TheIceman3 Posted June 13, 2019 ID:1316994 Share Posted June 13, 2019 I'm not sure if this is the right place to post of if anyone can assist. I've been accused of using an "Amazon proxy" by a consumer survey website that I frequent and I have been blocked until I am able to resolve the cause of the flag. When I use "whatsmyip", it shows up as the accurate location and address for my local provider. I have run through MWB, Hitman, and TrendMicro so far trying to locate the cause of the issue. I have a desktop, a laptop, and a mobile phone that have all been checked with no luck solving the puzzle. I'm hoping that someone here and shine some light and help me get this issue resolved. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 14, 2019 Root Admin ID:1317013 Share Posted June 14, 2019 Hello @TheIceman3 and Please run the following steps and post back the logs as an attachment when ready and we'll see what we can find.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 17, 2019 Root Admin ID:1317420 Share Posted June 17, 2019 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 26, 2019 Root Admin ID:1318966 Share Posted June 26, 2019 Topic has been reopened per request. Thanks Link to post Share on other sites More sharing options...
TheIceman3 Posted June 26, 2019 Author ID:1318971 Share Posted June 26, 2019 Here's the info from my desktop reports. # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-06-18.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 06-22-2019 # Duration: 00:00:06 # OS: Windows 10 Pro # Cleaned: 4 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2289 octets] - [04/06/2019 19:55:09] AdwCleaner[C00].txt - [2323 octets] - [04/06/2019 19:55:37] AdwCleaner[S01].txt - [1371 octets] - [04/06/2019 20:02:46] AdwCleaner[C01].txt - [1583 octets] - [04/06/2019 20:03:07] AdwCleaner[S02].txt - [2391 octets] - [22/06/2019 21:45:50] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ########## Malware Desktop 6-22-19.txt Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 26, 2019 Root Admin ID:1318972 Share Posted June 26, 2019 I don't see any obvious infections. I do see where your networking is having some issues in the Event Logs. You might try temporarily uninstalling your Trend Micro Maximum Security and run with the built-in Windows Defender you have on Windows 10. It is a pretty good antivirus product these days so the system will be protected while you're testing. Then, also look at cleaning Google Chrome from all devices that use it. Please give that a try and let me know how it goes Ron Link to post Share on other sites More sharing options...
TheIceman3 Posted June 27, 2019 Author ID:1319118 Share Posted June 27, 2019 I have uninstalled Trend Micro at this point and am using Windows Defender. I believe that I was able to follow Miekiemoes steps on my desktop. I noticed today that my mobile Edge browser was bouncing my location around the United States and I frequently access the consumer survey site through my smart phone throughout the day. I have used the Mobile Malwarebytes and it has never found an issue, however I can't seem to find a log to export. I'm not sure how to resolve/alter mobile settings to remedy this. I have removed Edge at this time and reset my phone. I will work on attempting to access the survey site, and report my outcome. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 27, 2019 Root Admin ID:1319130 Share Posted June 27, 2019 I can help you with the PC Computer but if you're having issues with the mobile product on Android then it's best I have someone from the mobile team assist you. Link to post Share on other sites More sharing options...
TheIceman3 Posted June 27, 2019 Author ID:1319133 Share Posted June 27, 2019 I'm not sure which device is causing the "ban". I use both devices quite frequently to make extra income and the only information that I receive from them is that my account is being flagged by their security software for using a VPN/proxy that is designated as Amazon or Amazon.com. I will say that after removing Trend and the steps earlier, the page loads are faster. Is it easier to work on one device at a time, or PC and Mobile simultaneously with different admins. You're the experts and I defer to you. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 27, 2019 Root Admin ID:1319134 Share Posted June 27, 2019 So with Trend removed from the PC is the site still saying you're not allowed? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 27, 2019 Root Admin ID:1319135 Share Posted June 27, 2019 Is there a public link you can give me or send me a private message with a link that I can try? Link to post Share on other sites More sharing options...
TheIceman3 Posted June 29, 2019 Author ID:1319527 Share Posted June 29, 2019 I have requested that the admin check my status to see if the problem is resolved. The site itself is Your-surveys.com. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 29, 2019 Root Admin ID:1319535 Share Posted June 29, 2019 Hello @TheIceman3 We don't block that site with our product either. Let me know the outcome. Ron Link to post Share on other sites More sharing options...
