TheChris76 Posted August 8, 2020 ID:1399808 Share Posted August 8, 2020 Hello Since few days each time I launch Chrome browser, malwarebytes shows me this : Malwarebytes www.malwarebytes.com -Détails du journal- Date de l'événement de protection: 08/08/2020 Heure de l'événement de protection: 14:56 Fichier journal: 9c5a44f6-d976-11ea-a8a5-4ccc6abd0add.json -Informations du logiciel- Version: 4.1.2.73 Version de composants: 1.0.1003 Version de pack de mise à jour: 1.0.28153 Licence: Premium -Informations système- Système d'exploitation: Windows 10 (Build 18362.959) Processeur: x64 Système de fichiers: NTFS Utilisateur: System -Détails du site Web bloqué- Site Web malveillant: 1 , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Bloqué, -1, -1, 0.0.0, , -Données du site Web- Catégorie: Cheval de Troie Domaine: nc-ass-vip.sdv.fr Adresse IP: 212.95.74.75 Port: 80 Type: En sortie Fichier: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) Can you help me please ? Thanks you malwarebytes.txt Link to post Share on other sites More sharing options...
Staff Malwarebytes Posted August 8, 2020 Staff ID:1399809 Share Posted August 8, 2020 ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes for Windows Help forum. If you are having technical issues with our Windows product, please do the following: Malwarebytes Support Tool - Advanced Options This feature is designed for the following reasons: For use when you are on the forums and need to provide logs for assistance For use when you don't need or want to create a ticket with Malwarebytes For use when you want to perform local troubleshooting on your own How to use the Advanced Options: Spoiler Download Malwarebytes Support Tool Double-click mb-support-X.X.X.XXXX.exe to run the program You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next Navigate to the Advanced tab The Advanced menu page contains four categories: Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand. Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot. Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent. Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program. To provide logs for review click the Gather Logs button Upon completion, click OK A file named mbst-grab-results.zip will be saved to your Desktop Please attach the file in your next reply. To uninstall all Malwarebytes Products, click the Clean button. Click the Yes button to proceed. Save all your work and click OK when you are ready to reboot. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows. Select Yes to install Malwarebytes. Malwarebytes for Windows will open once the installation completes successfully. Screenshots: Spoiler Spoiler If you are having licensing issues, please do the following: Spoiler For any of these issues: Renewals Refunds (including double billing) Cancellations Update Billing Info Multiple Transactions Consumer Purchases Transaction Receipt Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help If you need help looking up your license details, please head here: Find my premium license key Thanks in advance for your patience. -The Malwarebytes Forum Team Link to post Share on other sites More sharing options...
TheChris76 Posted August 8, 2020 Author ID:1399811 Share Posted August 8, 2020 Thanks you mbst-grab-results.zip Link to post Share on other sites More sharing options...
exile360 Posted August 8, 2020 ID:1399857 Share Posted August 8, 2020 Greetings, I'm sorry you're having trouble, but we'll do our best to help. To begin, please follow the instructions in this topic then create a new topic in our malware removal area by clicking here and a malware removal specialist will guide you in checking and cleaning your system of any threats. I hope that the issue is resolved quickly, and if there is anything else we might help with please let us know. Thanks Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 9, 2020 ID:1400043 Share Posted August 9, 2020 The "block" message does indicate that the malwarebytes real-time web protection is keeping your machine safe from harm. The display of the message should not be assumed to mean that there is a actual infection. Any attempt to connect to nc-ass-vip.sdv.fr was stopped. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 9, 2020 ID:1400054 Share Posted August 9, 2020 @TheChris76 I do not see that you have any other post other than this thread. Tell me, from which launch point do you start the Chrome browser ? It may help to know that. Is it from some shortcut link on the taskbar ? from a shortcut link on the Desktop ? or else what do you use to start Chrome ? Link to post Share on other sites More sharing options...
