Jump to content

website blocked for riskware www.ojrq.net


BillH99999
 Share

Recommended Posts

I use Thunderbird as my mail client.  Starting today I've been getting a popup saying that an outgoing connection to www.ojrq.net is being blocked when I open various emails.  They are emails from legitimate companies such as Marriott, Alaska Airlines, and others.  I did a scan with Malwarebytes and with Adwcleaner and nothing is found.

Any idea what might be causing this?  Is www.ojrq.net really a site that needs to be blocked and why did it just start getting blocked today?

Thanks,

Bill

 

image.png.b7f88cba2065023bb85d690249ae7649.png

 

image1.jpg

 

image.png.923a318bc2b366d54e0f83c5e971df93.png

Edited by BillH99999
Link to post
Share on other sites

My team has clients running MWB on an RDS and we got the same notification for ojrq.net. We weren't sure so we ran scans as clean per user, running Full Scan on RDS. Blocked the IP of that site inbound/outbound on our Firewall. 

Also, this one just came up as well. Can your team let us know if this issue is related?

Are these false positives or are these threats supposed to be blocked silently without notification? Please advise.

image.jpeg.2b02b00921d7ecde7a4c6e464e067e9e.jpeg

Link to post
Share on other sites

1 hour ago, jerry6665 said:

What was decided about ojrc?

That it should not be blocked in Malwarebytes Premium any longer but it is an ad server that would be blocked in Browser Guard.

On 12/8/2020 at 2:09 PM, thisisu said:

Hello,

This should only be blocked by BrowserGuard for ad server redirects. The unblock for MB3/MB4 is in progress and will be resolved shortly with a database update. Sorry for the inconvenience.

 

  • Thanks 1
Link to post
Share on other sites

  • Staff
On 12/8/2020 at 3:50 PM, TJLR said:

My team has clients running MWB on an RDS and we got the same notification for ojrq.net. We weren't sure so we ran scans as clean per user, running Full Scan on RDS. Blocked the IP of that site inbound/outbound on our Firewall. 

Also, this one just came up as well. Can your team let us know if this issue is related?

Are these false positives or are these threats supposed to be blocked silently without notification? Please advise.

image.jpeg.2b02b00921d7ecde7a4c6e464e067e9e.jpeg

Hello,

This one is a valid block, not related to the one mentioned in the OP. Low detection ( https://www.virustotal.com/gui/domain/spottoplunch4.live/detection ) but also rather new. ~2 days old

Link to post
Share on other sites

  • 2 weeks later...

Malwarebytes version: 4.6.12

MacOS Catalina version: 10.15.7

Thunderbird version: not sure because now I cannot open it, but I installed an update (I assume the latest version) a few days ago.

I installed Malwarebytes for Mac yesterday (December 17th). Did an initial Malwarebytes scan, which detected and quarantined "Adware.IronCore". See attached file.Screen Shot 2020-12-19 at 8.45.23 AM.pdf

The time I used Thunderbird, I got a popup about 2 or 3 quarantined files in a pop-up. I did not screenshot it. I was able to continue on to Thunderbird. The next time I tried to open Thunderbird, I got a pop-up with the Finder icon that said "The application "Thunderbird.app" can't be opened (see attached file). Screen Shot 2020-12-19 at 8.34.45 AM.pdf

Is this the same issue as this thread? If not, is a new thread required and/or the opening of a support ticket?

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.