vitamin Posted October 19, 2021 ID:1484503 Share Posted October 19, 2021 Getting the same thing. Wondering what the heck it is. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2021 ID:1484507 Share Posted October 19, 2021 This topic / thread is only for "Vitamin". @vitamin Hello Thanks for the reports. My name is Maurice. I will guide you forward. Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. Link to post Share on other sites More sharing options...
vitamin Posted October 19, 2021 Author ID:1484508 Share Posted October 19, 2021 18 minutes ago, Maurice Naggar said: This topic / thread is only for carbaer. Hello @carbaer Hello My name is Maurice. I will guide you forward. Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. Thanks. Interesting because the popup is Chrome related but the scan only reveals HP related malware. Shouldn't I see something with Chrome or Google on the list? Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2021 ID:1484510 Share Posted October 19, 2021 @vitamin PLEASE just only stick with this topic thread here which I specifically made for you. @vitamin Let me know what name you prefer to go by. I will guide you. I need a report set for review. This is a report only. Please download MBST Support Tool Once you start it click Advanced >>> then Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply , like displayed here. To send ( upload) attachments please click the "ADD Files" link . Then browse to where your file is located and select it and click the Open button. The set of data from the report will provide much needed information. Please always attach reports as we go along. NOTE: The block notices from Malwarebytes do mean that the pc is being kept safe from any potential harm. It is STOPPED. Link to post Share on other sites More sharing options...
vitamin Posted October 19, 2021 Author ID:1484519 Share Posted October 19, 2021 Here are the results. mbst-grab-results.zip Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted October 19, 2021 Solution ID:1484524 Share Posted October 19, 2021 @vitamin Thank you. Just stick with this topic thread. Let me know what name you prefer. Thanks for the report. Next steps: This is not necessarily a cure-all. However, I suggest you do all the steps listed below. I see that Chrome browser has some involvement. One of the first things we want to do is, to NOT have Chrome 'restore' the preceding session (s). Especially in situations like this. And we want to Delete the cache file & the browser history. For now, some very basics. [ 1 ] Use Chrome browser to go to https://www.google.com/settings/chrome/sync and sign into your account. Scroll down until you see the "reset sync" button and click on the button At the prompt click on "Ok". [ 2 ] for Chrome, while Chrome is running: Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data: Check mark the line "Browsing history" Check mark the line "Download history" Check mark the lined "Cached images and files" and press Clear Data button ( in blue ) [ 3 ] After that, make real sure that Chrome is "NOT" set to reload the pages from the last session Go into the settings menu of Chrome by first clicking the control icon of Chrome on upper right of the adress bar Then look deeper in SETTINGS Make real sure it is "NOT" set to "continue where you left off" . [ 4 ] See this article on our Malwarebytes Bloghttps://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". [ 5 ] I suggest you install the Malwarebytes Browser guard for Chrome. To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2021 ID:1484530 Share Posted October 19, 2021 (edited) Just notes. What is being blocked is / are attempts to reach IP 139.45.197.253 / omnatuor.com This is likely a malvertising. The Malwarebytes web protection is keeping the system safe from potential harm. Edited January 29, 2022 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 24, 2021 ID:1485178 Share Posted October 24, 2021 Hello @vitamin Just would like to find out if you have a status update about the "block" notice situation. Has it gone away ? Link to post Share on other sites More sharing options...
vitamin Posted October 27, 2021 Author ID:1485686 Share Posted October 27, 2021 On 10/24/2021 at 10:04 AM, Maurice Naggar said: Hello @vitamin Just would like to find out if you have a status update about the "block" notice situation. Has it gone away ? Hey Maurice, sorry for the delay. I just followed the procedures your outlined and will follow up in a few days to update you on the "block" notice. One thing I noticed on step [1] of your directions is that Google has changed the button wording. Instead of reading "reset sync", it reads "Clear Data" (see image). I just wanted to give everyone a heads up... thanks! Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 27, 2021 ID:1485733 Share Posted October 27, 2021 Thanks. Yes. It seems that Google support has moved the cheese ( as one saying goes). Let me know if you need other help. 😎 1 Link to post Share on other sites More sharing options...
vitamin Posted October 28, 2021 Author ID:1485938 Share Posted October 28, 2021 Ok. To follow up, I'm no longer getting the popup. Thanks for the great support. )) Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 28, 2021 ID:1485958 Share Posted October 28, 2021 @vitamin You are very welcome. I am glad to have worked with you. We can proceed with cleanup of tools we used. To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete mb-support-1.8.7.918.exe Delete mbst-grab-results.zip on the Desktop. Adwcleaner you may keep and use as needed. Any other download file I had you download, you may delete. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. I am marking this case for closure. I wish you all the best. Stay safe. Sincerely. Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 28, 2021 ID:1485959 Share Posted October 28, 2021 (edited) Glad we could help. For Vitamin ONLY if you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator "Vitamin" of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Edited October 28, 2021 by Maurice Naggar Link to post Share on other sites More sharing options...
Recommended Posts