Jump to content
sabzzz

I keep getting website blocked due to trojan and other problems

Recommended Posts

I have been getting website blocked due to trojan. I had several threats removed via malwarebytes and adwcleaner, however, the website blocked due to trojan notifications continue and always for a site called the-extension.com. this is after running more threat scans and coming up clean

I tried to download adwcleaner from your site and chrome blocked the download, after allowing it to download, and doing a a custom threat scan, i had 6 PUP. since then i have ran another threat scan which comes up clean, but the above issue of website blocked due to trojan persists.

I will attach the reports and my most recent scan log

 

 

FRST.txt

Addition.txt

log.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Keep me posted.

Share this post


Link to post
Share on other sites

Thank you for the assistance

my system froze during the scan and i had to do a hard reset. after this i booted up Windows reconfigured some registry files and it said it is updating files. as if i had done a a Windows update. I got my system up and running, looks normal, still got an outbound connection website blocked notification from malwarebytes. Should I still reset the chrome Sync as instructed above?

Share this post


Link to post
Share on other sites

I am still getting website blocked due to trojan, outbound connection, after completing the instruction above. the instructed scans come back clean. would you like a log of the event?

Share this post


Link to post
Share on other sites

Your copy of Chrome has probably been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>>

How is it now?


 

Share this post


Link to post
Share on other sites

after the re-install I so far haven't gotten the website blocked notification, so far so good. If it starts to re-occur I will let you know.

Thanks again for the help

Share this post


Link to post
Share on other sites

Hi,

When you reinstalled Chrome did you remove the Sync as suggested in No.2 or post 6?

Share this post


Link to post
Share on other sites

Yes, I have also repeated the uninstall and reinstall a second time 

Share this post


Link to post
Share on other sites

Hi,

Run the Farbar (FRST) program and wait for the update to complete.

Post a fresh FRST.TXT log for my review.

p.s.

Do you get the MBAM notice when using an other browser?

 

Edited by nasdaq

Share this post


Link to post
Share on other sites

Here is the FRST log.

I haven't used any other browsers enough as of yet to determine if this occurs with them. I will do some browsing using firefox and see if it happens then. 

It seems to happen a few times times over a 24 hour period, and only when I have chrome up. 

FRST.txt

Share this post


Link to post
Share on other sites

In addition to the requested log I posted above, I would like to mention something odd I noticed when i did a microsoft security essentials scan. When it was scanning windows installer files, many of the names had an odd chinese character in the names. I believe my windows installer files may be compromised

Share this post


Link to post
Share on other sites

Hi,

The log is clean.

Do you use your phone or other devices that are sync to your computer?

If yes remove the Sync and do not reset it for a few days.

Let me know if the popups have returned with the Sync OFF.

Share this post


Link to post
Share on other sites

Hello,

I do not use and devices synced to the computer.

I have done some browsing with Firefox and have had no notifications, Chrome has not caused any in over 48 hours either.

I will turn Sync off and see how it goes.

I would like to add that around a week before this issue started I had removed Trojan.StolenData via adwcleanr. It looked to have been successfully removed.

Share this post


Link to post
Share on other sites

So far I have no more blocking due to trojan notification after using both chrome and Firefox with syncing off, however i did get an outbound block due to phishing.

I know my logs looked clean, but I would like to ask about this attached image. When I use Microsoft Security Essentials and it scans windows installer files, most have that chinese letter in the name, is that normal?

 

Untitled.png

Share this post


Link to post
Share on other sites

Hi,

If you can see the .msp file in the C:\Windows\Installer folder delete it.

Other wise there is nothing to worry about.

Share this post


Link to post
Share on other sites

Thank you for getting back to me about the installer files.

The rest of the problems look to be resolved, I am no longer receiving any block due to trojan notifications.

So far, so good.

 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.