SaroshJ Posted January 26, 2022 ID:1499190 Share Posted January 26, 2022 I keep getting "Website blocked due to compromised" popups every few seconds. Can someone please help. Not sure what my next steps should be Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 26, 2022 Root Admin ID:1499192 Share Posted January 26, 2022 Hello @SaroshJ and Let me have you run the following and we'll see about getting you fixed up and running well again. Please run the following steps and post back the logs as an attachment when ready. Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed. If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download. Spoiler Spoiler When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users. Example of Microsoft Edge blocking the download STEP 01 If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan. If you don't have Malwarebytes installed yet please download it from here and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed make sure you have it quarantine any detections it finds. If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Double-click to run the program Accept the End User License Agreement. Wait until the database is updated. Click Scan Now. When finished, if items are found please click Quarantine. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Attach or Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time Please attach the Additions.txt log to your reply as well. On your next reply, you should be attaching frst.txt and additions.txt to your post, every time. Thanks Link to post Share on other sites More sharing options...
SaroshJ Posted January 26, 2022 Author ID:1499266 Share Posted January 26, 2022 Hello Root admin, Thank you for picking up my post. I have attached the required files. Let me know... AdwCleaner[C00].txt AdwCleaner[S00].txt MB Threat Scan results.txt FRST_26-01-2022 09.26.59.txt Addition_26-01-2022 09.26.59.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 26, 2022 Root Admin ID:1499319 Share Posted January 26, 2022 Thank you for the logs @SaroshJ Can you please post back the Protection Log from yesterday showing the blocking. Then let me have you also run the following. Please download the following tool Farbar Service Scanner and run it on the computer with the issuehttp://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Click "Scan" It will create a log (FSS.txt) in the same directory the tool is run. Please attach the log to your next reply. Link to post Share on other sites More sharing options...
SaroshJ Posted January 27, 2022 Author ID:1499358 Share Posted January 27, 2022 Good Evening Root Admin, Can you let me know how to get the protection logs? Also it is currently 1/26/2022 7:30PM EST here. Please let me know of what date, you need the protection logs . Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 27, 2022 Root Admin ID:1499374 Share Posted January 27, 2022 Good evening @SaroshJ Below is how you can access those logs. But please also go ahead and run the FSS tool above that I linked to. Just logs from the past couple of days. You can find Scan and Protection logs within the Malwarebytes 4 program in the following location RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged If you click on the View option you should get something similar to the following with other options available. Link to post Share on other sites More sharing options...
SaroshJ Posted January 27, 2022 Author ID:1499459 Share Posted January 27, 2022 Hello Root Admin, Attached the logs as needed. Thank you! 26.13.txt 26.14.txt 26.15.txt 26.16.txt 26.17.txt 26.18.txt 26.19.txt 27.1.txt 27.2.txt 27.3.txt 27.4.txt 27.5.txt 27.6.txt 27.7.txt FSS.txt 26.1.txt 26.2.txt 26.3.txt 26.4.txt 26.5.txt 26.6.txt 26.7.txt 26.8.txt 26.9.txt 26.10.txt 26.11.txt 26.12.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 27, 2022 Root Admin ID:1499470 Share Posted January 27, 2022 Yes, these blocks are coming when you're using Private Internet Access which like most VPN products uses IP addresses that share those also used by bad actors. Please also refer to this support article which lists several known applications which conflict with the Web Protection in Malwarebytes currently, which includes Private Internet Access If you disable Private Internet Access and don't use it, do you still get these block notices? Link to post Share on other sites More sharing options...
SaroshJ Posted January 28, 2022 Author ID:1499689 Share Posted January 28, 2022 Thanks Root Admin. I will continue to monitor with PIA turned off for now. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 28, 2022 Root Admin ID:1499725 Share Posted January 28, 2022 Hello @SaroshJ Here is a recent reply I made to another customer today. Almost any VPN (including ours) can run into an IP that gets blocked or marked as a threat because bad actors or scammers, etc. also use VPN products. Fully excluding would basically disable all protection of your Internet traffic, which in effect is the same thing as turning off the Web protection module. I know we're working on a more granular method of controlling block alerts but I have no timeline as to when that would be ready. It could be a couple months or it could be a year. It all depends on various development projects. At this time I'm not aware of a good way to prevent the alerts without turning off all alerts. In the future I'm hopeful we can pick specific programs or processes to quell the alerts. This option should help resolve the issue but may not one hundred percent remove it. https://www.privateinternetaccess.com/vpn-features/dedicated-ip-vpn Link to post Share on other sites More sharing options...
Solution SaroshJ Posted January 29, 2022 Author Solution ID:1499740 Share Posted January 29, 2022 Thank you AdvancedSetup! 1 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 29, 2022 Root Admin ID:1499745 Share Posted January 29, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts