Jump to content

Malware stops access to website mps.eanswers.com but does not detect malwa

PhilBurton

By PhilBurton
in Resolved Malware Removal Logs

 Share

Recommended Posts

PhilBurton

PhilBurton

Posted
Posted

Since about Oct. 26 every time I search with Firefox (default is Google), MalwareBytes blocks access to website mps.eanswers.com, on port 51600, 52204, and 52248, most recently.  If I search from within Outlook (using Bing), the search somehow gets redirected to Firefox.  The pop-up error message indicates varying IP address varies.  I'm using Malware Premium 3.61.  However, MalwareBytes does not detect any malware on my system in full system scans.  I'm also using Norton Internet Security, which comes with my Comcast service, and it also doesn't detect any malware.

Searches using Edge/Bing are OK.

At first I thought that some software I installed was the source of the malware, but I installed the same software on two different systems, and only one system is infected.

Both systems are running Windows 10 Pro 64, fully patched up.  Firefox is 64-bit , latest version.

Instead of doing a shotgun approach, how should I proceed methodically and efficiently to track down this problem?  I have reasonable technical skills.

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

p.s.
Post only one system (Computer) in this topic.

If you have an other computer which is affected create a new topic.
Run the Farbar program on that computer and post the logs.
Let me have the URL so that I can expedite the matter.


 

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Duplicate Cleaner Pro 4.1.0 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 4.1.0 - DigitalVolcano Software Ltd)
---

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

===

Please post the Fixlog.txt and let me know if the problem persists.

fixlist.txt

Link to post
Share on other sites
PhilBurton

PhilBurton

Posted
  • Author
Posted

nasdaq,

 

You are a genius.  thumbs.gif

I followed your instructions above, and browsing in Firefox now works normally.

Just wondering.  What made you decide that I needed to delete Duplicate Cleaner Pro 4.1.0 ?  I've had that program installed for months now on two different systems with no side effects like the browser problem I just experienced.  OK to re--install?  I just downloaded a fresh copy of this software from the website.

 

Fixlog.txt

Link to post
Share on other sites
PhilBurton

PhilBurton

Posted
  • Author
Posted

I re-installed Duplicate Cleaner 4.10 and it works fine.  It did not appear to install any adware.  After the re-install, I tested the search capability in Firefox, and that still works fine.

So I have just one remaining question.  Did your instructions in post #4 above actually remove the browser search hijacker or just disable it in Firefox?  If the latter, how do I identify and remove that malware?

Thanks again.

 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.