TheChris76 Posted August 9, 2020 Author ID:1400058 Share Posted August 9, 2020 Hello @Maurice Naggar I did not found the time to create a new post at the moment. I was launching Chrome from the taskbar or the shortcut link on the desktop. I saw the shortcut was modified, a line was added in the "target", I removed it. I did a Adwcleaner I uninstalled Chrome browser using revo. I uninstalled Brave browser too. Each time I install and launch chrome, Malwarebyte premium shows me the alert. -Données du site Web- Catégorie: Cheval de Troie Domaine: nc-ass-vip.sdv.fr Adresse IP: 212.95.74.75 Port: 80 Type: En sortie Fichier: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe So I should create a new post ? Excuse my english , it is not my native language. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 9, 2020 ID:1400063 Share Posted August 9, 2020 Hello @TheChris76 I have moved your posts about the Block issue to the sub-forum for malware-removal help. I will work with you one on one. Just do not make any more changes on your own. Kindly wait for my reply. If you need a translation online ( when I send you a reply) you can use Google translate https://translate.google.com Allow me a few minutes. Link to post Share on other sites More sharing options...
TheChris76 Posted August 9, 2020 Author ID:1400070 Share Posted August 9, 2020 I don't know if I have to answer you, I just want to say that I am here, thanks you for moving my post Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted August 9, 2020 Solution ID:1400077 Share Posted August 9, 2020 Hello @TheChris76 This topic is only for you. Any advice or suggestions or custom fixes are not intended for anyone else. My name is Maurice. I will be helping and guiding you, going forward on this case. Let me know what first name you prefer to go by. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. There are 2 suspicious shortcut links for Chrome. One is on the Desktop. The other is under c:\users\<user>\appdata Also, the Search preference for Chrome seems to be live (dot) kuaishou (dot) com They will be removed because they have unprintable / unrecognized characters in their names + in addition, they refer to chrome-proxy/ You will be able to start Chrome from the Windows menu. It is not the case that this machine has an infection. It is just one specific site that is being stopped. . Set the Windows 10 to show all hidden folders. Use the Option Two as in this article at Tenforums https://www.tenforums.com/tutorials/9168-show-hidden-files-folders-drives-windows-10-a.html . It seems to me that you have saved the tool named FRST64 on the folder on drive J J:\04 logiciels\adwcleaner 07-08-2020 That is important information to remember. The system will be rebooted after the script has run. . This custom script is for TheChris76 only / for this machine only. Close and save any open work files before starting this procedure. This will do a Windows Restart. I am sending a custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair. Please RIGHT-click the (attached file named) FIXLIST and select SAVE link AS and save it directly ( as is) to the J:\04 logiciels\adwcleaner 07-08-2020 folder The tool named FRST64 .exe tool is already on that folder Start the Windows Explorer and then, to the that folder. RIGHT click on FRST64 and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Fixlist.txt Link to post Share on other sites More sharing options...
TheChris76 Posted August 9, 2020 Author ID:1400085 Share Posted August 9, 2020 Thanks you for your help @Maurice Naggar I will attach the FIXLOG here. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 9, 2020 ID:1400088 Share Posted August 9, 2020 Bravo. Good run. Please do a new Scan on this machine, using Malwarebytes for Windows. To run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button. Have patience during the run. When the scan phase is done ( if anything is found ), be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. Then click on Quarantine selected. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 also, Let me know the situation about the original situation with Chrome. Sincerely. Link to post Share on other sites More sharing options...
TheChris76 Posted August 9, 2020 Author ID:1400091 Share Posted August 9, 2020 Sir @Maurice Naggar thanks you. I did the scan and all is ok, and I can use chrome without any problems. Thanks you for your time and your help, it is amazing ! Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 9, 2020 ID:1400097 Share Posted August 9, 2020 You are very welcome. I am glad to have helped you. 😎 🙂 I am marking the case for closure. First, a few cleanups. To remove the FRST64 tool & its work files, do this. Go to your J:\04 logiciels\adwcleaner 07-08-2020 folder folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete mbst-grab-results.zip on the desktop Any other download file I had you save, you may delete. . Backup is your best friend. Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/ It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use. Best practices & malware prevention: Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources. First rule of internet safety: slow down & think before you "click". Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos). Free games & free programs are like "candy". We do not accept them from "strangers". Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing. Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program. Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next". Use a Standard user account rather than an administrator-rights account when "surfing" the web. See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html Don't remove ( or change ) your current login. Just use the new Standard-user-level one for everyday use while on the internet. Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. For other added tips, read "10 easy ways to prevent malware infection" Stay safe. I wish you all the best. 😎 Sincerely, Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 9, 2020 ID:1400098 Share Posted August 9, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts