Jump to content

Recommended Posts

Apparently there's either an integral part of my browser or an addon that keeps setting off Malwarebytes whenever I open or refresh a tab. The specific message I keep getting is "Website blocked due to Trojan" and the domain it is blocking is listed as "goldapps.org".

Having followed the advice on the "I'm infected — What do I do?" post I downloaded the Farbar Recovery Scan Tool and performed a scan, which I have attached below.

 

Thank You for your time.

FRST.txt Addition.txt

Share this post


Link to post
Share on other sites

Hi,     :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.

 

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.
Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.
Adwcleaner  detects factory Preinstalled applications too! 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 
Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.
At the prompt for license agreement, review and then click on I agree.

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).
Then click on Dashboard button.
Click the blue button "Scan Now".

allow it a few minutes to finish the Scan.   Let it remove what it finds.
NOTE:  When it comes to the section "
Pre-installed applications

You can skip that.
Please find and send the Adwcleaner "C" clean report.
In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".
Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs
Thanks.  Keep me advised.
 

Share this post


Link to post
Share on other sites

Thanks for your swift reply, Maurice.

Any contraction of my username is fine for the purpose of this interaction.

Before I install Adwcleaner I'd like to re-emphasise that I am not using Chrome, but Firefox, just in case the difference matters for further steps.

Share this post


Link to post
Share on other sites

Thanks for the information.  The Adwcleaner is for any Windows pc.  It is a tool to do deep checks for adwares.

Adwcleaner is just run on demand.  It does not "install".

You sent me the S    report   ( that is from the Scan phase).   Did you do the CLEAN  part ?

I would like to see the C  report.

.

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now

It will start a download of "esetonlinescanner_enu.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.
Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.

There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.

Share this post


Link to post
Share on other sites

Maurice,

the Adwareclean program does not appear to have an obvious option to perform the "clean" action, however it does offer to let me "quarantine" the files it found if that is what you were referring to.

Spoiler

image.png.f6554d776cbc5e96eaa745928690da4a.png

Above is a screenshot of the options.

 

And why do I need to download "esetonlinescanner_enu.exe" if the scan from AdwCleaner is accurate?

Share this post


Link to post
Share on other sites

Yes, I wanted the Quarantine to be done in Adwcleaner.

 

I suggest highly the ESET online scan to get a additional independent check of this machine.   Recommended.

Share this post


Link to post
Share on other sites

Maurice,

Unfortunately I had already started the "esetonlinescanner_enu.exe" scan when I received your reply about quarantining the files so I'll have to restart that, but I've attached the quarantine log.

AdwCleaner[C00].txt

Share this post


Link to post
Share on other sites

OK.  Got it.  Thanks.  I had not intended for any interruption.

Share this post


Link to post
Share on other sites

That scan found & removed 1 EXE  file that it classified as potentially unwanted application

The other 4 items were already in a Quarantine area.

 

Question:   Is Firefox browser doing normal today ?   Are there today any new block notices about "goldapps.org" ?

 

Let us go ahead and apply these measures to harden the security on your web browser programs.

 

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/
  
You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. 
Scroll down to the tips section "How do I disable them". 

[    2    ]

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome. 
To get & install the Malwarebytes Browser Guard extension for Chrome, 
  
Open this link in your Chrome   browser: 
https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee 
  
Then proceed with the setup. 
 
.

[   3   ]
Get & install the Malwarebytes Browser Guard  Firefox extension
Open this link in your Firefox browser:    
https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

 

Then proceed with the setup. 
That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.
.

 

Share this post


Link to post
Share on other sites

Firefox has been functioning as usual, it's just that Malwarebytes has been giving me notifications every time it opens or refreshes a tab.

Disabling push ads had no effect, but "Malwarebytes Browser Guard Firefox extension" has at least stopped Malwarebytes from directly pinging me. According to the extension it's categorized as "Ads/Trackers" (note: since I started writing the number blocked rose from 2 to 12 and 1 appeared in the "Malware" category too).

