MHN39 Posted October 7, 2019 ID:1338714 Share Posted October 7, 2019 A website I visited (www.juventus.com) triggered a blocked outbound trojan warning, and I just realized that a couple weeks ago, Malwarebytes blocked a firefox exploit. I tried to download FRST but Windows Defender is claiming that the file contains a trojan itself. I just want to check to make sure that my PC is not infected, and if it is, to quickly resolve it. Exploit Report.txt Website blocked.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2019 ID:1338716 Share Posted October 7, 2019 Hello. My name is Maurice. I will be helping and guiding you, going forward on this case. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. If you will be away for more than 3 consecutive days, do try to let me know ahead of time, as much as possible. Please only just attach all report files, etc that I ask for as we go along. . The exploit protection and the real-time web protection of Malwarebytes for Windows are keeping your pc safe. Malwarebytes has multiple layers of protection. You saw that in action. For Your Information: The website Block message indicates that a potential risk was blocked by the malicious website protection. The Malwarebytes web protection, by default, will always show each IP block occurrence. The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC. See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done. On Outbound blocks, any attempted connection was stopped. No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56). A browser is not required to be running, just an active Internet connection with processes running, such as Instant messenger clients, SKYPE or Peer-to-peer software, to trigger these alerts. These are also triggered by banner ads running on websites which is the most common form of alert. . Let us begin by using this first special mini-tool. Please download Rkill from one of the following links and save to your Desktop: One, Two,Three or Four Double click on Rkill. A command window will open then disappear upon completion, this is normal. Please post the log Note: If your security software warns about Rkill, please ignore and allow the download to continue. But whatever happens, be sure you go ahead and do the following report for sure. Thanks. [ 2 ] We need to get detail information from this machine in order to have the proper detail to help you forward. NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support- 1.5.1.681.exe to run the report You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next You will be presented with a page stating, "Get Started!" Do NOT use the button “Start repair” ! Click the Advanced tab on the left column Click the Gather Logs button A progress bar will appear and the program will proceed with getting logs from your computer Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK Please attach the ZIP file in your next reply. Thank you. Link to post Share on other sites More sharing options...
MHN39 Posted October 7, 2019 Author ID:1338718 Share Posted October 7, 2019 Rkill.txt mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2019 ID:1338810 Share Posted October 7, 2019 Hello. Thanks for the reports. The logs show 2 block events when Firefox was in use, on the evening of the 6th. The blocks were on "clonyjohn.com". This may have been some sort of malvertising off the website that Firefox was on. ( 1 ) Look at the following Malwarebytes Blog article and scroll down to the section marked *Clear your browser's cache* and do that for each of your web browser programs.https://blog.malwarebytes.com/puppum/2017/04/adware-the-series-part-1/ [ 2 ] I would suggest you install the Malwarebytes Browser Guard for Firefox. Open this link in your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ Then proceed with the setup. [ 3 ] The last Malwarebytes scan on the 7th reported no malware & no P U P. You should do a new scan for a re-check. Let’s start by doing a new thorough scan with Malwarebytes for Windows. The goal is to see whether there is an infection or P U P. Let's do one new run with Malwarebytes for Windows. Start Malwarebytes. Click Settings. Click Protection tab & scroll down to Scan options. On the section "Potential Threat Protection" look down at the one "Potentially Unwanted Programs (PUPs)" look and make sure it is set to "Always detect PUPS ". and look down at the one "Potential Unwanted Modifications (PUM)" look and make sure it is set to "Always detect PUM ". and scroll all the way down to the section Automatic Quarantine On the line "Automatically quarantine detected malware" be sure it is ON Then once all set there, click on SCAN button Then insure Threat scan has a check mark. Then click Start scan. Review the results list. Then I would suggest you make sure all lines have a check mark To that end, if you click the very top left checkbox you can force all detected lines ( if any are detected) to be selected for removal. Be sure each line is checked. Then you can proceed to click on the blue button Quarantine selected. In Malwarebytes. Click the Reports button ( on the left ) Look for the "Scan Report" that has the most recent Date and time. When located, click the check box for it and click on View Report. Then click the Export button at the bottom left. Then select Text File (*.txt) Put in a name for that file and remember where the file is created. Then attach that file with your next reply Link to post Share on other sites More sharing options...
MHN39 Posted October 7, 2019 Author ID:1338827 Share Posted October 7, 2019 Quick question about Malwarebytes Browser Guard: I already have uBlock Origin on Firefox. Can I have both uBlock Origin and MBG on Firefox without conflicts between the two extensions? Malwarebytes Report 10-7.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2019 ID:1338829 Share Posted October 7, 2019 Yes you may have both browser extensions. Give it a try. I tend to believe you would do well with just the Malwarebytes Browser Guard. This scan report is most excellent. Bravo ! I would suggest a free scan with the ESET Online Scanner Go to https://www.eset.com/us/home/online-scanner/ Look on the right side of the page. Click Scan Now It will start a download of "esetonlinescanner_enu.exe"Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Link to post Share on other sites More sharing options...
MHN39 Posted October 7, 2019 Author ID:1338888 Share Posted October 7, 2019 ESET Log.txt Link to post Share on other sites More sharing options...
MHN39 Posted October 7, 2019 Author ID:1338889 Share Posted October 7, 2019 I added Malwarebytes Browser Guard to Firefox Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2019 ID:1338904 Share Posted October 7, 2019 Thanks for the report from ESET. That is a great report. You are good to go. You may delete the RKILL that I had you download. You should the "esetonlinescanner_enu.exe" that I had you download. You may delete mb-support- 1.5.1.681.exe & mbst-grab-results.txt I am glad to have helped you. It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use. Best practices & malware prevention: Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources. First rule of internet safety: slow down & think before you "click". Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos). Free games & free programs are like "candy". We do not accept them from "strangers". Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing. Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program. Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".Use a Standard user account rather than an administrator-rights account when "surfing" the web. See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet. Do a Windows Update. Make certain that Automatic Updates is enabled.https://support.microsoft.com/en-us/help/12373/windows-update-faq Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. For other added tips, read "10 easy ways to prevent malware infection" . All the best to you. Sincerely, Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2019 ID:1338905 Share Posted October 7, 2019 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts