Jump to content

Malwarebytes Premium can't detect my adware


Recommended Posts

  • Root Admin

Hello @RyanEb and :welcome:
Ads are not something antivirus applications are designed to block. We do have a product called   Malwarebytes Browser Guard that is designed to help with those type of items.

Please follow the directions from the following topic and let me know if that corrects the issue or not.

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Thanks

 

Link to post
Share on other sites

@AdvancedSetup  Thank you for the quick reply.   I want to confirm what I called Adware is the correct description.  When I opened Chrome browser a 2nd browser window opened automatically with the same website for marijuana products.  There were no other visible ads popping up anywhere.    Should malwarebytes blocked such an event from happening?  If not should a full custom scan with malwarebytes find whatever malware caused this extra browser window to open?

I did take your advice and completed the tasks described in the linked article on the affected pc and android and will run procedure on 2rd pc and see if this nuisance returns. 

Link to post
Share on other sites

  • Root Admin

Okay, let's go ahead and scan your system further and see what's going on @RyanEb

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

@AdvancedSetup   Thank you for the assistance.  

I completed Chrome syncing steps on affected win10 computer and unaffected win10 computer and android.  For extra measure on the affected computer cleared all browsing data.  Malwarebytes paid premium 4.0 was run on both pc's and nothing malicious was detected.  

I turned sync on for all devices and the extra chrome browser window no longer opens on the affected computer to the marijuana website.   I ran Malwarebytes threat scan on affected pc and nothing malicious was found.

Ran adwcleaner and nothing found but some preinstalled Lenovo software that I do not want to remove. 

Ran FRST, and Avast Behavior shield flagged the .exe and quarantined it.  This was the same .exe I ran yesterday without issue and attached previous .txt file. I attached screenshot from avast.  I emptied quarantine and downloaded frst.exe again and this time Windows smartscreen wouldn't let me run it.  I attached smartscreen screenshot.  I'm not too excited to download or run that .exe again so I wont for now. 

Given the extra chrome browser window doesnt pop up any longer and neither malwarebytes or adwcleaner find anything wrong is it pretty safe to assume problem resolved?  If so I think Ill take advice to use malwarebytes browser guard and also from another thread I was reading to use Firefox instead.  What are your thoughts?
 

adwcleaner results.jpg

Avast flagged FRST.jpg

smartscreen frst.jpg

AdwCleaner[S01].txt malwarebyteslog.txt

Link to post
Share on other sites

  • Root Admin

Notice that in Microsoft Edge you are allowing the following sites to alert you and display ANYTHING they choose to display on a popup style message on your computer.

Edge Notifications: Default -> hxxps://calendar.google.com; hxxps://messages.google.com; hxxps://www.facebook.com; hxxps://www.youtube.com

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

 

Good job here as long as you're using it: KeePass Password Safe 2.45  👍

 

Your Event Logs are showing issues with some of your built-in Lenovo software. It might have been due to our scanning or something like that. Do a couple reboots and see if any new errors crop up. If they do then you'd need to investigate and see if you can correct.

You also had an unexpected system restart

Error: (05/13/2020 08:18:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:09:14 PM on ‎5/‎13/‎2020 was unexpected.

 

Other than that how are things working now?

 

Link to post
Share on other sites

@AdvancedSetup  It appears things are back to normal since and the popup chrome browser window is no longer occurring.   I'd say the first steps of stopping Chrome sync and clearing all browsing data fixed the issue.  Going forward I'll have malwarebytes browser guard installed in Chrome to hopefully block these types of popups and will likely install Firefox after reading its a suggested browser over Chrome in a pinned forum topic.  As a bonus I also have adwcleaner installed in case something bad still comes through.  I also followed your pinned post about setting malwarebytes file/folder exclusions in Avast.   Oh yes! I use Keypass with a 25 character master password. :) 

Thanks again for helping me resolve the issue and educQWating me.   

Link to post
Share on other sites

  • Root Admin

Great, sounds good. Yes, if you read the pinned article I think you're referencing (the automated closing speech will link to it as well) you'll see that it is recommended to stop using Google Chrome, but that's up to you.  There is also a link about key transformation for Keepass (I have a 36 character master and it takes about 4 seconds to open/save my database on a high-end computer) LOL

Anyways, bookmark the link and read, review as you have time. No rush to read it all at once but view some of the video links as well. It will help you learn more about how to protect your data and privacy in a world where it becomes harder by the day to protect both. Don't forget data backups as well, also mentioned in the article.

Take care and stay safe out there and have a great week. I'll go ahead and close your topic soon.

Cheers

 

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.