Jump to content

go.normandoh resisting all removal attempts


Recommended Posts

Hi,

My name is Maurice. I will be helping and guiding you, going forward.

For the EDGE browser,

Look at the following Malwarebytes Blog article and scroll down to the section marked *Clear your browser's cache* 
and do that for EDGE.
https://blog.malwarebytes.com/puppum/2017/04/adware-the-series-part-1/

 

Please know that the website block notice(s) mean that the Malwarebytes web protection is keeping the pc safe.

 

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Link to post
Share on other sites

Hi,

Thank you for the Support tool report.   The website block notices are when Edge browser is used & are advisories that attempts to reach go.normandoh.com were blocked.

The website protection are keeping the pc safe.

The website  Block message indicates that a potential risk was blocked by the malicious website protection. 

The Malwarebytes web protection, by default, will always show each IP block occurrence.

The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.

 

See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true

 

Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.

On Outbound blocks, any attempted connection was stopped.

 

No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).

I see that the latest Scan with Malwarebytes for Windows reported no malware.   That is cool.

I see that Adwcleaner was recently run on June 12.

.

[ 1 ]

Look at the following Malwarebytes Blog article and scroll down to the section marked *Clear your browser's cache* 
and do that for each of your web browser programs.   Especially the EDGE browser
https://blog.malwarebytes.com/puppum/2017/04/adware-the-series-part-1/

 

[ 2 ]

F-Secure Online Scanner is a free scanner tool by F-Secure.
F-Secure Online Scanner searches for and can remove harmful items, viruses, spyware.
Please run the F-Secure Online Scanner

Press the "Run now" button

Press the Save button to save the tool to your system.

Next, go to the Downloads folder where the tool was saved.
Double click F-SecureOnlineScanner.exe to start the tool.


Accept the License Agreement.  Press the "Accept and scan" button.
Press the YES button when prompted by the Windows user account control prompt.

You will then see a scan progress screen displayed.
The scan will take some time to finish, so please be patient.

When completed, Watch to see what the "Scanning complete" screen shows.
{ You can ignore the offer for a trial of F-Secure Safe. }

When the scan completes, and it shows your pc is not safe & shows the F-secure Safe box-logo, you can click the X icon at the far top right to Close the screen.

Let me know what the results of the scan were.

 


 

 

 

Edited by Maurice Naggar
Link to post
Share on other sites

Thank you for your kind attention to my problem.

My responses in red

--F-Secure Online Scanner is a free scanner tool by F-Secure....Let me know what the results of the scan were.  Nothing harmful found. Why didn't it find go.normandoh?

--Look at the following Malwarebytes Blog article and scroll down to the section marked *Clear your browser's cache* and do that for each of your web browser programs.   Especially the EDGE browser https://blog.malwarebytes.com/puppum/2017/04/adware-the-series-part-1/   I should have told you in the previous response that I did this.

Other 

--The website block notices are when Edge browser is used & are advisories that attempts to reach go.normandoh.com were blocked...Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done. If I understand this all correctly, the go.normandoh threat has not been removed and therefore the  PUP block notices will continue because go.normandoh hijacks my web searches.  I understand that Malwarebytes is protecting my computer, but isn't the bottom line go.normandoh is still infecting Edge? If so, I will have to give up on Edge. The PUP notices are constant.

--On Outbound blocks, any attempted connection was stopped. No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).I don't know what an Outbound is.

--I see that the latest Scan with Malwarebytes for Windows reported no malware.   That is cool. I'm not sure why this is cool. Isn't go.normandoh malware? And it is still plaguing Edge. Doesn't that mean the Malwarebytes scan did not identify and remove it? 

I see that Adwcleaner was recently run on June 12. Ditto?

Thank you for any more help you can give.

--

 

 

 

Link to post
Share on other sites

Some "factor" in Edge is leading to a website block.

The website protection STOPped the attempted connection.   It is hard to explain a website block notice;    but, it does NOT mean that there is a actual malicious malware.

 

The website  Block message indicates that a potential connection risk was blocked by the malicious website protection. 

The Malwarebytes web protection, by default, will always show each IP block occurrence.

 

We can test that out by doing a special scan with Malwarebytes for Windows.

Run a scan with Malwarebytes.
Start Malwarebytes from the Start menu.

Click Settings. Then click the Protection tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long.

and again, be sure all detected items are removed.


Let it remove what it has detected.

Link to post
Share on other sites

My replies in red.

