Jump to content

Malwarebytes and browsers disabled


Recommended Posts

Every few minutes the malware I'm infected with tries to open websites like pool.minexmr.com
This  leads MWB "real-time protection" to report it has blocked the website, but it does not quarantine the malware itself, which is not detected when it does a threat scan.

The signs and effects of the malware are as reported in previous posts in this forum - see  InstallShield Virus keeps on coming back By MatthewCostanilla, January 6 2019; and Infected by a very smart malware By xRaydenx, December 26, 2018

An executable file creates a process visible in Task Manager:

File = c:\Windows\SysWOW64\InstallShield\setup.exe
Process = "32-bit Setup Launcher"

Highly disturbing consequences, including:

Running mb3 and doing a scan right after bootup works, but finds nothing. If mb3 is run again it freezes up and cannot be killed by Task Mgr. The Support Tool freezes if run. 

Browsers freeze when attempting to run malware-related searches or to open malware-related websites

 My Windows and Office365 both lost their activation (others haven't reported this)

Things I have tried:

Following the first steps advised in the most recent of the posts mentioned earlier, I attempted to run mb3 in Safe Mode with Networking. It opened but with all layers disabled. When I tried to repair it with the Support Tool, the tool froze but it turned out that mb3 itself was completely removed.

I am attaching the logs gathered by the Support Tool;  details of the non-results of the last scan done in Normal Mode after bootup;   and an example of the websites that mb3 blocks in real time.

Any help you can offer would be much appreciated!

 

Threat Scan.txt

Websites Blocked.txt

mbst-grab-results.zip

Link to post
Share on other sites

Hello  and
:welcome:

Please take your time.

The issues appear to be happening with Chrome.
We will need to create new profile.

If you have Chrome Bookmarks that you want to save, you want to do that first.
Export / Import Bookmarks.

https://support.google.com/chrome/answer/96816?hl=en

Open your Chrome on all devices using Chrome as we need to make sure Chrome sync doesn't allow it back in.

• Go to Settings > People > Sync (or alternatively, enter the following in the address bar: chrome://settings/syncSetup)

• On the page, you'll see what synced data is enabled. Move all sliders to the left in order to disable all the syncing.

Please make sure Chrome is closed before running the fix

 

I have attached A file I need you to download and save it to the same place that you saved the FRST program

This fix will include removing temp files and emptying the Recycle Bin.

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

 

fixlist.txt

Link to post
Share on other sites

Hi there,

Fixlog.txt is attached

After the reboot initiated by FRST, I got a real-time warning from mb3 that a website had been blocked (see "Blocked website.txt") – but it was not one of the sites it had been warning me about before.

After doing a further reboot, as you recommended, I ran a threat scan that reported 21 PUPs (see "Scan report.txt"), but stupidly I didn’t ask it to quarantine them. Some hours later I returned to the PC and tried to do a search – and discovered that Bazz Search SafeFinder had hijacked Chrome. I performed a second scan, this time with quarantine ("Scan with quarantine.txt").  

I ran the mb support tool (which previously had crashed) and am attaching the logs it grabbed.

No problems with Windows or Office activation.

So it looks like you have gotten this evil thing out of my digital life, for which I am truly grateful!

I’m not certain whether I can turn on syncing again on the (now featureless) Chrome browser on the infected pc. Also, OK to turn it on again on the Chrome installations on my laptop and phone?

One last thing, which may be unrelated, but… on the second day of the malware invasion my Acrobat DC began to crash after having one or more files opened, with the attached error message. I purchased a new copy, did the uninstall/reinstall with their tech support, and the new version ran fine. But now  I’m getting the same error again.

 

Scan with quarantine.txt

mbst-grab-results 2.zip

Acrobat error.jpg

Scan report.txt

Blocked website.txt

Fixlog.txt

Link to post
Share on other sites

We're not finished cleaning yet.

I have attached A file I need you to download and save it to the same place that you saved the FRST program

This fix will include removing temp files and emptying the Recycle Bin.

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

 

fixlist.txt

Link to post
Share on other sites

Thanks for asking :)

Everything seems good, except for the problem with Acrobat crashing--which may have appeared by coincidence after the malware took over. 

mb3 hasn't issued any realtime warnings, and nothing is reported in the threat scan I just did.

Cheers !

 

Link to post
Share on other sites

I'd suggest working with Adobe for the Acrobat issue.

https://helpx.adobe.com/support/acrobat.html

 

I'm happy to have helped and glad this is resolved. As there are no other issues which need addressing we can now close this ticket.
 

Help Secure your browsers

Please install uBlock Origin for your browsers to better protect your system

FireFox, Chrome, and Safari 
Opera
Microsoft Edge

AdBlock for Internet Explorer

Follow-up Reading

Everything you need to know about cybercrime
10 easy ways to prevent malware infection 
Keep your data backed up

 

Thank you for choosing Malwarebytes
Peace Be With You

Link to post
Share on other sites
  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.