Jump to content

Vitamin's Omnatuor.com popup


Go to solution Solved by Maurice Naggar,

Recommended Posts

This topic / thread is only for "Vitamin".

@vitamin     Hello :welcome:

Thanks for the reports.   My name is Maurice.  I will guide you forward.

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

Link to post
Share on other sites

18 minutes ago, Maurice Naggar said:

This topic / thread is only for carbaer.

Hello @carbaer

Hello :welcome:

My name is Maurice.  I will guide you forward.

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

Thanks.  Interesting because the popup is Chrome related but the scan only reveals HP related malware.  

Shouldn't I see something with Chrome or Google on the list?

 

MB.jpg

Link to post
Share on other sites

@vitamin

PLEASE just only stick with this topic thread here which I specifically made for you.

@vitamin

 Let me know what name you prefer to go by.  I will guide you.

I need a report set for review.   This is a report only.

Please download MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

NOTE:  The block notices from Malwarebytes do mean that the pc is being kept safe from any potential harm.   It is STOPPED.

Link to post
Share on other sites

  • Solution

@vitamin

Thank you.  Just stick with this topic thread.   Let me know what name you prefer.

Thanks for the report.   Next steps:

This is not necessarily a cure-all.  However, I suggest you do all the steps listed below.

I see that Chrome browser has some involvement.  One of the first things we want to do is, to NOT have Chrome 'restore' the preceding session (s).  Especially in situations like this.  And we want to Delete the cache file & the browser history.   For now, some very basics.

[   1   ]

Use Chrome browser   to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".

[   2   ]

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   3   ]

After that, make real sure that Chrome is "NOT" set to reload the pages from the last session

Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar

Then look deeper in SETTINGS

image.png.9f59b1a99e5e32db2619eeab22b5a72f.png

Make real sure it is "NOT" set to "continue where you left off"

.

[   4   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[   5   ]

I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

Link to post
Share on other sites

Just notes.  What is being blocked is / are attempts to reach IP 139.45.197.253  /  omnatuor.com

This is likely a malvertising.  The Malwarebytes web protection is keeping the system safe from potential harm.

Edited by Maurice Naggar
Link to post
Share on other sites

On 10/24/2021 at 10:04 AM, Maurice Naggar said:

Hello @vitamin    Just would like to find out if you have a status update about the "block" notice situation.  Has it gone away ?

 Hey Maurice, sorry for the delay.  I just followed the procedures your outlined and will follow up in a few days to update you on the "block" notice.

One thing I noticed on step [1] of your directions is that Google has changed the button wording.  Instead of reading "reset sync", it reads "Clear Data" (see image).

I just wanted to give everyone a heads up... thanks!

 

clearSync.png

Link to post
Share on other sites

@vitamin  

You are very welcome. I am glad to have worked with you.

We can proceed with cleanup of tools we used.

To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.

Delete mb-support-1.8.7.918.exe
Delete mbst-grab-results.zip on the Desktop.

Adwcleaner you may keep and use as needed.
Any other download file I had you download, you may delete. 
Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

I am marking this case for closure.
I wish you all the best. Stay safe.
Sincerely.

Maurice

Link to post
Share on other sites

Glad we could help.

For Vitamin ONLY if you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator  "Vitamin"  of this thread.

Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Edited by Maurice Naggar
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.