carbaer Posted October 19, 2021 ID:1484498 Share Posted October 19, 2021 I am getting this popup and my malwarebytes catches it but I would like to get rid of whatever causes it. Scanning does not seem to detect the origin of this popup. Any help would be appreciated. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/19/21 Protection Event Time: 9:19 AM Log File: 4e15fcce-30f8-11ec-98ea-a8a1593cd82d.json -Software Information- Version: 4.4.8.137 Components Version: 1.0.1474 Update Package Version: 1.0.46122 License: Premium -System Information- OS: Windows 10 (Build 19043.1288) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Malvertising Domain: omnatuor.com IP Address: 139.45.197.253 Port: 443 Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2021 ID:1484506 Share Posted October 19, 2021 This topic / thread is only for carbaer. Hello @carbaer Hello My name is Maurice. I will guide you forward. Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2021 ID:1484511 Share Posted October 19, 2021 To ALL readers. This thread / this topic is ONLY for the originator carbaer Link to post Share on other sites More sharing options...
carbaer Posted October 19, 2021 Author ID:1484512 Share Posted October 19, 2021 Thank you. There is some note of cleaning failed... but I don't even have a Dell computer. Oh, and the stupid popup just came up again! AdwCleaner[C01].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2021 ID:1484514 Share Posted October 19, 2021 @carbaer The BLOCK notice is just a visual to let you know the potential threat is STOPPED. There needs to be more digging into details of THIS machine and other Scans later on. Patience & persistence is called for. In this forum area we work ONE to ONE. Let me know what name you prefer to go by. I will guide you. I need a report set for review. This is a report only. Please download MBST Support Tool Once you start it click Advanced >>> then Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply , like displayed here. To send ( upload) attachments please click the "ADD Files" link . Then browse to where your file is located and select it and click the Open button. The set of data from the report will provide much needed information. Please always attach reports as we go along. NOTE: The block notices from Malwarebytes do mean that the pc is being kept safe from any potential harm. It is STOPPED. Link to post Share on other sites More sharing options...
carbaer Posted October 19, 2021 Author ID:1484518 Share Posted October 19, 2021 Maurice, your help is very much appreciated! I will do whatever you suggest, however long it takes. I go by Carolina. See attached file. mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2021 ID:1484521 Share Posted October 19, 2021 Thank you @carbaer Let me know what name you prefer to go by. This is not necessarily a cure-all. However, I suggest you do all the steps listed below. I see that Chrome browser has some involvement. One of the first things we want to do is, to NOT have Chrome 'restore' the preceding session (s). Especially in situations like this. And we want to Delete the cache file & the browser history. For now, some very basics. [ 1 ] Use Chrome browser to go to https://www.google.com/settings/chrome/sync and sign into your account. Scroll down until you see the "reset sync" button and click on the button At the prompt click on "Ok". [ 2 ] for Chrome, while Chrome is running: Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data: Check mark the line "Browsing history" Check mark the line "Download history" Check mark the lined "Cached images and files" and press Clear Data button ( in blue ) [ 3 ] After that, make real sure that Chrome is "NOT" set to reload the pages from the last session Go into the settings menu of Chrome by first clicking the control icon of Chrome on upper right of the adress bar Then look deeper in SETTINGS Make real sure it is "NOT" set to "continue where you left off" . [ 4 ] See this article on our Malwarebytes Bloghttps://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". [ 5 ] I suggest you install the Malwarebytes Browser guard for Chrome. To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. Link to post Share on other sites More sharing options...
carbaer Posted October 19, 2021 Author ID:1484528 Share Posted October 19, 2021 On point 1: no "reset sync" button Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2021 ID:1484533 Share Posted October 19, 2021 Close that window. Sorry if you got lost or confused. Go slow and try this article https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/?tab=comments#comment-1375644 BUT if you still get lost, then skip all this part and just do the other steps I listed from before. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2021 Root Admin ID:1484535 Share Posted October 19, 2021 Just an FYI that if needed we do have a more extensive article on cleaning Google Chrome Link to post Share on other sites More sharing options...
