Jump to content
Washed_Up

ANSWERED Constant Website Blocking

Recommended Posts

Hey, I have had Malwarebytes for a while now and occasionally it block a website or to and I have it scan my machine everyday (Windows OS). But all of a sudden starting at 12:26 am 1/4/20 I keep getting a constant notification altering me that it has block a website due to risk ware. This has happened 8 times from 12:26 am - 1:06 am. I have never had a virus on this machine and it is about a half a year old ill say. I'm just worried and would like some advice.

... 

While I was writing this I have gotten 2 more popups.  

Thank you - Washed Up

Screenshot (28).png

Share this post


Link to post
Share on other sites

Is your browser opened while you are receiving these notifications?

As it might be infected with malicious extension.

Share this post


Link to post
Share on other sites

Yeah I do have my browser open most of the time so that could be it. I have about 6 extensions : BTTV (Better Twitch TV), Honey, HTTPS:// Everywhere, Chrome Remote Desktop, Social Blade, and Ublock Origin. 

The newest one I added was Ublock Origin since it is an adblock that works on twitch. 

Share this post


Link to post
Share on other sites

Honey and Ublock are not your issues. I have no experience with the others you mentioned.

 

Share this post


Link to post
Share on other sites

I did go through my extensions and had a random "Google Doc Offline Viewer". I got rid of that so it could be it.

Share this post


Link to post
Share on other sites

@Washed_Up

Please read and follow the instructions in this topic and then create a new topic in our malware removal area by clicking here and one of our malware removal specialists will assist you in checking and clearing the system of any remaining threats.

 

Share this post


Link to post
Share on other sites
1 hour ago, Porthos said:

@Washed_Up

Please read and follow the instructions in this topic and then create a new topic in our malware removal area by clicking here and one of our malware removal specialists will assist you in checking and clearing the system of any remaining threats.

 

I made a new thread https://forums.malwarebytes.com/topic/255368-constant-website-blocking-cont/ 

Thanks for the help Dashke and Porthos, I greatly appreciate it.

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, Washed_Up said:

Porthos, I greatly appreciate it.

Quote

CHR Notifications: Default -> hxxps://steamcommunity.com; hxxps://www.gamesradar.com; hxxps://www1.sherwoodsutton.pro

Did see the site you were getting blocks from in your Chrome notifications.

It sounds like you have a site abusing the push notifications feature in your browser (most likely Chrome or some other browser based on Chromium I'm guessing).  You can learn more about this at the links below:

https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-push-notifications-as-an-attack-vector/
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

The instructions at the bottom of the second link above should help you to get rid of them,

 

@Dashke is hxxps://www1.sherwoodsutton.pro  A FP?

https://www.virustotal.com/gui/url/d03fd166ae91f04083fce189c1f4bbb73cc1f8335648e29809b15ef75f0fc7ea/detection

 

 

Edited by Porthos

Share this post


Link to post
Share on other sites

@Porthos I read through the two articles you recommended and I found "hxxps://www1.sherwoodsutton.pro" in my notifications settings on Chrome.

I blocked and removed it so I hope this solves our mystery.

I don't want to sound like a broken record but I do appreciate all your help .Let me know if this closes the case of if there is anything else I need to do.

On another note I have not gotten any notifications from Malwarebytes blocking any websites since the night I made this form. I will keep you posted if this changes but I think we are in the clear.

Thanks again! - Washed Up

Screenshot (29).png

Share this post


Link to post
Share on other sites
1 minute ago, Washed_Up said:

I blocked and removed it so I hope this solves our mystery.

Was that screenshot taken before or after you removed it?

Share this post


Link to post
Share on other sites

The screenshot was taken before I removed it. I did realize it would be misleading but could not figure out how to edit my post lol.

Here is a screenshot I just took. 

Screenshot (30).png

Share this post


Link to post
Share on other sites
4 minutes ago, Washed_Up said:

Here is a screenshot I just took. 

You will probably be OK now but, Follow thru with your malware removal thread to be sure.

Have a good year.

Share this post


Link to post
Share on other sites
On 1/5/2020 at 4:09 AM, Porthos said:

Did see the site you were getting blocks from in your Chrome notifications.

It sounds like you have a site abusing the push notifications feature in your browser (most likely Chrome or some other browser based on Chromium I'm guessing).  You can learn more about this at the links below:

https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-push-notifications-as-an-attack-vector/
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

The instructions at the bottom of the second link above should help you to get rid of them,

 

@Dashke is hxxps://www1.sherwoodsutton.pro  A FP?

https://www.virustotal.com/gui/url/d03fd166ae91f04083fce189c1f4bbb73cc1f8335648e29809b15ef75f0fc7ea/detection

 

 

This is not a fp.

Thanks a lot Porthos for your help! :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.