Jump to content
Parshooter

Trojan - Windows 7 32 bit - FireFox

Recommended Posts

Malwarebytes blocks some web sites with the attached warning (MBW_Warning.jpg). I trust the web site and other users of the web site do not report similar trouble.

I ran a Malwarebytes scan and a Farber scan. The results are also attached.

My computer is a Dell laptop running Windows 7 32-bit. My browser is FireFox v 67.0.4.

MWB_warning.jpg

FRST_Lefkowitz.txt Addition_Lefkowitz.txt mbw_scan_advanced_July_12_2019.txt

Share this post


Link to post
Share on other sites

Hello @Parshooter and :welcome:

The block could just be from an old, outdated extension you're running in Firefox. Also, Firefox was recently updated. Please do Help About and check for updates for Firefox

Nothing wrong with this entry aside from it being very old. Do you still use this or should it be removed?

Task: {8CCB086D-D3E8-4007-87D2-943E80E136D2} - System32\Tasks\TechSmith Updater => C:\Program Files\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [56640 2015-08-11] (TechSmith Corporation -> TechSmith Corporation)

Your Zoom Video Communications extension is also a bit old. If still using please check for any updates

 

Let me have you run the following fix to clean up a few minor things. If you're still getting the block notice then we can either fully reset Firefox or remove all the Extensions and put them back in one-by-one to see which one is causing the issue. Please temporarily disable Avast while running this fix. It will also reboot the computer and run a disk check for you.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

Share this post


Link to post
Share on other sites

I use Techsmith "SnagIt" software everyday. I don't know about the old installer for SnagIt. But I do use SnagIt frequently.

The Zoom thing must be from someone else who hosted a meeting I attended. No problem removing it.

I have the TXT file, thank you. But where do I find FRST? TXT files are not executables.

Share this post


Link to post
Share on other sites

That is a TechSmith sharing program from 5 years ago. I too run SnagIt on my system and I don't have any of those entries. Up to you, not an infection just seems like possibly wasted use of resources is all.

To run the script you copy the text file to the same location as FRST.EXE and the click the Fix button. The program will automatically find the text file and run the script in it. If the text file is not in the same directory it won't run

 

Share this post


Link to post
Share on other sites

Ok, ran the FRST with your script and re-booted. There was no further action by the FRST program after the re-boot. The FRST program told me there would be no further action before the re-boot.

Then I went to the GOLFUSION site that was blocked before and Malwarebytes continues to block the page. No change.

I went to FireFox Setup and looked at my installed extensions. There were only two and neither was Zoom. One from Cisco and the other was a pop-up blocker from Mozilla. I removed both. I have not yet re-started Firefox because I am writing this now.

I do not see the old TechSmith installer you found under Windows -> Control Panel -> Uninstall. I do see current SnagIt (version 12), but I want to keep that.

In the Windows Task Manager, under Services, I see TechSmith Uploader Service running. Is this the old program? I can stop it from running. Should I?

Share this post


Link to post
Share on other sites

Please post back the file from the fix. It will either be on your desktop or where you ran FRST from.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Thanks

 

Share this post


Link to post
Share on other sites
On 7/12/2019 at 5:54 PM, AdvancedSetup said:

"Are you still getting the block?"

"Please send me the website link you're using "

Yes. http://www.golffusion.com/


The Malwarebytes warning popup happen before I complete typing the URL. It's as if the trojan is active and has its own stack of URLs it wants to infect. After I tap the Enter key to go to the web site, Malwarebytes diverts to its big, warning:

Website blocked due to a Trojan

Your Malwarebytes Premium blocked this website because it may contain a Trojan.

But, again, I am reasonably certain the website is clean and my PC is dirty because I know other people who use this website without trouble.

Thank you.

On 7/12/2019 at 5:54 PM, AdvancedSetup said:

 

 

Share this post


Link to post
Share on other sites

The site is currently blocked by Malwarebytes on purpose. They're sharing a file that could be a potential threat to users. If you want to visit the site you will need to add it as an exclusion at this time until they remove that file

Thank you

Ron

 

Share this post


Link to post
Share on other sites

Thank you. I will.

One other matter: To use this forum, I must reset my password each time I log in. The site rejects my email + password each time. I must click the reset button, wait for the reset password, walk through that and then I can use the forum.

Thank you very much for working with me on this matter.

Share this post


Link to post
Share on other sites

The forum software has nothing to do with that. It is some setting in your browser that controls that. You can try another browser and it should not happen. Just need to find the setting and fix it in your browser.

Ron

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.