Jump to content
AllyLane

Trojan detected on various browsers

Recommended Posts

Hi Fabulous MWB Team :)

Could you please check my system over?  New computer but suddenly I cannot open a couple different websites that I visited last week but I know should be 'safe'.

These are sites based here in Australia.  I have checked with the merchant and they have no known issues with their site.

My Antivirus (Kaspersky) blocks the sites from opening with the message as per below:

 
Access blocked

The requested URL cannot be provided

Object URL:

https://www.lights2you.com.au/

Reason: the object is infected by HEUR:Trojan-PSW.Script.Generic

 

I have had the same problem on three different browsers - IE, Firefox and Chrome.  Firefox in particular was behaving strangely.  Tried to uninstall/reinstall but would not run at all, so

I have removed it totally for now.

Logs are attached.

Thanks so much!

FRST.txt Addition.txt MWB Threat Scan.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
App Explorer (HKU\S-1-5-21-342898083-3662286053-1871714754-1001\...\Host App Service) (Version: 0.273.3.707 - SweetLabs)
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Thanks nasdaq.

All done, log is attached as requested.

The same problems I listed above still persist.

Fixlog.txt

Share this post


Link to post
Share on other sites

Thanks.

I have cleared cache in both browsers (IE and Edge), am still not running Firefox so have not tried.

The website is still blocked.  I have attached a report from my antivirus program to show you the error logs.

Starting to think this is a false positive.  When I disable Kaspersky, but leave MWB running, I am able to open the website on both browsers.

Kaspersky Report.txt

Share this post


Link to post
Share on other sites

nasdaq,

I have been in touch with Kaspersky, and this has nothing to do with a conflict with MWB.

It turns out that the website is actually infected with a malicious tool.  This tool, whatever it is, appears to have downloaded to my system.

I am now seeing a lot of hanging, slow shutdown, and programs crashing for no apparent reason.

My system is definitely infected.  Could you please help me to clean things up?

Share this post


Link to post
Share on other sites

Hi,

Check this Edge Syncing.
If the problem persists and you are Syncing Edge with other devices reset it.

https://www.tenforums.com/tutorials/36286-turn-off-sync-favorites-reading-list-microsoft-edge.html
===

If the problem persist run this program.

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

Run the Farbar program one more time and post fresh FRST.TXT and Addition.txt log for my review.


 

Share this post


Link to post
Share on other sites

Hi.

Your logs are clean.

Did the RogueKiller save the day?

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.