Jump to content
Gokussj

Websites detected as trojan - Opera

Recommended Posts

Hello Gokussj and welcome to Malwarebytes,

Try the following and see if the issue with Opera is removed...

Open the  Opera menu by clicking the O in the upper left-hand corner.

Click on Settings > Click on Advanced > then select Privacy & security > Under Content settings select Notifications.

Do you see a list of allowed notifications, if so select "Reset All"

Does that help....

Kevin

Share this post


Link to post
Share on other sites
3 hours ago, kevinf80 said:

Under Content settings

I didn't find this on settings

Share this post


Link to post
Share on other sites

Apologies is "Site Settings" after "Privacy & security"  have never used Opera for a long time so maybe changes were made. after you go on to Notifications you may have to delete or block one at a time...

Share this post


Link to post
Share on other sites
22 minutes ago, kevinf80 said:

Has that helped at all..?

No, these notifications still show up. I'm sorry but isn't it a sign of infection or something else? 

Share this post


Link to post
Share on other sites

Hiya Gokussj,

Not always infection, sometimes extensions make calls home via notification settings...

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

or,

https://downloads.malwarebytes.com/file/mb4_offline

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Export to Txt" then attach the log to your reply...


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites
19 hours ago, kevinf80 said:

Not always infection, sometimes extensions make calls home via notification settings...

But i'm not trying to access these websites. I don't even know if they exist
That's why i asked

Adware cleaner found an app that i use (i installed it myself) and some pre-installed asus stuff. I didn't remove these because i didn't know if it's safe to do so

MB detected nothing

 

Adware cleaner

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-05-19.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-24-2020
# Duration: 00:01:02
# OS:       Windows 8.1 Single Language
# Scanned:  31863
# Detected: 41


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.FreeMakeConverter  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.FreeMakeConverter  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.ASUSLiveUpdate   Folder   C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE 
Preinstalled.ASUSLiveUpdate   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61F38529-6932-4346-8DC3-FA1543D42F62} 
Preinstalled.ASUSLiveUpdate   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61F38529-6932-4346-8DC3-FA1543D42F62} 
Preinstalled.ASUSLiveUpdate   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D095A0EE-672B-4989-AAD4-D9E33FDCBB4F} 
Preinstalled.ASUSLiveUpdate   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update1 
Preinstalled.ASUSLiveUpdate   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker 
Preinstalled.ASUSLiveUpdate   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4} 
Preinstalled.ASUSLiveUpdate   Task   C:\Windows\System32\Tasks\ASUS LIVE UPDATE1 
Preinstalled.ASUSLiveUpdate   Task   C:\Windows\System32\Tasks\UPDATE CHECKER 
Preinstalled.ASUSProductRegistration   Folder   C:\Program Files (x86)\ASUS\APRP 
Preinstalled.ASUSProductRegistration   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ASUSPRP 
Preinstalled.ASUSProductRegistration   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ASUSPRP 
Preinstalled.ASUSScreenSaver   Folder   C:\Program Files (x86)\ASUS\ASUS SCREEN SAVER 
Preinstalled.ASUSScreenSaver   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2} 
Preinstalled.ASUSSmartGesture   Folder   C:\Program Files (x86)\ASUS\ASUS SMART GESTURE 
Preinstalled.ASUSSmartGesture   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CA2F08E-B6BC-4F74-B5DC-5C6C2721EACE} 
Preinstalled.ASUSSmartGesture   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Smart Gesture Launcher 
Preinstalled.ASUSSmartGesture   Registry   HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1} 
Preinstalled.ASUSSmartGesture   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D} 
Preinstalled.ASUSSmartGesture   Task   C:\Windows\System32\Tasks\ASUS SMART GESTURE LAUNCHER 
Preinstalled.ASUSSplendid   Folder   C:\Program Files (x86)\ASUS\SPLENDID 
Preinstalled.ASUSSplendid   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BA359BA-9B71-4408-BEBC-A1E3E56AF246} 
Preinstalled.ASUSSplendid   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C325FFC8-485B-42C1-8EE6-9119ECACA908} 
Preinstalled.ASUSSplendid   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON 
Preinstalled.ASUSSplendid   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ColorU 
Preinstalled.ASUSSplendid   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D} 
Preinstalled.ASUSSplendid   Task   C:\Windows\System32\Tasks\ASUS SPLENDID ACMON 
Preinstalled.ASUSSplendid   Task   C:\Windows\System32\Tasks\ASUS SPLENDID COLORU 
Preinstalled.ASUSVibe   Folder   C:\Program Files (x86)\ASUS\ASUSVIBE 
Preinstalled.ASUSVibe   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSVIBE 
Preinstalled.ASUSVibe   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5E60084B-A440-4A51-8DB6-42F012EB8D70} 
Preinstalled.ASUSVibe   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E60084B-A440-4A51-8DB6-42F012EB8D70} 
Preinstalled.ASUSVibe   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AsusVibeSchedule 
Preinstalled.ASUSVibe   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Asus Vibe2.0 
Preinstalled.ASUSVibe   Task   C:\Windows\System32\Tasks\ASUSVIBESCHEDULE 
Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|WebStorage 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-asus-genres 


AdwCleaner[S00].txt - [6236 octets] - [15/04/2020 09:03:52]
AdwCleaner[C00].txt - [1644 octets] - [15/04/2020 09:10:22]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 

FRST.txt Addition.txt mbam log.txt

Share this post


Link to post
Share on other sites

I assume the blocks are still happening and are related to Opera...

