Lozza94 Posted March 27, 2021 ID:1447406 Share Posted March 27, 2021 Hi, Over the last few days I've been experiencing a number of issues while browsing that could indicate an infection. Norton has been alerting me to frequent intrusion attempts (malicious redirects, domain requests and so on) while Malwarebytes has told me about a number of blocked websites running the gamut from Trojans, RiskWare, Fraud, PUPs, Malware and Malvertising. At the same time, neither program has been able to find any concrete threats when scanning my system. So I am taking it to the next level... I'm attaching my Malwarebytes log and FRST/additions logs as per forum policy. For what it's worth, a few days ago I tried out the ADWcleaner, which quarantined 3 items* (see the other log if you want to check on this), but re-running it now does not find anything and the issues have persisted since running ADWcleaner. I also ran a Malwarebytes advanced scan on the whole C drive (though I disabled scanning for rootkits as this made the process massively slow) and this did not find anything either. Thanks in advance for your help! * I didn't delete them at the time but AFAIK quarantine makes them inactive and no longer a threat. lozza94_threat_scan.txt Addition.txt FRST.txt AdwCleaner[S00].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 28, 2021 ID:1447510 Share Posted March 28, 2021 (edited) Hello. My name is Maurice. I will guide you. Let's start with this. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan. Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button Have patience. The entire process may take an hour or more. There is an initial update download There is a progress window display You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results” Click The blue “Save scan log” to save the log If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom) Press Continue when all done. You should click to off the offer for “periodic scanning” Edited March 28, 2021 by Maurice Naggar Link to post Share on other sites More sharing options...
Lozza94 Posted March 28, 2021 Author ID:1447536 Share Posted March 28, 2021 Hi Maurice, Thanks for your advice. ESET didn't turn anything up apart from BitTorrent update files (see the attached log file). Do you have any further suggestions? eset_log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 28, 2021 ID:1447556 Share Posted March 28, 2021 Thanks for the report. It is always important to get report files. Regardless of your language. The ESET removed all items it detected. As a next step, to checkout your system a bit more, a scan with Sophos. Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Please be sure to attach that log. Cheers. Link to post Share on other sites More sharing options...
Lozza94 Posted March 30, 2021 Author ID:1447855 Share Posted March 30, 2021 Hi Maurice, Thanks again for your advice. However, no threats were found by Sophos. Apologies for the delay, I had to wait to scan the PC overnight as I use it for work all day. (From the log you'll first see the scan I did on Saturday but I tried again at your request - the relevant scan finished started on 30-03. The unscanned files are from a work Dropbox.) SophosVirusRemovalTool.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 30, 2021 ID:1447909 Share Posted March 30, 2021 Hi. Thanks. https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html Please read the guide at Tenforums. Need to be sure that Windows is set to show ALL Folders, including system folders, plus also hidden folders & files. Please confirm after that is done. Link to post Share on other sites More sharing options...
Lozza94 Posted March 30, 2021 Author ID:1447912 Share Posted March 30, 2021 Hi Maurice - okay, I can confirm I've got 'show all folders' on. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 30, 2021 ID:1447915 Share Posted March 30, 2021 The script Fixlist.txt needs to be saved to the same folder that contains FRST64.exe The custom script on this post is ONLY for this machine and NO other. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. The system will be rebooted after the script has run. Please save the (attached file named) FIXLIST.txt to the Downloads folder Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Do let me know how things are overall, after all this. Fixlist.txt Link to post Share on other sites More sharing options...
Lozza94 Posted March 30, 2021 Author ID:1447924 Share Posted March 30, 2021 Hi Maurice, Thanks a lot for your help! Okay - here's the fixlog. The system seems fine but then again it seemed fine before - I imagine the real test is whether I keep getting warnings over intrusions, trojans and so on... I'll let you know whether these continue but it may take a little while to tell. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 30, 2021 ID:1447943 Share Posted March 30, 2021 Thanks for the log file. That was a very worthwhile run. As to the original & main issue about "Block notice messages" from the web protection of the Malwarebytes for Windows. Those notices just mean that any prospective threat was halted. They were STOPPED ! The term 'intrusion' is not fitting. . If there is another new block, I would be asking you to relay a copy of the log of that block from the Malwarebytes app. Is yours a Premium licensed one ? . for each of these 3 web browsers, the Edge browser, the Google Chrome , Firefox, they each should have the Browser Guard by Malwarebytes. there is a specific one for Firefox. Edge & Chrome will each take the one for Chrome. see & follow my suggestions at this one post https://forums.malwarebytes.com/topic/268707-getting-redirect-malware-from-visymo/?do=findComment&comment=1432401 Link to post Share on other sites More sharing options...
Lozza94 Posted March 31, 2021 Author ID:1448065 Share Posted March 31, 2021 Hi Maurice, Thanks again! Yes I understand alerts don't necessarily indicate an underlying infection but thought it was better to be safe than sorry... There have been a few detections since. I've attached Malwarebytes logs for those. My desktop app is a trial of the premium version but I will certainly purchase the premium following this experience! I have installed the Browser guards (including on Opera which is my main browser day-to-day). However, they don't seem to be blocking your test site when Web Protection in the desktop app is turned off (I followed the advice in this thread to check they were working). https://forums.malwarebytes.com/topic/252088-browser-guard-for-opera/ attack1.txt attack2.txt attack3.txt attack4.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 31, 2021 ID:1448168 Share Posted March 31, 2021 Good day to you. Note 1 :. Even if all browsers have the Browser Guard. Just be sure that in Malwarebytes for Windows, it has All protections ON, including also Web Protection ! ! Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted March 31, 2021 Solution ID:1448175 Share Posted March 31, 2021 All 4 Block reports involved OPERA trying outbound connections to 4 different URL links / all different IP addresses. They were STOPPED! I would urge that you stop using Opera for a couple of days. Instead, just use the Edge browser. . In Opera, be sure to Delete all Cache, all history. Look very closely at Start page setting + Home page + the options related to Search preference. Plus in addition look closely at each browser extension that is on Opera. Link to post Share on other sites More sharing options...
Lozza94 Posted April 4, 2021 Author ID:1448973 Share Posted April 4, 2021 Hi Maurice, Sorry about this - I thought I posted a reply on Weds, but it isn't showing up here! Long story short - I did as you suggested over Opera, while I couldn't find anything obviously suspicious in the settings/extensions I did delete the cache etc. It seems like this has finally done the trick - I have had no further alerts from Norton or Malwarebytes and my daily scans have since been coming up clean. Feel free to move this to 'resolved'... and thanks a lot for all your help! Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 4, 2021 ID:1449028 Share Posted April 4, 2021 Hello. You ware very welcome. I am glad to have worked with you. We can proceed with cleanup of tools we used. To remove the FRST tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete the Sophos download file. Delete esetonlinescanner.exe Any other download file I had you download, you may delete. I wish you all the best. Stay safe. Sincerely. Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 4, 2021 ID:1449029 Share Posted April 4, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts