Jump to content

Omnatuor.com popup


Go to solution Solved by Maurice Naggar,

Recommended Posts

I am getting this popup and my malwarebytes catches it but I would like to get rid of whatever causes it. Scanning does not seem to detect the origin of this popup. Any help would be appreciated.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/19/21
Protection Event Time: 9:19 AM
Log File: 4e15fcce-30f8-11ec-98ea-a8a1593cd82d.json

-Software Information-
Version: 4.4.8.137
Components Version: 1.0.1474
Update Package Version: 1.0.46122
License: Premium

-System Information-
OS: Windows 10 (Build 19043.1288)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Malvertising
Domain: omnatuor.com
IP Address: 139.45.197.253
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

Link to post
Share on other sites

This topic / thread is only for carbaer.

Hello @carbaer

Hello :welcome:

My name is Maurice.  I will guide you forward.

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

Link to post
Share on other sites

@carbaer

The BLOCK notice is just a visual to let you know the potential threat is STOPPED.   There needs to be more digging into details of THIS machine  and other Scans later on.  Patience & persistence is called for.   In this forum area we work ONE to ONE.

 Let me know what name you prefer to go by.  I will guide you.

I need a report set for review.   This is a report only.

Please download MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

NOTE:  The block notices from Malwarebytes do mean that the pc is being kept safe from any potential harm.   It is STOPPED.

Link to post
Share on other sites

Thank you @carbaer  Let me know what name you prefer to go by.

This is not necessarily a cure-all.  However, I suggest you do all the steps listed below.

I see that Chrome browser has some involvement.  One of the first things we want to do is, to NOT have Chrome 'restore' the preceding session (s).  Especially in situations like this.  And we want to Delete the cache file & the browser history.   For now, some very basics.

[   1   ]

Use Chrome browser   to go to https://www.google.com/settings/chrome/sync      and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".

[   2   ]

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   3   ]

After that, make real sure that Chrome is "NOT" set to reload the pages from the last session

Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar

Then look deeper in SETTINGS

image.png.9f59b1a99e5e32db2619eeab22b5a72f.png

Make real sure it is "NOT" set to "continue where you left off"

.

[   4   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[   5   ]

I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

Link to post
Share on other sites

Close that window.  Sorry if you got lost or confused.

Go slow and try this article  https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/?tab=comments#comment-1375644

 

 

BUT if you still get lost, then skip all this part  and just do the other steps I listed from before.

Link to post
Share on other sites

I am having a hard time finding the sync settings. This is what I get when I click on the Profile in the top right corner:

 

I don't see a sync is on.

I tried to google it too. Can't find it.

Edited by AdvancedSetup
image removed due to email address shown
Link to post
Share on other sites

  • Root Admin

I removed your image as it has your email addresses shown. Those should not be posted in public

I don't personally use Google Chrome due to extensive marketing, tracking, and advertising but I'll check on some other information or link for you if @Maurice Naggar doesn't have one available already

 

 

 

Link to post
Share on other sites

  • Root Admin
  • Solution

Hello @carbaer   Thanks for the update /status.

I have found the Brave browser to be much better than Chrome.

>

I also would suggest that you do this next scan.

I would suggest a free scan with the ESET Online Scanner.  This will be another check for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

  • When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.
  • Click The blue Save scan log to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

Please make sure you attach the log report.

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

  • Root Admin

Agreed that Brave is much better than Google Chrome but both browsers are built on Chromium as is Microsoft Edge nowadays. Though personally I'm a fan of Firefox the writing is on the wall that before long it will probably die off because the current developers at Mozilla keep mimicking the look, feel, and functionality of Google Chrome. At some point once you've mimicked a product so bad people will stop using it and switch to the original that has better support. I'm hopeful that may change but so far it doesn't look like it.

In any case, yes, the Brave browser would be a much better choice than Google Chrome at this time

https://www.privacytools.io/browsers/

Link to post
Share on other sites

That found 1 potentially unsafe application & several Conduit pest adwares.

For your safety, steer clear of any so called "optimizer" , like winoptimizer. Most of those types are junkware & some can be dangerous. Plus there is no need for any system "optimizer".

>

Allow me to suggest one other scan.

This is a  different special tool to check your pc for viruses, trojans & other malware.

Download Sophos Free Virus Removal Tool   and save it to your desktop.

  • If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
  • Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

 

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

  • Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

 

Attach the results in your reply

  • Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

 

If no threats were found please confirm that result....

  • The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 

Let me know what Sophos reports.   PLUS update me on whether or not the "Block" notices have re-appeared.

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Thank you! I will run it over night (currently working) and then send the log. I am now using the Brava browser, looks and feels nice. I have never installed an optimizer on this computer but probably did years back and migrated some stuff over from a long time ago every time I got a new computer.

Link to post
Share on other sites

That is excellent !    😉

Alright. We are done with Sophos VRT tool.  Now to uninstall it.

1. Press & hold  the Windows key on keyboard & then tap the R key   to open the Run box-windoww.
2. Type 

appwiz.cpl

and tap Enter.
The Programs and Features window will appear.   Locate on the list "Sophos Virus Removal".

Do a right-click on it.  Then choose Uninstall.   Let it proceed.

Exit Programs and Features.

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.