FOR "egray"

[egray]

Sorry, is there a reason why my last comment was removed? 

I can't see the instructions offered to this post. Is there a reason for why I don't have permission?

Is it the chrome sync reset I've seen elsewhere?

Thank you

[Maurice Naggar]

Hello @egray 

In the Windows malware removal help section, help is done One to One.  It is not a group participation.  It is one customer per one topic / thread.

This one here is for you.  I have moved your last post here.  I can guide & help you if you would fill me in with what is going on on your Windows system.

Sincerely,

Maurice

[Maurice Naggar]

By the way, if you have a issue with Chrome browser, you may start with this tip.

Use Chrome  to go to https://www.google.com/settings/chrome/sync

 and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".
for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"
Check mark the line "Download history"
Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )
 
After that, make real sure that Chrome is "NOT" set to reload the pages from the last session
Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar
Then look deeper in SETTINGS
 

 
Make real sure it is "NOT" set to "continue where you left off"
.

Please only just attach   all report files, etc  that I ask for as we go along.

I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.5.4.760.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.
Thank you,
Sincerely.

 

 

Edited April 14, 2020 by Maurice Naggar

[egray]

I've been trying to use the support tool but its been stuck on the "Run FRST" stage for 4 hours now. Should it be taking this long? The loading animation is going, so it hasn't frozen or anything.

[egray]

I've tried twice now, both times get stuck spinning on run FRST.

[Maurice Naggar]

I regret that there were issues running the Malwarebytes Support tool.  If it is still on screen, you can End the program.

 

Could you see about doing this one-time run with the Malwarebytes Adwcleaner.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.
Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.
Adwcleaner  detects factory Preinstalled applications too! 

Please download  Malwarebytes AdwCleaner  

https://downloads.malwarebytes.com/file/adwcleaner

 
Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.
At the prompt for license agreement, review and then click on I agree.

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).
Then click on Dashboard button.
Click the blue button "Scan Now".

allow it a few minutes to finish the Scan.   Let it remove what it finds.
NOTE:  When it comes to the section "
Pre-installed applications

You can skip that.
Please find and send the Adwcleaner "C" clean report.
In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".
Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

 

[    2    ]

Get & install the Malwarebytes Browser Guard extension for Chrome, 
  
Open this link in your Chrome   browser: 
https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

  
Then proceed with the setup. 

Thanks.  Keep me advised.

[egray]

Hi Maurice, 

Tanks for you reply. Here is my log.AdwCleaner[C00].txt

I still find this trojan trying to open pages as I browse.

[Maurice Naggar]

Would you kindly be sure to provide fuller details.  Is "that" not a message-window about a Block event ?

Malwarebytes'  web protection will always display a courtesy notice when it does a block.

Please get for me the last "BLOCK"   report from the Malwarebytes history logs.   Use this support article  to look thru very recent history for today

https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

ALSO be very sure to always tell me, which Web Browser did you last use today ?   Chrome ?  or what else.

[egray]

lastscan.txt Here is the report from the last scan.There were no scan detections. When I choose the "detection history" card (as opposed to the "scanner" card) I find a long list of blocked sites - almost all of which are to a "friteem.com". Unfortunately I can't find a way of consolidating this detection history into a report.

[Maurice Naggar]

Thanks for the report from the scan.  However, it is not what I am needing.

When you have started Malwarebytes

Look for the "bell" icon  at the top bar.   Click it.

I / we need to find the latest one that is marked, like, "potential threat blocked"   & click it

Next click on the tab marked "Advanced"

Then look at lower left for the blue "Export"   & pick  "export to text"   and use a significant name & save it to where you can find it again   ( like Desktop )

Then when done, attach that report-file please.

.

I very much would like for you to try again to run the Malwarebytes Support tool so that we can get from this machine a full & complete report set.

I would suggest that you first Close all web browsers and any other opened window for other programs you opened before.

like mentioned at the bottom of this older reply from me    https://forums.malwarebytes.com/topic/258528-for-egray/?do=findComment&comment=1373153

 

 

[egray]

Thanks for being so patient Maurice. 
Here's the report for the most recent blocked site friteemreport.txt

Now I'll close these windows and try the support tool again.

Best

Ezra

[Maurice Naggar]

The block event is all about "  friteem.com  "   when Chrome is in use.

The block notice is a way that the program's web protection is letting you know that it STOPPED  any potential harm.   period.

the block is about stuff that is EXTERNAL.

It is not about anything on-board.

 

For Your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".

The website  Block message indicates that a potential risk was blocked by the malicious website protection. 
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
 
See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true
 
Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.
On Outbound blocks, any attempted connection was stopped.
 
No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).
 A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, SKYPE or Peer-to-peer software, to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert.
 

[Maurice Naggar]

Hello.   Checking up here.  How is it going ?

[Maurice Naggar]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks