Jump to content

worldnaturenet.xyz constant notifications


Recommended Posts

  • Replies 99
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin
6 hours ago, BreadmanYan said:

Is it safe to reinstall chrome yet? I feel out of the loop using mozilla, I always see hitmanpro report a bunch of tracking cookies for it, and I don't feel like I could abandon my google account just yet.

I see the files in FRST's quarantine, should I delete them?

I do hope you're kidding here. Google Chrome tracks and records more of what you do than any other browser out there. Google probably knows more about you than NSA does. Marketing and tracking is part of how they make money.

 

2 hours ago, BreadmanYan said:

Now i'm getting this, what do I do? Danball is a clean site i've never had problems with, not sure if this is caused by me setting it as my default browser.

image.png.cbd586c4480aaf555ef567a72506cb28.png

Not sure what Danball is. This site block was for top10bestantivirus.com which is blocked due to fake tech support scams being hosted there

 

 

Link to post
Share on other sites

31 minutes ago, AdvancedSetup said:

I do hope you're kidding here. Google Chrome tracks and records more of what you do than any other browser out there. Google probably knows more about you than NSA does. Marketing and tracking is part of how they make money.

 

Not sure what Danball is. This site block was for top10bestantivirus.com which is blocked due to fake tech support scams being hosted there

 

 

I know Chrome's a total botnet, but the "search with google" and some other bits (not to mention I've been using it for quite some time) that breaking out of it is going to be a nightmare. I've stuck with it since it came out (it didn't help that my classes also used it aplenty), and I haven't used firefox on the regular since.

dan-ball.jp's just some japanese flash game site, it doesn't normally have malware or whatever, which makes that random popup of top10antivirus more suspicious. I don't know where it's coming from, since none of the sites I visit are susceptible to it - the site just came out of nowhere. 

Would this be a good setting, or should I set it to 'Never'?

image.png.37496541a7c9b1f73f51970981d150c2.png

29 minutes ago, AdvancedSetup said:

I would like you to reboot the computer a couple more times and browse the Web in general for another day with Firefox and/or Internet Explorer and ensure there are no longer any issues before we reinstall Chrome

Thank you

 

Will do.

Edited by BreadmanYan
Link to post
Share on other sites

  • Root Admin

We are not blocking dan-ball.jp (that is not a secure site) I would make sure you have and use an Ad-Blocker for both Firefox and Chrome.

That popup "could" be from an ad or from some other bogus code on their site. I use multiple add and script blockers and I don't have that link. My link is the correct one.

 

For Firefox you can use this or one like it:  https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

Once we get Chrome installed again then you should get an Ad-Blocker from the Chrome store

 

Please download PowerTool and save to your Desktop

 
 
 
Let's go ahead and check for any other potential issues.

Please follow the instructions below:

Right click on user posted image PowerTool, Select "Run as Administrator"

Windows 8/8.1/10 users may see the following, if so select "More Info"

user posted image

In the next Window select "Run Anyway"

user posted image

Initially click on square image to enlarge window to full screen (As shown in the image below)
Now click on Kernel tab (No. 1 on the image below)
Then click on Kernel Notify Routine (No. 2 on the image below)
Also click on Path so you sort the list by name (No. 3 on the image below)

user posted image

Right click anywhere on listed items under path (No. 4 on the image above) and select Export.

user posted image

Save exported file to your Desktop, zip up that file and attach to your reply....

user posted image user posted image

Thank you,

Ron......
Link to post
Share on other sites

This is what I was able to retrieve. Should I do anything about the extensions?

Aside from that, are outbound sites like worldnaturenet/top10bestantivirus/etc. caused by someone who's able to find me somehow and attempt to inject it, or do they just spontaneously appear?

Screenshot.PNG

notify.zip

Edited by BreadmanYan
Link to post
Share on other sites

  • Root Admin

Ads and JavaScript can make changes to your browser. It's all automated junk and not a specific user or hacker doing anything to you. It's attempted on millions of machines.

Microsoft disables extensions by default. I personally don't like that and find it dumb. I'll post you a link on how to reset those to show. Give me a few moments to check your log

 

Link to post
Share on other sites

  • Root Admin

 

Please download and run the following tool.

  • RQKuhw1.png RogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

 

Your next reply should therefore contain:

  • Copy/pasted RogueKiller clean log

Thanks

Ron

 

 

Link to post
Share on other sites

  • Root Admin

Sorry for the delay. Was having network issues I had to take care of on my end.

Let's reset Firefox. There should not be any blocks going on.

 

 

Firefox
Click on Help / Troubleshooting Information then click on the Refresh Firefox button.

 

Then, go get the Ad-Block add-on for Firefox and then run Firefox, reboot, and test it out again. There should not be anymore blocks going on from Malwarebytes after that.

 

Edited by AdvancedSetup
Link to post
Share on other sites

  • Root Admin

Sorry, wish I could help but as said. I don't use Chrome but I'm sure there may be some tweaking you can do with ublock or work with the vendor to make update changes. There are also other Ad blocking tools.

As we have found the cause and shown how it can be prevented we should be done here now. Unless there is something else you need I'll go ahead and close your topic soon.

Thank you again

Ron

 

Link to post
Share on other sites

7 minutes ago, AdvancedSetup said:

Sorry, wish I could help but as said. I don't use Chrome but I'm sure there may be some tweaking you can do with ublock or work with the vendor to make update changes. There are also other Ad blocking tools.

As we have found the cause and shown how it can be prevented we should be done here now. Unless there is something else you need I'll go ahead and close your topic soon.

Thank you again

Ron

 

What was the cause?

Link to post
Share on other sites

18 minutes ago, AdvancedSetup said:

Advertisements from websites

They use JavaScript to modify settings.

 

Well that explains it - but this started when avast warned me something about phishing on a google drive page, which then lead to a browser hijacker - where did something like that come from?

Link to post
Share on other sites

  • Root Admin

There is no way to know without doing a Forensic analysis. However, Forensic analysis requires that you do not fix it. That you image the drive ahead of time and then analyze what is going on. No one that I'm aware of will do free Forensic analysis. That is a very expensive operation normally only undertaken by law enforcement officials.

 

Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

 

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education, you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Thank you and take care

Ron

 

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.