Jump to content

Everytime i open any browser malwarebytes comes with trojan


Go to solution Solved by Maurice Naggar,

Recommended Posts

 was browsing the internet when the first popup appeared out of nowhere. it turned out to be the google chrome adware extension. after some time i started getting notifications that website blocked due to trojan. depending on what browser is currently open, it sometimes tries to make outbound connection to various websites always on port 443 with file being just the browser. it freaks me out. i've already turned off all of the possible syncs and extensions. another antivirus that also didnt find anything wrong sowed me the notification that the browser is using the webcam. supercreepy. btw usually it tries to connect on the browser's startup, but sometimes this happens randomly. one of the block log is attached as well as anumerus amount of attemps

Screenshot 2021-09-12 174415.png

omg.txt

Link to post
Share on other sites

Hello  @human2402     :welcome:

My name is Maurice.  Let me know what name you prefer to go by.  I will guide you.

I need a report set for review.   This is a report only.

Please download MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The file at issue is tagged as PUP.optional.slimware.   The set of data from the report will provide much needed information.

Please always attach reports as we go along.

NOTE:  The block notices from Malwarebytes do mean that the pc is being kept safe from any potential harm.   

Link to post
Share on other sites

  • Solution

Hello Dmitry.   😀  Nice to meet you.   Thanks for the report file.

Here below is a custom run intended to do some cleanups.  Please take time to read carefully & apply all directions below.

If you have a question, stop and ask me first.

[    1    ]

As a next basic step, Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[    2    ]

Your Downloads folder is C:\Users\olegr\Downloads

We will use FRSTENGLISH.exe   to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  human2402  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will rebuild the Winsock.  It will run the Windows DISM tool to check the system. 

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome,  and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

NOTE 3:  Each of Chrome browser, Edge browser, & Firefox browser is set to restore the previous session. In a situation like this, of repeating block events, it is not a good practice. The auto-restore will be turned off.

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   Downloads folder

Fixlist.txt

 

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on  FRSTENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

Link to post
Share on other sites

Mauric, i cant tell how much thankful i am rn for your help :)

the blocks seems to be stopped and no longer webcam usage notifications are shown !

its great to have such handy helpers here who can help in such mysterious and abstract things as malware (especially the thing that makes me technophobic 🌚). i feel much safer now

the tool`s logs are attached

Fixlog.txt

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Hello, that is great news.  Bravo.

Next, I suggest a new scan for virsuses & other malware.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

 

Let me know the result of this.    This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.