Some "factor" in Edge is leading to a website block. OK

The website protection STOPped the attempted connection.   It is hard to explain a website block notice;    but, it does NOT mean that there is a actual malicious malware. OK

The website  Block message indicates that a potential connection risk was blocked by the malicious website protection.  OK

The Malwarebytes web protection, by default, will always show each IP block occurrence. OK

We can test that out by doing a special scan with Malwarebytes for Windows. OK

Run a scan with Malwarebytes. 
Start Malwarebytes from the Start menu. Done

Click Settings. Then click the Protection tab. Done
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON Done
Click it to get it ON Done


Click the SCAN button. Done
Select a Threat Scan ( which should be the default). Done

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. Result--No threats detected

Then click on Quarantine selected. NA

 

Be sure all items were removed.NA

Then too, Repeat the scan one more time. It does not take long. No threats detected

and again, be sure all detected items are removed.  NA


Let it remove what it has detected. NA

Link to post
Share on other sites

Hi,

I would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close EDGE  and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner.

 

Please download the current release for Malwarebytes AdwCleaner from here:
https://downloads.malwarebytes.com/file/adwcleaner

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.

 

You should then see a screen showing "Scan results".

Review what is listed. If something is listed that you know for sure is safe, then for that line, click the check-box on the left so that it is un-checked.

(NOTE, clicking the small right pointed little arrow, will cause the screen to refresh & show all line items . )

 

When ready, click on the button "Clean and repair".

If prompted to restart then click on "Clean & Restart Now".

 

When You see screen with "Your cleanup is complete", click on the View Log file button.

It should then show as a open window in your text editor ( normally Notepad).

Do a File >> Save As, given it a unique name and Save to your Desktop or some other permanent folder.

 

Kindly provide a copy of that run report. Attach it with reply.

 

When done with Adwcleaner, click the X button to Exit out.

Thank you.

 

Link to post
Share on other sites

Thank you for your continued help.

I would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close EDGE  and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner. Done

Please download the current release for Malwarebytes AdwCleaner from here: Done

https://downloads.malwarebytes.com/file/adwcleaner

Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. Done

At the prompt for license agreement, review and then click on I agree. Done

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button. Done

Click the blue button "Scan Now". Done

allow it a few minutes to finish the Scan. Done

You should then see a screen showing "Scan results". Done

Review what is listed. If something is listed that you know for sure is safe, then for that line, click the check-box on the left so that it is un-checked. Did not recognize the one listed.

(NOTE, clicking the small right pointed little arrow, will cause the screen to refresh & show all line items . )

When ready, click on the button "Clean and repair". Done

If prompted to restart then click on "Clean & Restart Now". Done

 

When You see screen with "Your cleanup is complete", click on the View Log file button. Done

It should then show as a open window in your text editor ( normally Notepad). Done

Do a File >> Save As, given it a unique name and Save to your Desktop or some other permanent folder. Done

 

Kindly provide a copy of that run report. Attach it with reply. Done

 

When done with Adwcleaner, click the X button to Exit out. Done

AdwCleaner[C01].txt

Link to post
Share on other sites

Hi.   It is not necessary to echo all directions provided.   Thanks for the Adwcleaner report.

There were a couple of minor cleanups for Edge by that run.  Other than that, all else is good.

.

To prevent browser push ads:

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

also, if you use Chrome or Firefox browser, install the Malwarebytes beta browser extension.  There is one for Chrome & another for Firefox.

To get & install the Malwarebytes beta Chrome extension,

Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

 

To get & install the Malwarebytes beta Firefox extension.

Open this link in your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

Cheers.

Link to post
Share on other sites

Hi,

I hope you are doing well this weekend.

I would encourage you to try the following things:
[ 1 ]
Use the keyboard shortcuts to start an elevated command prompt.
Press and hold the Windows-flag key on keyboard & tap the X key
On the flyout menu, select "Command prompt (Admin)"
Click Yes to confirm

In the Command prompt, Copy and Paste this
start microsoft-edge:https://bing.com

Then do some normal, typical things in Edge.

[ 2 ]
Take a look at this article
How to Reset or Reinstall Microsoft Edge
https://www.groovypost.com/howto/reset-microsoft-edge-default-settings/


Comments:
When you wrote "I still cannot use Edge for web searches. "
Can you break that down and make it clearer?
Is it only web searches ?   & is that on a specific search engine?

Have you drilled thru the Edge settings & checked on all Preferences, including Search engine preference ?

In Edge >> click the ... to get to Settings.   Then on the General tab, click the "Advanced"

Address bar search >>> Change search provider


Does regular web browsing work?
What error message do you get, if any, from Edge?

Is there a website block notice from Malwarebytes ?
If yes, then kindly provide a recent log from Malwarebytes:
See this support article
https://support.malwarebytes.com/docs/DOC-1472

Link to post
Share on other sites

Hello Row51,

I am glad to know that the Edge issue has been cleared up.   Thank you for the news.

You are welcome.

I wish you all the best.

Microsoft Store has Ghostery ad blocker for free.   You may want to check it out & consider installing it.

 

Sincerely,

Maurice

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.