One more scan please:

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

Thanks...

Share this post


Link to post
Share on other sites

Here's the log:

 

24/05/2020 20:00:23
Arquivos rastreados: 790195
Arquivos detectados: 14
Arquivos limpos: 14
Tempo total do rastreamento 05:20:17
Status do rastreamento: Concluído


C:\Users\Victor\AppData\Roaming\Fusion_ld\Fusion.dll    uma variante de Win32/FusionCore.AX Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.5_41712.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.5_41865.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.7_42330.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.8_42449.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.8_42576.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_42923.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_42973.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_43085.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_43295.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_43388.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.5.0_43580.exe    uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado    limpo por exclusão
 

Share this post


Link to post
Share on other sites
39 minutes ago, kevinf80 said:

Are the blocks still happening...

Didn't happen again after my last reply

Share this post


Link to post
Share on other sites
2 hours ago, kevinf80 said:

Use your PC for 24 hours, see what happens. If all still ok we can clean up...

Ok

Share this post


Link to post
Share on other sites

Got this one right now. I don't get why this keeps happening
I see that website that i don't even know, that ip address too...

The weird thing is that this happens everytime i open a bookmark

Sem título.jpg

Share this post


Link to post
Share on other sites

It seems to be down to Opera causing the problem. Continue:

Open Opera > select "O" from top lefthand corner > select "Bookmarks" > select "Export Bookmarks" save you bookmarks file to a place of your choice.

Next,

Open Opera > select "O" from top lefthand corner > select "Settings" > select "Advanced" > select "Browser" > scroll to bottom of page > select "restore settings to original defaults" > confirm the reset on the reset window.

Next,

Select this link: https://help.opera.com/en/account/

From that link select "I want to clear my synced data" follow those instructions to clear synced data from Opera servers, that will clear any chance of return of the browser hijack.

Next,

Open Opera > select "O" from top lefthand corner > select "Bookmarks" > select "Import Bookmarks" follow the prompts to import your bookmarks.

Does that help..?

Share this post


Link to post
Share on other sites

So i did almost everything. I saved my bookmarks and did this \/

7 hours ago, kevinf80 said:

Next,

Open Opera > select "O" from top lefthand corner > select "Settings" > select "Advanced" > select "Browser" > scroll to bottom of page > select "restore settings to original defaults" > confirm the reset on the reset window.

 

7 hours ago, kevinf80 said:

Next,

Select this link: https://help.opera.com/en/account/

From that link select "I want to clear my synced data" follow those instructions to clear synced data from Opera servers, that will clear any chance of return of the browser hijack.

I followed these instructions but there's no "Reset sync data button". So i had to skip this but i tried to do it on chrome because opera will never load that link. It just keeps loading forever. I also had to used chrome to write this reply because opera will not show up the field to write it. See my screenshot

Sem título.jpg

Share this post


Link to post
Share on other sites
1 hour ago, kevinf80 said:

use the folowing link to clear sync data from servers, you will have to sign in unless you are already signed in through the browser..

http://sync.opera.com/web/

I did but there isn't a "Reset sync data" button there

Opera Instantâneo_2020-05-26_143158_www.sync.opera.com.png

Share this post


Link to post
Share on other sites

There is no reset data button. When you open the the link you will be asked to sign in, unless you are already signed in to Opera browser. If you have any synced data saved you should be given the option to clear data. If you have not activated sync you should be told "you have no synced data stored...

Share this post


Link to post
Share on other sites
59 minutes ago, kevinf80 said:

There is no reset data button. When you open the the link you will be asked to sign in, unless you are already signed in to Opera browser. If you have any synced data saved you should be given the option to clear data. If you have not activated sync you should be told "you have no synced data stored...

They say there is. Anyway, there's nothing there that says clear data, reset data or whatever....

 

Opera Instantâneo_2020-05-26_161352_help.opera.com.png

Share this post


Link to post
Share on other sites
Ok, i`ve had to install Opera to find out how to remove synced data from Opera servers...

Go here: https://www.sync.opera.com/ when that link opens select "Reset Passphrase"

That will open a new window where you confirm "Reset Passphrase"

That action will remove all synced data from Opera servers......

Do not re-sync any data until the issue you have has definitely ceased....

Did that clear the servers..?
 
next,
 
If servers are cleared:
 

Open Opera > select "O" from top lefthand corner > select "Bookmarks" > select "Export Bookmarks" save you bookmarks file to a place of your choice.

Next,

Open Opera > select "O" from top lefthand corner > select "Settings" > select "Advanced" > select "Browser" > scroll to bottom of page > select "restore settings to original defaults" > confirm the reset on the reset window.

Next,

If Opera is now behaving correctly and the blocks have ceased you can import your bookmarks:

Open Opera > select "O" from top lefthand corner > select "Bookmarks" > select "Import Bookmarks" follow the prompts to import your bookmarks.

When you are sure Opera is behaving correctly you can resync data again...

Thank you,

Kevin

 

 

Sync.JPG

Sync1.JPG

Edited by kevinf80

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.