Share this post


Link to post
Share on other sites

To clarify: the number blocked rose without me opening or refreshing any new tabs, which is a change from earlier.

Share this post


Link to post
Share on other sites

Firefox has a safe mode.  It is also known as "incognito mode".  That is a barebones minimal browser start so that you can do some checking.   And then later on, check each one of the extensions that are on Firefox.

  1. Click on menu (3 horizontal lines at top right corner of the browser). Click on New Private Window to open incognito window.
  2. You can also use shortcut Ctrl+Shift+P.
 
The following are a pair of checkup tools to scan your system by other means.
The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system. 
The download links & the how-to-run-the tool are at this link at Microsoft 
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
  
Let me know the result of this.
The log is named MSERT.log  
the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is
C:\Windows\debug\msert.log
Please attach that log with your reply.
 
[    2    ]

TrendMicro HouseCall scan
https://www.trendmicro.com/en_us/forHome/products/housecall.html

First, Download & Save to your Downloads folder the appropriate HouseCallLauncher

Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.
The program will check with TrendMicro & do a update run.

Next it will show the Disclosure window.
Click Next to proceed.

The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.

IF you wish a Full scan or a Custom scan, first click on the Settings
then you can select which drives you want to include in the scan.
The default is a Quick scan.
Click Scan now when ready.

The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.

When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.
If you see an item that you know is safe, you can click the Action  , and select Ignore.
When all done & ready, click the Fix now button.

Share this post


Link to post
Share on other sites

I apologise for not responding yet, I've been busy with work but will implement your most recent suggestions at the earliest convenience

Share this post


Link to post
Share on other sites

OK.   I will look forward to hearing from you.

Share this post


Link to post
Share on other sites

Hello.   How is it going ?   Are you still with us ?

Share this post


Link to post
Share on other sites

Sorry about the long wait. Still here, just bogged down with coursework as exam period starts for the year.

Share this post


Link to post
Share on other sites

I hope you are doing well   and enjoying the weekend.

Maybe you could kick off one or the 2  checks over night or on the weekend that I had suggested way back when

https://forums.malwarebytes.com/topic/259201-got-a-ping-from-firefox/?do=findComment&comment=1378113

 

Share this post


Link to post
Share on other sites

It is very good to know that Housecall scan is clean.

The MS Safety Scanner is all good.

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Mon May 25 18:43:41 2020
.

Is Firefox browser doing normal ?   Is there something else you need help with ?

Share this post


Link to post
Share on other sites

While the pugin is still getting pings constantly it's caused no interruption and is more of a curiosity than anything

Share this post


Link to post
Share on other sites

Not clear what you mean by "pings".

If you mean either of the Malwarebytes Browser guards,   and they are working in the background,  then they are doing their work  and are stopping any potential harm.

Now,  if the pc is free of malware,  as I think it should be,  we should be planning to wrap this up.

.

To remove the FRST64 tool & its work files, do this.  Go to your Downloads folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

.

You should delete msert.exe

Delete the ESET download  file  esetonlinescanner_enu.exe

Adwcleaner you may keep and run on-demand as needed to check for adwares.

.

The first best practice of computer safety is to have backups of the system.  Make regular periodic backups to offline removable media. 

Backup is your best friend. 

 

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use. 

 

Best  practices & malware prevention: 
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources. 
First rule of internet safety: slow down & think before you "click". 

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos). 

 
Free games & free programs are like "candy". We do not accept them from "strangers". 

 
Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing. 
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program. 
 
 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. 
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next". 
 
Use a Standard user account rather than an administrator-rights account when "surfing" the web. 
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html 
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet. 
 
 
Do a Windows Update. 
 
Make certain that Automatic Updates is enabled. 
https://support.microsoft.com/en-us/help/12373/windows-update-faq 

 
 
 
Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. 
 
For other added tips, read "10 easy ways to prevent malware infection" 

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.