carbaer Posted October 19, 2021 Author ID:1484539 Share Posted October 19, 2021 (edited) I am having a hard time finding the sync settings. This is what I get when I click on the Profile in the top right corner: I don't see a sync is on. I tried to google it too. Can't find it. Edited October 19, 2021 by AdvancedSetup image removed due to email address shown Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2021 Root Admin ID:1484540 Share Posted October 19, 2021 I removed your image as it has your email addresses shown. Those should not be posted in public I don't personally use Google Chrome due to extensive marketing, tracking, and advertising but I'll check on some other information or link for you if @Maurice Naggar doesn't have one available already Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2021 ID:1484541 Share Posted October 19, 2021 (edited) I got your reply. Could you please skip the "sync" part of my advice. Just proceed with the rest. Edited October 19, 2021 by Maurice Naggar edited Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2021 Root Admin ID:1484542 Share Posted October 19, 2021 The following links deal with Google Chrome Sync https://support.google.com/chrome/answer/185277 https://support.google.com/chromebook/answer/2914794?hl=en https://support.google.com/chrome/answer/95589?hl=en-PS https://support.google.com/chromebook/answer/2392709?hl=en-GBOnce&ref_topic=2586066&co=GENIE.Platform%3DDesktop&oco=2 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2021 ID:1484543 Share Posted October 19, 2021 This link is to a article at Google Chrome support for Windows-based Chrome . Look at the section Turn SYNC OFF especially where it tells you just where to begin on your Chrome screen on your pc This link here Link to post Share on other sites More sharing options...
carbaer Posted October 19, 2021 Author ID:1484544 Share Posted October 19, 2021 OK, made it through the whole list. Now just wait and see? P.S. I did have browserguard enabled. Which browser would you recommend besides Chrome? Link to post Share on other sites More sharing options...
carbaer Posted October 19, 2021 Author ID:1484552 Share Posted October 19, 2021 OK, so far no popups, getting reasonably excited! Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted October 20, 2021 Solution ID:1484563 Share Posted October 20, 2021 (edited) Hello @carbaer Thanks for the update /status. I have found the Brave browser to be much better than Chrome. > I also would suggest that you do this next scan. I would suggest a free scan with the ESET Online Scanner. This will be another check for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Please make sure you attach the log report. Edited October 20, 2021 by AdvancedSetup corrected font issue Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 20, 2021 Root Admin ID:1484574 Share Posted October 20, 2021 Agreed that Brave is much better than Google Chrome but both browsers are built on Chromium as is Microsoft Edge nowadays. Though personally I'm a fan of Firefox the writing is on the wall that before long it will probably die off because the current developers at Mozilla keep mimicking the look, feel, and functionality of Google Chrome. At some point once you've mimicked a product so bad people will stop using it and switch to the original that has better support. I'm hopeful that may change but so far it doesn't look like it. In any case, yes, the Brave browser would be a much better choice than Google Chrome at this time https://www.privacytools.io/browsers/ Link to post Share on other sites More sharing options...
carbaer Posted October 20, 2021 Author ID:1484663 Share Posted October 20, 2021 All done. scanlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 20, 2021 ID:1484683 Share Posted October 20, 2021 (edited) That found 1 potentially unsafe application & several Conduit pest adwares. For your safety, steer clear of any so called "optimizer" , like winoptimizer. Most of those types are junkware & some can be dangerous. Plus there is no need for any system "optimizer". > Allow me to suggest one other scan. This is a different special tool to check your pc for viruses, trojans & other malware. Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Attach the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Let me know what Sophos reports. PLUS update me on whether or not the "Block" notices have re-appeared. Edited October 20, 2021 by AdvancedSetup corrected font issue Link to post Share on other sites More sharing options...
carbaer Posted October 20, 2021 Author ID:1484687 Share Posted October 20, 2021 Thank you! I will run it over night (currently working) and then send the log. I am now using the Brava browser, looks and feels nice. I have never installed an optimizer on this computer but probably did years back and migrated some stuff over from a long time ago every time I got a new computer. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 20, 2021 ID:1484694 Share Posted October 20, 2021 👍 I prefer the Brave browser most because it automatically will suppress in-line advertising on some websites I read regularly. Link to post Share on other sites More sharing options...
carbaer Posted October 22, 2021 Author ID:1484928 Share Posted October 22, 2021 (edited) I ran Sophos. I got " number of threats found 0" and "your computer is clean". Have not seen any popups since one of the earlier steps above. Thank you!!! Edited October 22, 2021 by AdvancedSetup corrected font issue Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 22, 2021 ID:1484929 Share Posted October 22, 2021 (edited) That is excellent ! 😉 Alright. We are done with Sophos VRT tool. Now to uninstall it. 1. Press & hold the Windows key on keyboard & then tap the R key to open the Run box-windoww. 2. Type appwiz.cpl and tap Enter. The Programs and Features window will appear. Locate on the list "Sophos Virus Removal". Do a right-click on it. Then choose Uninstall. Let it proceed. Exit Programs and Features. Edited October 22, 2021 by AdvancedSetup corrected font issue Link to post Share on other sites More sharing options...
Recommended Posts