Jump to content

Recommended Posts

I'm not sure if this is the right place to post of if anyone can assist.  I've been accused of using an "Amazon proxy" by a consumer survey website that I frequent and I have been blocked until I am able to resolve the cause of the flag.  When I use "whatsmyip", it shows up as the accurate location and address for my local provider.  I have run through MWB, Hitman, and TrendMicro so far trying to locate the cause of the issue.  I have a desktop, a laptop, and a mobile phone that have all been checked with no luck solving the puzzle.  I'm hoping that someone here and shine some light and help me get this issue resolved.

Share this post


Link to post
Share on other sites

Hello @TheIceman3 and :welcome:

 

Please run the following steps and post back the logs as an attachment when ready and we'll see what we can find.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites

Here's the info from my desktop reports.

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-22-2019
# Duration: 00:00:06
# OS:       Windows 10 Pro
# Cleaned:  4
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2289 octets] - [04/06/2019 19:55:09]
AdwCleaner[C00].txt - [2323 octets] - [04/06/2019 19:55:37]
AdwCleaner[S01].txt - [1371 octets] - [04/06/2019 20:02:46]
AdwCleaner[C01].txt - [1583 octets] - [04/06/2019 20:03:07]
AdwCleaner[S02].txt - [2391 octets] - [22/06/2019 21:45:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

Malware Desktop 6-22-19.txt Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

I don't see any obvious infections. I do see where your networking is having some issues in the Event Logs.

You might try temporarily uninstalling your Trend Micro Maximum Security and run with the built-in Windows Defender you have on Windows 10. It is a pretty good antivirus product these days so the system will be protected while you're testing.

Then, also look at cleaning Google Chrome from all devices that use it.

Please give that a try and let me know how it goes

Ron

 

Share this post


Link to post
Share on other sites

I have uninstalled Trend Micro at this point and am using Windows Defender.

I believe that I was able to follow Miekiemoes steps on my desktop.

I noticed today that my mobile Edge browser was bouncing my location around the United States and I frequently access the consumer survey site through my smart phone throughout the day.  I have used the Mobile Malwarebytes and it has never found an issue, however I can't seem to find a log to export.  I'm not sure how to resolve/alter mobile settings to remedy this.  I have removed Edge at this time and reset my phone.

I will work on attempting to access the survey site, and report my outcome.

Share this post


Link to post
Share on other sites

I can help you with the PC Computer but if  you're having issues with the mobile product on Android then it's best I have someone from the mobile team assist you.

 

Share this post


Link to post
Share on other sites

I'm not sure which device is causing the "ban".  I use both devices quite frequently to make extra income and the only information that I receive from them is that my account is being flagged by their security software for using a VPN/proxy that is designated as Amazon or Amazon.com.  

I will say that after removing Trend and the steps earlier, the page loads are faster.  

Is it easier to work on one device at a time, or PC and Mobile simultaneously with different admins.  You're the experts and I defer to you.

Share this post


Link to post
Share on other sites

I have requested that the admin check my status to see if the problem is resolved.  The site itself is Your-surveys.com.  

Share this post


Link to post
Share on other sites

Finally got a response from the support team:

Thank-you for contacting Your-Surveys support. Your account is currently blocked as we have detected a proxy being used on your account. We do not allow proxy usage as it is against our terms of use: 

www.your-surveys.com/partner/terms_and_conditions 

Therefore your account will remain blocked at this moment in time whilst we identify the cause on your account. Below are some common trouble-shooting questions that our users have found to help them identify proxies on their accounts: 

Are you using any tools to protect yourself or make your websurfing private? Could you also please check your anti-virus settings as sometimes VPN/proxy settings are enabled without the user being aware of it. 

Or any tools that monitor/meter you for market research companies? You would most likely have received an incentive for installing them or continue to receive monthly/weekly incentives for keeping them installed. 

Do you access your account via a shared connection (e.g. work, school, cafe, public transport etc)? 

Do you use any VPN's or tools to surf as if you are in other countries, for things like watching TV or to access blocked sites? 


I don't access the site on my work PC, however I do through my laptop and smartphone.  I can attach the necessary logs from the laptop tomorrow for your review.  I have removed Trend as you suggested, however it might still be on the laptop (I don't use it very often).  

The only thing that I can think of would be a hidden extension that I can't locate/disable that is creating the ban.

Share this post


Link to post
Share on other sites

Ask them to please provide you with the IP, Trace logs that is showing a proxy.

You can use the following sites to look up your current IP that websites see when you visit.

Your desktop and laptop should show the same IP. Your phone too if it's on your own router, but a different IP if you're using cellular data.

http://whatsmyip.net/

https://www.iplocation.net/

https://iplocation.com/

 

You can post logs for the other system too if you like and I'll review them.

Ron

 

Share this post


Link to post
Share on other sites

They aren't being very helpful in providing me information to help solve the problem.  They won't provide any logs and provided me with similar IP checkers to the ones you suggested.  I have checked all 3 devices and they come back to my local ISP and city.  I have attached two of the laptop lopgs at this time and will work on the other ones this weekend.

I can't find anything on either of the PCs and feel like the most likely culprit is my smartphone.  

Laptop AdwCleaner[C00].txt Laptop MalWarebytes Report.txt

Share this post


Link to post
Share on other sites

Well, the laptop is / was running quite a bit of junk.

Please reboot it and run the following again for new fresh log.

I will probably be busy all day tomorrow but will try to reply if possible. If not then maybe not until Monday.

 

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Please go into Control Panel, Programs, Add/Remove and uninstall the following programs

Bonjour
Java 8 Update 40
McAfee Security Scan Plus
Mozilla Firefox 43.0.1
(Please save your bookmarks from Firefox. Then I'd recommend you uninstall it as you have a very old version. Then download the latest version of Firefox)
Quicktime 7  (https://support.apple.com/kb/DL837?viewlocale=en_US&locale=en_US)

 

After you have uninstalled the items above and have rebooted the computer. Please temporarily disable your Avast antivirus and run the following fix.


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

 

 

Share this post


Link to post
Share on other sites

Great, looks good. Let's go ahead and do a secondary scan using another antivirus program.

 

Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not

Share this post


Link to post
Share on other sites

I have scanned both the laptop and desktop with Kaspersky with no threats found.  I'm leaning more and more to my smart phone being the culprit.  

Share this post


Link to post
Share on other sites

You should be able to do some sort of browser reset with the phone as well. I am not an expert with the phones but I can Search for some reset pages if you like or even get one of our phone support agents to assist.

 

Share this post


Link to post
Share on other sites

I have considered a complete backup and restore, however there are photos and messages that are irreplaceable so I want to make sure and do it correctly.  I have installed the Malware mobile app and run it a few times with no luck, however maybe a mobiel expert can dig deeper if they know what to look for more than I do.

Share this post


Link to post
Share on other sites

Any chance that you could include a mobile device admin in this chain to check out my phone?  TIA

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.