Jump to content

Comodo Dragon browser glitch

malware12

By malware12
in Resolved Malware Removal Logs

 Share
Go to solution Solved by Maurice Naggar,

Recommended Posts

malware12

malware12

Posted
Posted

i got malwared
yesterday web browser crashed after making an attempt to enter youtube, i cleaned cache and it was ok. today the situation was the same, after opening a youtube website my web browser crashed and after cleaning cache it works. yesterday before turning the computer off i used option "update and turn off windows" and i used it.

FRST.txt Addition.txt malwarebyter.txt malwarebytes2.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello :welcome:    

Please let me know what name you prefer to go by.

My name is Maurice.   I will guide you.

>

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

>

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.

 

Let me know the result of this.    This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply.

  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Alright.  Thank you. I am listing below some other actions for you, for this machine.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

>

[    2    ]

We will use FRST64.exe  on  C:\Users\krzys\OneDrive\Pulpit    folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  Malware12  only / for this machine only.

This custom script has some specific things, plus some general aspect to help the system overall.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will also run the Windows 10 DISM to check the system integruty. 

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome,  and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 
If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

Please save the (attached file named) FIXLIST.txt   to the  C:\Users\krzys\OneDrive\Pulpit  folder   

Fixlist.txt


Start the Windows Explorer and then, to the C:\Users\krzys\OneDrive\Pulpit  folder


RIGHT click on  FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it run and finish.   I will look forward to getting the log.

  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Thank you.  This run is excellent.  Plus the Windows System File Checker as well as the DISM check found no system issue.  That is all good.

As we go along, be sure to let me know if there are new IP blocks citing pl.nex-software.com

>

would suggest that you do this next scan. This is a known respected tool. It will scan for viruses as well as for potentially unwanted applications.   ( P U A  or  P U P ).

I would suggest a free scan with the ESET Online Scanner.  

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

  • When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.
  • Click The blue Save scan log to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

Please make sure you attach the log report.     ^_^

  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Hello @malware12

A ) Be sure to explicitly tell me which web browser this last issue is involved !

B ) Have you tried to get Youtube using another  ( different ) web browser ?    like the EDGE browser ?

C ) Is it only just Youtube that there are issues ?

D) Earlier you asked about how are IP blocks shown  /  how you can look them up in history of Malwarebytes.

First, each block event by the real-time Malwarebytes protections is displayed on a mini-message window on the lower right bottom of your monitor.

Below is an example of a website blocked notification.

DOC-1040-1.png

 

Second, each block event is logged in history logs.  See the second half of this Malwarebytes Support article

https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows

>

I need a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply

BY the way, I did wish & intended and really suggest that you do the ESET Onlinescanner scan like I had listed above.  Please be sure that you do that.  I need to see the result.

https://forums.malwarebytes.com/topic/281135-i-got-malwared/?do=findComment&comment=1489826

 

Edited by Maurice Naggar
  • Like 1
Link to post
Share on other sites
malware12

malware12

Posted
  • Author
Posted

ESET is already in half-way

so, i'm using comodo dragon, i can normally open youtube on microsoft edge and on mozilla firefox,

no other page except youtube can't be open ( or i just didn't found any more yet)

i had no more ip blocks from that site (i opened that site after noticing being malwared, ironically, i found that site after looking for some help on google) 

mbst-grab-results.zip

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Thanks for the 2 reports.  I see that ESET found no virus, no malware on the C drive.  It only found just 1 exe file on the D drive.    variant detection Win32 / KingSoft.G potentially unwanted application, Win32 / KingSoft.G potentially unwanted application cured by removal.  [ a P U A  also known as P U P  ].

We can recall that the Microsoft Safety scanner had reported no malware.  Although, we are aware, that each of the scanners have their own engine & definitions.

>

I do not believe this case is one of a actual malware. I suspect it is just some sort of set of conditions on the Comodo Dragon browser itself.

Have you been trying to get to Youtube just how ?  Is there a shortcut link on the desktop ?

are you clicking a shortcut link on the Taskbar ?

are you clicking a link on a web page ?

Just how are you trying to get to youtube with Comodo Dragon ?

Are you super duper sure you are clearing all Cache & History on Comodo browser ?

See this support oage at Comodo support  https://help.comodo.com/topic-120-1-279-2554-Delete-Browsing-History.html

You want to "clear browsing history"

Clear "Cached images and files"

for ALL time  ( using the Advanced tab)

>

Also to be done.  This one time special scan.

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

ESETscanlogs.txt

Edited by Maurice Naggar
  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

The last two scheduled scans of Malwarebytes for Windows found no malware. ( 24 NOV +25 NOV)
There were 2 IP blocks on the 25th of "pl.nex-software.com".  One before that was on 23 NOV.
Does that address in any way ring any bell for you ?
Each of those block events were when Comodo Dragon was in use.

  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

In addition to the above.

Could you take a good look to see all the add-on extensions on the Comodo Dragon browser ?
Launch Comodo Dragon.
Click the hamburger button at top-right of Comodo Dragon.  Click menu_icon_1.png
Select 'Add-ons'

What I would like you to do is to see if there are any browser extensions you do not need, or, perhaps do not recognize.

In any event, make a list of all browser extensions displayed on this Comodo Dragon.
>
What follows is a different aspect/ feature of the Comodo that I want you to try.
1. Close all tabs in Comodo ( if any are open)
2. Exit Comodo
3. Next restart Comodo in "Incognito mode" like described on this Comnodo Support article.
https://help.comodo.com/topic-120-1-279-2559-use-comodo-dragon-in-incognito-mode.html

4. Once that is done, do a test and go to https://google.com
Does that work?

5. do a test and go to https://youtube.com
 

  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello.  Thank you for the screen capture on Comodo browser extensions!

You report that you can get to Youtube in Incognito mode  ( which is important to point out.  This tends to point to one or two of those browser extensions as being the source of your problem).
I would urge you to turn OFF these 2
Mendeley Web Importer
Online Security Pro

then EXIT Comodo browser.  Then later, Restart Comodo browser.

  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Please go forward  and do as I suggested.  Then we will see.

Laterr on, you could re-test and turn back On the Mendeley.

Please understand, that it is most likely one of the Extensions that is the root of the glitch.

OR else, you should migrate to a different web browser.  OR uninstall and re-install the Comodo Dragon if you want to have it still.

The issue is wholly with this browser.  It is not a case of a "infection".

  • Like 1
Link to post
Share on other sites
  • AdvancedSetup changed the title to Comodo Dragon browser glitch
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.