Jump to content

"Website Blocked due to Trojan/PUP/riskware (outbound connection)" re


Recommended Posts

Since February 7th I've been receiving notifications that several websites are being blocked during outbound connections using my Opera browser. I haven't previously visited these websites so I'm wondering if my computer has a virus or some other kind of malware.

Only thing I recall installing on that day is an update for AORUS ENGINE. Makes me wonder if it's a problem with Opera itself.

Regardless, I have scanned for threats with Malwarebytes and saved the report, ran AdwCleaner and saved the log, and after restarting the PC I ran Farbar Recovery Scan Tool. I have attached all the files to my post.

Thank you for your time, I appreciate your help.

AdwCleaner[C00].txt Addition.txt FRST.txt MalwarebytesReport.txt

Link to post
Share on other sites

  • Root Admin

Hello @wideface

Please go to Control Panel, Programs, Programs and Features and uninstall the following

Bonjour

 

What exactly is mDNSResponder.exe? (Bonjour)

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

 

 

 

 

Are you sure you have not enabled or allowed Push Notifications on your browser? It appears that at least Firefox and Chrome allow them

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Turn notifications on or off - Google Chrome

Web Push notifications in Firefox

 

 

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

  • Thanks 1
Link to post
Share on other sites

On 2/17/2021 at 6:12 AM, AdvancedSetup said:

Can you please post back the FIXLOG.TXT file and I'll check back on you again some time tomorrow

Thanks

 

Apologies for the wait, here is the FIXLOG file.

It's also worth noting that today I got yet another Trojan Outbound Connection from Opera.exe. It's curious since I was not browsing any websites on that browser, it was just open.

Thank you for the help once again.

Fixlog.txt

Link to post
Share on other sites

I did some more digging and I think it's possible that this might have been caused by this extension here, which I installed after running the Fix.

https://addons.opera.com/en/extensions/details/translator/ Just something to keep in mind.

I had only reinstalled it because it was among the recommended extensions by Opera, so I thought it would be safe.

Hopefully the alerts stop after a second clean Opera reinstall.

Link to post
Share on other sites

  • Root Admin

Yes, extensions are often the cause. So are other settings in the Browser. Cleaning, Resetting, etc. are often needed.

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Great, glad to hear. Please run the following for me

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications.

  • Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • and save the tool on the desktop.
  • If Windows's  SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.
  • This tool is safe.   Smartscreen is overly sensitive.
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Please address the following issues. It looks like you may have both the new and older version of Python installed. Unless you need the old one you may want to consider uninstalling it.

 

___________________________________________________________________________

Windows 10(6.3.18363) (x64) Professional Release: 1909 Lang: Spanish(0C0A)
Installation date OS: 09.06.2019 23:17:43
LicenseStatus: Office 16, Office16O365ProPlusR_Subscription1 edition Timebased activation will expire :24477 minutes

 


--------------------------- [ OtherUtilities ] ----------------------------
Notepad++ (64-bit x64) v.7.5.7 Warning! Download Update

Microsoft 365 Apps for enterprise - ja-jp v.16.0.13127.21216 Warning! Download Update
How Install Office updates?

SumatraPDF v.3.1.2 Warning! Download Update

 

Python 3.8.3 (64-bit) v.3.8.3150.0 Warning! Download Update

 

------------------------------ [ ArchAndFM ] ------------------------------
7-Zip 18.01 (x64) v.18.01 Warning! Download Update
Uninstall old version and install new one.

 

-------------------------- [ IMAndCollaborate ] ---------------------------
Microsoft Teams v.1.2.00.34161 Warning! Download Update

Zoom v.4.1 Warning! Download Update

 

-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.11 Warning! Download Update

 

--------------------------- [ AdobeProduction ] ---------------------------
Adobe Creative Cloud v.4.9.0.504 Warning! Download Update

 

---------------------------- [ UnwantedApps ] -----------------------------
Hades Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!

Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------

 

 

Once you've updated the above, please restart the computer 2 more times. Then run FRST and make sure you place a check mark in the Addition.txt check box and attach back both new logs.

 

image.png

 

Thanks

 

Edited by AdvancedSetup
corrected font issue
  • Thanks 1
Link to post
Share on other sites

  • Root Admin

How is the computer running now?

Any obvious issues or concerns still?

 

Please review the following and clean up and clear your Opera Browser

https://www.opera.com/case-studies/clean-browser-and-remove-trackers

Look at cleaning or resetting your other browsers too

https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

https://kb.iu.edu/d/ahic

https://kinsta.com/knowledgebase/how-to-clear-browser-cache/


 

 

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.