Ditch67

Posted
  • Author
Posted

Note that Arc Chat restored itself. Which is fine. It's for voice during a legitimate game I play.

The capture is of Edge starting to use vast amounts of memory and CPU. I don't think

it does that for other people playing Words with Friends on Facebook. It spikes for no

reason, when I haven't touched it. 3.7GB of ram and up to 100% CPU use is insane, right?

No other pages are open. No other programs running.

FRST6-8.txt

Addition6-8.txt

EdgeOverload1.jpg.463b794e4b548c6aefad2f60da256c19.jpg

 

Link to post
Share on other sites
Ditch67

Ditch67

Posted
  • Author
Posted

Have reinstalled Edge. It says "Something went wrong, but we resolved it
Microsoft Edge couldn't start properly, so we had to clear some data to get you back to browsing the web." It retained passwords. I have not imported the Favorites yet.

Would note to people that "Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" -Verbose}"  Can NOT be entered while in Safe Mode

"Get-AppXPackage : This service cannot be started in Safe Mode
This service cannot be started in Safe Mode
At line:1 char:1
+ Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Ad ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-AppxPackage], Exception
    + FullyQualifiedErrorId : System.Exception,Microsoft.Windows.Appx.PackageManager.Commands.GetAppxPackageCommand"

Despite the instructions: You have to resume normal mode, then use it, then reboot.

 

Would also note that I found a Google folder (odd since we deleted Chrome). 

It contains the folders "CrashReports" and "Software Reporter Tool".  I found this because another user messaged

me about having the same Chrome problems where she ended the Task "process_reporter_tool" and that cleared it up.

I've kept the files from it, if you'd like to see them... let me know.

 

Am keeping an eye on Edge for now. Have not reinstalled Chrome.

 

 

 

 

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

It's either a Syncing issue with Edge or the Malwarebytes Notification is On.

First Edge.
Stop the Syncing.
https://www.tenforums.com/tutorials/36286-turn-off-sync-favorites-reading-list-microsoft-edge.html
When done restart the computer normally.

It that was the issues it will stop.

===

Change the setting Show Malwarebytes Notifications to Off
https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png

===

If the problem persists I suggest you start a new topic in the
Malwarebytes 3 Support Forum
https://forums.malwarebytes.com/forum/41-malwarebytes-3-support-forum/

An expert will be able to help you with MBAM.

Explain your problem with Edge.

I will keep this topic open for 6 days.

Link to post
Share on other sites
Ditch67

Ditch67

Posted
  • Author
Posted

Oddly you have to turn the Computer's setting Sync to On in order to turn the

Edge's Syncing Off. (Otherwise it's locked and greyed out.)  … It's now off.

 

Malware Bytes was already set with the Notifications switch Off.

 

I will report results here for information's sake. 

 

(I'm guessing Chrome is unsalvageable, then.)

 

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

(I'm guessing Chrome is unsalvageable, then.)

Try this again.
step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step3.gifIf you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step4.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step5.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

DO NOT REINSTALL IT JUST YET.

Restart the computer normally.
===

Please download, install and Run Revo Uninstaller (Freeware) from here.

Run Revo Uninstaller and select CHROME
Click Uninstall icon and follow the prompts
When finished choose Scan
Delete all the highlighted Registry items
Click Next
Select all the folders and files listed by Revo
Click Delete
Reboot the computer when Revo is finished.
===

Now reinstall Chrome.

step6.gif Re-install Chrome and the Bookmarks.
====

How is it now?
 

Link to post
Share on other sites
Ditch67

Ditch67

Posted
  • Author
Posted (edited)

I've given up on Chrome and installed Firefox. Keeping Edge 

(not like people have a choice there).

 

Unfortunately, since yesterday, Words with Friends for Facebook will

not load on either browser.  Any chance Malwarebytes did this? 

I only ask because they once blocked Candy Crush on Facebook

and only allowed it thru after I wrote to them. 

 

(Installed Revo. Chrome is not listed as being found.)

 

Edited by Ditch67
Link to post
Share on other sites
Ditch67

Ditch67

Posted
  • Author
Posted

Rats....  At http://upnorthlive.com/news/nation-world/federal-judge-jails-ex-trump-campaign-chair-paul-manafort-ahead-of-trial

I got another hijack attempt on Edge.  Is westerndigitalmeasure.com a legitimate address/company? 

If all it does is try to breach security, why can't it be shut down? Also, does my computer have a virus,

or are regular websites and their legitimate ads being tampered with?

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/16/18
Protection Event Time: 9:21 PM
Log File: ca253422-71cc-11e8-91b4-509a4cc94828.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5512
License: Premium

-System Information-
OS: Windows 10 (Build 17134.112)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Hijack
Domain: westerndigitalmeasure.com
IP Address: 192.241.254.144
Port: [53773]
Type: Outbound
File: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

 

(end)

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted


Hi,

Domain: westerndigitalmeasure.com


IP Address: 192.241.254.144

The IP address 192.x.x.x is coming from your Computer.
Not fiound in your logs.

----

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Keep me posted.

Link to post
Share on other sites
Ditch67

Ditch67

Posted
  • Author
Posted (edited)

I reset the router. But got this today while at my local news page using Edge [Malwarebytes didn't prevent it]
It showed up while I was in the middle of reading the article, changing to the page shown below.

(http://upnorthlive.com/news/local/3-democrats-running-for-michigan-governor-have-1st-debate)

Malware address: http://mcafeesecurity.application-center.me/4/?utm_source=dhara1&amp;utm_pubid=d4908ba5-c683-48e4-9324-4a755d8a986c&amp;x-context=wBFHLMDILJIDFDQE1JC7API0&amp;xm=lm.vxilehikc0dxq.stream

 

mcaffeefake.jpg.4757e59db6bdfe85c2835dcd8bce5efa.jpg

 

 

 

 

Edited by Ditch67
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.