Every google search, Malwarebytes blocks trojan "dorryhigh.com"

[ItsCheif]

Hi,

I downloaded an .exe and scanned it with Malwarebytes and everything came back clean, so I opened it and from that point on, every time I do any google search, malwarebytes pops up saying it's blocked a Trojan "dorryhigh.com". I've deleted the .exe already. Please help!

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/27/21
Protection Event Time: 9:36 PM
Log File: dcf2a422-d73b-11eb-91bd-7a79192614d9.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1344
Update Package Version: 1.0.42319
License: Trial

-System Information-
OS: Windows 10 (Build 19041.1052)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: dorryhigh.com
IP Address: 172.67.136.204
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

[Maurice Naggar]

Hello 

My name is Maurice. I will guide you,  Please always attach files / reports as we go along.

I need a fuller set of reports for review so that I can review & guide you.

Please download  Malwarebytes' MBST Support Tool

 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

• Please attach  mbst-grab-results.zip    to your reply , like displayed here.
• To send  ( upload)   attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button.

Edited June 30, 2021 by Maurice Naggar

[Maurice Naggar]

The next step I would suggest to do is what is on this pinned-link 

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

{  disregard the the subject-title   but do all things listed.   This will help on the Chrome browser, in future.}

[Maurice Naggar]

Hello @ItsCheif   I hope you are doing well.  Do you have a status update ?

[Maurice Naggar]

These are some additional measures you can apply, as you have the opportunity.

Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard.

See Support article how-to

https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard

Note: If your pc has Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard.
.

[    2    ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/
  
You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.
Scroll down to the tips section "How do I disable them".
.

As noted earlier, at your next opportunity, provide me a status update as to the situation on Block notices.

Yet also know, the block notices do mean that Malwarebytes real-time web protection is keeping your pc safe from harm.

For Your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes Premium, ( or Trial ) is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".

It indicates that a potential risk was blocked by the malicious website protection, which will always show each block occurrence.
The protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
 
See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true
 
Incoming block notice can be ignored, the Malwarebytes Premium real-time protection is blocking the threat and there is not much more that can be done. [ 1]
On Outbound blocks, any attempted connection was stopped.
 
No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).
A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, SKYPE or Peer-to-peer software, may trigger these alerts.

These may also be triggered by banner ads running on websites which is the most common form of alert. These may perhaps happen when reading emails that happen to have embedded links to ads, or malvertising.
.

and see https://support.malwarebytes.com/hc/en-us/articles/360038522594-Received-a-Website-Blocked-notification-from-Malwarebytes-for-Windows-v3
Also see https://support.malwarebytes.com/hc/en-us/articles/360038984793-Real-Time-Protection-in-Malwarebytes-for-Windows

Note [ 1 ] If your pc runs Windows 10 Pro or Enterprise & there are frequent or continuous incoming IP blocks, it can help to ( at least temporarily ) disable the Remote Desktop option on your Windows system.

 

Edited June 30, 2021 by Maurice Naggar

[Maurice Naggar]

All that being said & true, it is not normal that a web search to be redirected or the like.  That is why I do need the report set just like I wrote before on my first reply.

[Maurice Naggar]

Hello.  @ItsCheif   Do you have news for me ?

[Maurice Naggar]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks