I keep getting website blocked due to trojan and other problems

[sabzzz]

I have been getting website blocked due to trojan. I had several threats removed via malwarebytes and adwcleaner, however, the website blocked due to trojan notifications continue and always for a site called the-extension.com. this is after running more threat scans and coming up clean

I tried to download adwcleaner from your site and chrome blocked the download, after allowing it to download, and doing a a custom threat scan, i had 6 PUP. since then i have ran another threat scan which comes up clean, but the above issue of website blocked due to trojan persists.

I will attach the reports and my most recent scan log

 

 

FRST.txt

Addition.txt

log.txt

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Keep me posted.

[sabzzz]

Thank you for the assistance

my system froze during the scan and i had to do a hard reset. after this i booted up Windows reconfigured some registry files and it said it is updating files. as if i had done a a Windows update. I got my system up and running, looks normal, still got an outbound connection website blocked notification from malwarebytes. Should I still reset the chrome Sync as instructed above?

[sabzzz]

I went ahead and reset sync. 

[sabzzz]

I am still getting website blocked due to trojan, outbound connection, after completing the instruction above. the instructed scans come back clean. would you like a log of the event?

[nasdaq]

Your copy of Chrome has probably been compromised

Remove Chrome from your Computer and reinstall a fresh copy later.

If you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Re-install Chrome and the Bookmarks.
<<<>>>

How is it now?

 

[sabzzz]

after the re-install I so far haven't gotten the website blocked notification, so far so good. If it starts to re-occur I will let you know.

Thanks again for the help

[nasdaq]

Glad we could help.

[sabzzz]

I hate to say this but I have just received the notification again. I will attach a log 

notification.txt

[nasdaq]

Hi,

When you reinstalled Chrome did you remove the Sync as suggested in No.2 or post 6?

[sabzzz]

Yes, I have also repeated the uninstall and reinstall a second time 

[nasdaq]

Hi,

Run the Farbar (FRST) program and wait for the update to complete.

Post a fresh FRST.TXT log for my review.

p.s.

Do you get the MBAM notice when using an other browser?

 

Edited February 26, 2019 by nasdaq

[sabzzz]

Here is the FRST log.

I haven't used any other browsers enough as of yet to determine if this occurs with them. I will do some browsing using firefox and see if it happens then. 

It seems to happen a few times times over a 24 hour period, and only when I have chrome up. 

FRST.txt

[sabzzz]

In addition to the requested log I posted above, I would like to mention something odd I noticed when i did a microsoft security essentials scan. When it was scanning windows installer files, many of the names had an odd chinese character in the names. I believe my windows installer files may be compromised

[nasdaq]

Hi,

The log is clean.

Do you use your phone or other devices that are sync to your computer?

If yes remove the Sync and do not reset it for a few days.

Let me know if the popups have returned with the Sync OFF.

[sabzzz]

Hello,

I do not use and devices synced to the computer.

I have done some browsing with Firefox and have had no notifications, Chrome has not caused any in over 48 hours either.

I will turn Sync off and see how it goes.

I would like to add that around a week before this issue started I had removed Trojan.StolenData via adwcleanr. It looked to have been successfully removed.

[sabzzz]

So far I have no more blocking due to trojan notification after using both chrome and Firefox with syncing off, however i did get an outbound block due to phishing.

I know my logs looked clean, but I would like to ask about this attached image. When I use Microsoft Security Essentials and it scans windows installer files, most have that chinese letter in the name, is that normal?

 

[nasdaq]

Hi,

If you can see the .msp file in the C:\Windows\Installer folder delete it.

Other wise there is nothing to worry about.

[sabzzz]

Thank you for getting back to me about the installer files.

The rest of the problems look to be resolved, I am no longer receiving any block due to trojan notifications.

So far, so good.

 

[nasdaq]

Glad we could help.

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks