Jump to content

Another domclickext.xyz


Recommended Posts

Hi, 

I will be helping and guiding you, going forward.
IF this machine runs on Windows XP, please stop and tell me about that.

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

I would also appreciate knowing which web browser is the one that encounters these block event notices.

.

For Your Information:

The website  Block message indicates that a potential risk was blocked by the malicious website protection. 

The Malwarebytes web protection, by default, will always show each IP block occurrence.

The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.

 

See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true

Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.

On Outbound blocks, any attempted connection was stopped.

Thank you.

 

Link to post
Share on other sites

  • Root Admin

Hello @Joeychgo and :welcome:

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Malwarebytes keeps blocking an outbound connection to domclickext.xyz, but can't find where the file is coming from after multiple scans. I've uninstalled Chrome and started with a clean install and it's still coming back. 

I've attached a text log of the protection event. If there is anything else I can provide, please let me know. 

Thank you in advance.

Link to post
Share on other sites

9 hours ago, Maurice Naggar said:

Hi, 

I will be helping and guiding you, going forward.
IF this machine runs on Windows XP, please stop and tell me about that.

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

   

logs attached. I mostly use chrome but tried firefox and same thing

mbst-grab-results.zip     

Link to post
Share on other sites

This reply is for Joeychgo only !

Please stick with this thread only.   Please do not intermingle with anyone else's topic while in the Malware Removal help sub-forum.

 

Thank you for providing the Support tool zip file.

Your pc has the latest Malwarebytes for Windows version 3.7.1.2839

Bravo.

Now then, as to Chrome browser & the block event notices. I would start by Uninstalling the add-on extension ""Awesome Screenshot: Screen Video Recorder"".

Start Chrome.

Look on the upper top right and click on the 3 dots ( or dashes) menu icon of Chrome ( top bar). 

Then click on More Tools > then click on EXTENSIONS.

 

Look for " Awesome Screenshot: Screen Video Recorder "

then if you see on its right a blue color slider, click or slide it to the left so that it is dimmed to grey color ( turned off)

Then click on REMOVE with your mouse.

[ 2 ]

I would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and or any open web browser after you have saved the Adwcleaner and before you start Adwcleaner.

Please download the current release for Malwarebytes AdwCleaner from here:
https://downloads.malwarebytes.com/file/adwcleaner

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.

 

You should then see a screen showing "Scan results".

Review what is listed. If something is listed that you know for sure is safe, then for that line, click the check-box on the left so that it is un-checked.

(NOTE, clicking the small right pointed little arrow, will cause the screen to refresh & show all line items . )

 

When ready, click on the button "Clean and repair".

If prompted to restart then click on "Clean & Restart Now".

 

 

 

When You see screen with "Your cleanup is complete", click on the View Log file button.

It should then show as a open window in your text editor ( normally Notepad).

Do a File >> Save As, given it a unique name and Save to your Desktop or some other permanent folder.

 

Kindly provide a copy of that run report. Attach it with reply.

When done with Adwcleaner, click the X button to Exit out.

[ 3 ]

Look at this Malwarebytes Labs Blog article
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Do the tips listed there for Firefox & for Chrome.
and if your pc runs Windows 10, do also the section for EDGE.

[ 4 ]

You may do some browser "beefing up" to help in general  to reduce unwanted ads.

beef up each web browser ( put an ad block extension).
Malwarebytes has a browser extension for Chrome & a separate one for Firefox browser.

 

See this article on our Malwarebytes Blog
How to tighten security and increase privacy on your browser

.

Look at the following Malwarebytes Blog article and scroll down to the section marked *Clear your browser's cache* 
and do that for each of your web browser programs.
https://blog.malwarebytes.com/puppum/2017/04/adware-the-series-part-1/

 

Keep me advised on all this.   Let me know how it goes.

Cheers.

Link to post
Share on other sites

Please always be quite specific as to what "did not work".

Did you mean another same Block event notice window?

or what else specifically ?

.

In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Block Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file

.

Start Adwcleaner program.
Then Click on Log Files on the left.

A list of logs will be listed.  Look for the ones with (Cnn
where nn is a number

Find the one with the C & with the latest, most current date.  I would like a copy of it.
Double click on that line.
It will open in your favorite default text editor.

Copy all lines from there.  Then PASTE all lines with your next reply.

Thanks.

.
For Your Information:
The website  Block message indicates that a potential risk was blocked by the malicious website protection.
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.