TheIceman3 Posted July 2, 2019 Author ID:1319954 Share Posted July 2, 2019 Finally got a response from the support team: Thank-you for contacting Your-Surveys support. Your account is currently blocked as we have detected a proxy being used on your account. We do not allow proxy usage as it is against our terms of use: www.your-surveys.com/partner/terms_and_conditions Therefore your account will remain blocked at this moment in time whilst we identify the cause on your account. Below are some common trouble-shooting questions that our users have found to help them identify proxies on their accounts: Are you using any tools to protect yourself or make your websurfing private? Could you also please check your anti-virus settings as sometimes VPN/proxy settings are enabled without the user being aware of it. Or any tools that monitor/meter you for market research companies? You would most likely have received an incentive for installing them or continue to receive monthly/weekly incentives for keeping them installed. Do you access your account via a shared connection (e.g. work, school, cafe, public transport etc)? Do you use any VPN's or tools to surf as if you are in other countries, for things like watching TV or to access blocked sites? I don't access the site on my work PC, however I do through my laptop and smartphone. I can attach the necessary logs from the laptop tomorrow for your review. I have removed Trend as you suggested, however it might still be on the laptop (I don't use it very often). The only thing that I can think of would be a hidden extension that I can't locate/disable that is creating the ban. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 2, 2019 Root Admin ID:1319956 Share Posted July 2, 2019 Ask them to please provide you with the IP, Trace logs that is showing a proxy. You can use the following sites to look up your current IP that websites see when you visit. Your desktop and laptop should show the same IP. Your phone too if it's on your own router, but a different IP if you're using cellular data. http://whatsmyip.net/ https://www.iplocation.net/ https://iplocation.com/ You can post logs for the other system too if you like and I'll review them. Ron Link to post Share on other sites More sharing options...
TheIceman3 Posted July 6, 2019 Author ID:1320836 Share Posted July 6, 2019 They aren't being very helpful in providing me information to help solve the problem. They won't provide any logs and provided me with similar IP checkers to the ones you suggested. I have checked all 3 devices and they come back to my local ISP and city. I have attached two of the laptop lopgs at this time and will work on the other ones this weekend. I can't find anything on either of the PCs and feel like the most likely culprit is my smartphone. Laptop AdwCleaner[C00].txt Laptop MalWarebytes Report.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 6, 2019 Root Admin ID:1320869 Share Posted July 6, 2019 Well, the laptop is / was running quite a bit of junk. Please reboot it and run the following again for new fresh log. I will probably be busy all day tomorrow but will try to reply if possible. If not then maybe not until Monday. Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
TheIceman3 Posted July 7, 2019 Author ID:1321022 Share Posted July 7, 2019 Heres the most current logs for the laptop. Addition.txt FRST.txt Laptop AdwCleaner[C00].txt Laptop MalWarebytes Report.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 7, 2019 Root Admin ID:1321041 Share Posted July 7, 2019 Please go into Control Panel, Programs, Add/Remove and uninstall the following programs Bonjour Java 8 Update 40 McAfee Security Scan Plus Mozilla Firefox 43.0.1 (Please save your bookmarks from Firefox. Then I'd recommend you uninstall it as you have a very old version. Then download the latest version of Firefox)Quicktime 7 (https://support.apple.com/kb/DL837?viewlocale=en_US&locale=en_US) After you have uninstalled the items above and have rebooted the computer. Please temporarily disable your Avast antivirus and run the following fix. Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Thanks Ron Link to post Share on other sites More sharing options...
TheIceman3 Posted July 8, 2019 Author ID:1321212 Share Posted July 8, 2019 I think everything went through as instructed. Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 8, 2019 Root Admin ID:1321234 Share Posted July 8, 2019 Great, looks good. Let's go ahead and do a secondary scan using another antivirus program. Please download and run the following Kaspersky antivirus scanner to remove any found threats Kaspersky Virus Removal Tool Let me know if it finds anything or not Link to post Share on other sites More sharing options...
TheIceman3 Posted July 11, 2019 Author ID:1322042 Share Posted July 11, 2019 I have scanned both the laptop and desktop with Kaspersky with no threats found. I'm leaning more and more to my smart phone being the culprit. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 11, 2019 Root Admin ID:1322043 Share Posted July 11, 2019 You should be able to do some sort of browser reset with the phone as well. I am not an expert with the phones but I can Search for some reset pages if you like or even get one of our phone support agents to assist. Link to post Share on other sites More sharing options...
TheIceman3 Posted July 11, 2019 Author ID:1322044 Share Posted July 11, 2019 I have considered a complete backup and restore, however there are photos and messages that are irreplaceable so I want to make sure and do it correctly. I have installed the Malware mobile app and run it a few times with no luck, however maybe a mobiel expert can dig deeper if they know what to look for more than I do. Link to post Share on other sites More sharing options...
TheIceman3 Posted July 17, 2019 Author ID:1323190 Share Posted July 17, 2019 Any chance that you could include a mobile device admin in this chain to check out my phone? TIA Link to post Share on other sites More sharing options...
Recommended Posts