Jump to content
eightsixone

untsorce.cool, unable to find/remove

Recommended Posts

Hello, untsorce.cool is being blocked by Malware bytes but not being removed. Please find attached log files for Malware Bytes scan (as admin), block log for uncool, adware cleaner and farbar recovery as per here: https://forums.malwarebytes.com/topic/247795-untsorcecool/

I've cleared cache for chrome and firefox

My computer is notably more slower since being alerted to this.

AdwCleaner[C00].txt uncool log.txt Malware bytes log.txt AdwCleaner[C00].txt FRST.txt Addition.txt

Share this post


Link to post
Share on other sites

I'd like to delete the attachments from my post asap, let me know once I can go ahead and do so.

Share this post


Link to post
Share on other sites

This thread / topic will be moved to Windows Malware Removal.

Share this post


Link to post
Share on other sites

Hi,  @eightsixone

     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

This Thread/topic is for member  eightsixone  only. who is the topic starter.

If you are not   eightsixone  , do NOT post here  .

 

[ 1 ]

The web protection module of Malwarebytes for Windows is keeping your pc safe.

For Your Information:

The website  Block message indicates that a potential risk was blocked by the malicious website protection. 

The Malwarebytes web protection, by default, will always show each IP block occurrence.

The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.

 

See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true

 

Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.

On Outbound blocks, any attempted connection was stopped.

[ 2]

Chrome browser is involved in this block event notice.  Lets start by taking care of turning off the Sync option.

Use Chrome browser to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".

 

[ 3 ]

for Chrome, while Chrome is open:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )


Let me know after all these steps are completed.

Sincerely,

 

 

Share this post


Link to post
Share on other sites

Hi Maurice, I have done this now. Note, I also cleared the cache etc as part of troubleshooting earlier.

Regards, eightsixone

Share this post


Link to post
Share on other sites

Thank you.

Let’s follow on  by doing a new thorough scan with Malwarebytes for Windows.   The goal is to see whether there is an infection or P U P.

 

Let's do one new run with Malwarebytes for Windows.

Start Malwarebytes.

Click Settings. Click Protection tab & scroll down to Scan options.

On the section "Potential Threat Protection"
look down at the one "Potentially Unwanted Programs (PUPs)" look and make sure it is set to
"Always detect PUPS ".

and

look down at the one "Potential Unwanted Modifications (PUM)" look and make sure it is set to
"Always detect PUM ".

and
scroll all the way down to the section Automatic Quarantine
On the line "Automatically quarantine detected malware" be sure it is ON



Then once all set there, click on SCAN button
Then insure Threat scan has a check mark. Then click Start scan.
Review the results list.
Then I would suggest you make sure all lines have a check mark

To that end, if you click the very top left checkbox you can force all detected lines ( if any are detected)  to be selected for removal. Be sure each line is checked.

 

image.png.ef68c05f33576eb995d4f08372a74b2c.png

Then you can proceed to click on the blue button Quarantine selected.


In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your next reply 

 

Share this post


Link to post
Share on other sites

Q:  You do not mention the result of the scan with Malwarebytes. In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your next reply 

 

Share this post


Link to post
Share on other sites

Last message "please provide further instruction"  was written last night but for some reason just went through, please ignore and thanks for the updated instructions.

The log is attached, nothing was found in the scan.

 

scan summary 180812.txt

Share this post


Link to post
Share on other sites

Thank you for the Threat scan log report.  That's a very fine result.

[ 1 ]

Lets get all your web browsers beefed up.

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[ 2 ]

This pc has both Firefox & Google Chrome browsers.  install the Malwarebytes beta browser extension for each one.  There is one for Chrome & another for Firefox.

To get & install the Malwarebytes beta Chrome extension,

Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

 

To get & install the Malwarebytes beta Firefox extension.

Open this link in your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

[ 3 ]

We can do some housekeeping on this pc.

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads folder

The tool named FRST64.exe  is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRST64

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your reply.    Also advise on the situation after this run.

NOTE:  Later on, I will be advising you to run Microsoft Windows Update so that this pc gets Windows 10 Build 1903.

Sincerely,

Fixlist.txt

Share this post


Link to post
Share on other sites

Please see attached. Is difficult to comment on the situation. My computer does not seem to be running as slow. But since the virus software didn't detect a virus and by your reports it was a malicious website... I'm not sure how to tell if things are fixed or not. I did also download bitdefender (no results) to do an additional scan to see if something else would turn up and use windows defender (1 result, may have been a false positive).

I have not had any warnings of untsorce in firefox (the browser I tend to use). I've periodically been using chrome to test it and no signs of untsorce warnings. I will run windows update later on today when I have a better internet connection.

Fixlog.txt

Share this post


Link to post
Share on other sites

OK.  Bravo.   Thanks for the Fixlog.  That was a very good run.

Special NOTE:

what this machine needs is to upgrade to the Windows 10 build 1903.  You should be able to manually get it thru Windows Update.

It may take repeated tries with Windows Update till your pc is able to see that Update.  You should make a try each day, from here on out, till you see it offered.

The suggestion I have is to go to the Start menu, click the Windows Settings icon. Select Update & Security.  Click on Windows Update.

The Windows Update ( eventually) will have a display like this when it shows up.

Note that the display will show the new build in a new way, in the middle of the display.  You will need to click on the blue line marked "Download and install now"  when ready.

 

image.png.f84f5d3f37d723aefbc587fd6a7783c5.png

 

Getting that Windows build update will put this pc in a better position for a more secure operating system.

 

This build is metered and controlled by Microsoft.  If you do not get offered 1903, do keep trying.   I'd suggest trying every day or every other day, at the top of the hour.

 

.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.