Jump to content

Constant web traffic blocking to craft.ooguy.com


Go to solution Solved by nasdaq,

Recommended Posts

After recently reinstalling the .NET 4.0 Runtime, it seems to be reaching out to this phishing site once every ~30 seconds. I noticed this thread about the same site: https://forums.malwarebytes.com/topic/265325-constant-rtp-phishing-attempts-please-help/ but its solution was never posted publicly.

Any help is greatly appreciated!

image.png.9a0c2e09be92b98f930f443b43222f9b.png

  

image.png

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please Attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the logs for my review.

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====

p.s.
Please let me know if your Default Browse is synced with other devices.

Link to post
Share on other sites

Hi nasdaq, thanks for replying!

 

Here are the files you asked for. The constant blocks have stopped for right now, but I suspect they'll start again, based on what the user in the other thread was experiencing, and since I didn't try to make any fixes yet.

My default browser syncs with other devices, but I haven't used that browser on the other devices in months.

Addition.txt FRST.txt

Link to post
Share on other sites
  • Solution


Hi,

Remove this program in bold using the Control Panel > Programs > Programs and Features...
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
The program is not signed and may be compromised.
If you need it I suggest you get it from the Owner's site.
https://www.cpuid.com/
<<<>>>

Remove this program in bold using the Control Panel > Programs > Programs and Features...
IDM Crack 6.29 build 1 (HKLM-x32\...\IDM Crack 6.29 build 1) (Version: 6.29 build 1 - Crackingpatching.com Team)
Can only lead to problems.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Is the problem solved?
 

fixlist.txt

Link to post
Share on other sites
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.