See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true

Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.
On Outbound blocks, any attempted connection was stopped.

No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).

 

Link to post
Share on other sites

Yes, another same Block event notice window

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-29-2019
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  4
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\OSTotoSoft
Deleted       C:\Users\Owner\AppData\Local\slimware utilities inc
Deleted       C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

Deleted       C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1500 octets] - [29/05/2019 00:56:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 

block report.txt AdwCleaner[C00].txt

Link to post
Share on other sites

Hi,

Thanks.

I would like for you to take a few minutes & devote them to putting the Malwarebytes Chrome extension add-on for the Chrome browser.

Info here

Open this link in your Chrome browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Link to post
Share on other sites

18 minutes ago, Maurice Naggar said:

I would like for you to take a few minutes & devote them to putting the Malwarebytes Chrome extension add-on for the Chrome browser.

 

um, well it happens in chrome and firefox.   Further, its being blocked, but not cleaned my malwarebytes already. What is this extension  going to do differently?

Link to post
Share on other sites

I would like you to do is to run the cleanup tool from Chrome - https://www.google.com/chrome/cleanup-tool/
It is made specifically by Chrome to cleanup Chrome browser.



If running the cleanup tool for Chrome did not help the problem then I would like to reset chrome back to defaults.


You can keep your "Bookmarks" if you want to keep them, but you have to export them first - http://support.google.com/chrome/bin/answer.py?hl=en&answer=96816 - Everything else should be removed.

Then I need you to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".
 

Reset Your Browser Settings

 

  1. In the top-right corner of the browser window, click the "Chrome Menu" icon (Three horizontal lines)
  2.  
  3. At the bottom, click "advanced "
  4. Scroll down until you see "Reset", Then click where it says "restore settings to their original defaults".
  5. In the dialog that appears, click "Reset".

Chrome-Settings-reset.png.5c814a60599aee52fdd22fa8550fc2cb.png

 

Close Chrome and restart it and check it out  please

 

Link to post
Share on other sites

You should consider rebuilding Chrome.

You can keep the bookmarks by exporting them - 
http://support.google.com/chrome/bin/answer.py?hl=en&answer=96816 Export Bookmarks


Follow instructions to remove all Google Sync data - 
http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/



Now we need to uninstall Chrome 

make sure to select the "Also delete your browsing data" tick box
https://support.google.com/chrome/answer/95319?hl=en-US

Re-install Chrome:
https://www.google.com/chrome/browser/desktop/


next, If your pc has no ad blocker add-on for your browser(s), 
I would suggest Malwarebytes beta Chrome extension
Open this link in your Chrome browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

After you have Chrome reinstalled please check things out and let me know how it is doing.

Link to post
Share on other sites

Do know that my function here is that of a volunteer helper.
I am not a spokesman nor a developer.

The pest Domclickext.xyz is due to malvertising. A website you visit has malvertising or a compromised ad network service.
 

The block notices are information & courtesy notices that the Malwarebytes website protection is keeping your system safe.
Technically, Malwarebytes Premium stopped some attempt to reach that site.
The mere showing or presence of the block notice does NOT mean there is any actual infection on your box.
The block stopped the attempt to do anything as far as that address.
In some cases though, the Chrome browser may have a browser extension that has gone rogue or happens to have some thing that leads to malvertising.
This is where a web browser rebuild is the best remedy.


It would help to know what actual URL-link-address your browser was on at the moment that the block notice was shown.
Can you get a screen-image-grab ?

If the browser was viewing a web page, I would like to have that address.
Now, if you happened to be reading Email online when the notice was triggered, it could be an Email has the bad link.

You should also know that the block notices can be turned off from displaying.   Your machine will still be protected by the Malwarebytes website protection.
In Malwarebytes program, click the Settings button.

Click the Application tab.
Scroll down to Notification section.
Look on the line marked Show Malwarebytes notifications in the Windows System Tray
Click that selection to OFF

Close the window when done.
.

 

 

Link to post
Share on other sites

  • Root Admin

Hello @Joeychgo

Just to interject for you per your request about our product handling this for you. It used to do just that but about a year ago Google changed that and now no longer allows any antivirus to inject and clean that code from your system properly. Google felt it would be safer for their browser if they did that. Obviously, not everyone agrees that was for the better.

Please continue on and Maurice will assist you as needed.

Cheers

Ron

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.