Jump to content

cilkonlay.com Website blocked due to Trojan


Recommended Posts

I am getting the same popup but only on my Google Chrome browser.  It isn't happening on Edge.  It started this afternoon.

Message is:  Website blocked due to Trojan

Clickjoy,com

172.64.XXXX

Outbound

C://Program files (86)Google\Chrome  etc.

I ran a threat scan and it came back clean.  

Link to post
Share on other sites

I just conducted an informal experiment on Google Chrome.  When I quit Fox News the notices go away; as soon as I bring Fox News back up, they start again.  Anyone care to try to confirm this?  Thanks in advance...

Link to post
Share on other sites
5 minutes ago, blade7658 said:

I also just started having this pop-up every 30 seconds or so. Attached is file you asked to attach.  The Malwarebytes scan was negative, and will now work on AdwCleaner and Farbar. Figured I would chime in with an interim report.

cilkonlay-Trojan.txt 759 B · 0 downloads

AdwCleaner result:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-19-2020
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  20
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted       HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\services\windowsmanagementservice
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted       HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Public\Downloads\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Scott\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Scott\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\shari\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4152 octets] - [19/10/2020 18:27:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Link to post
Share on other sites
5 minutes ago, blade7658 said:

AdwCleaner result:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-19-2020
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  20
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted       HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\services\windowsmanagementservice
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted       HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Public\Downloads\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Scott\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Scott\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\shari\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4152 octets] - [19/10/2020 18:27:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

And the FRST files

FRST.txt Addition.txt

Link to post
Share on other sites

UPDATE 2:  STILL not getting any more popups!  Weird...but I'll let folks know IF they return.  Try shutting down/restarting Fox News a couple of times and see if you encounter the same disappearance of the popups as I did.  GOOD LUCK!

Link to post
Share on other sites

This is pretty strange.  I ran adwcleaner and I am not longer getting the popups that were only on Fox News.  My report was clean on adwcleaner.  Let's just chalk it up to it being 2020 and be done, right?

Thanks for the help!  Have a great day!

Link to post
Share on other sites
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.