Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Malware flagged every time I open a new Google page


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello there,

 

All of a sudden, I'm getting malware flagged up every time I open a new Google page.

 

It always seems to be the same - I have attached a screen-shot of the notification to this message.

 

It is particularly annoying, as it started being flagged up when I installed the free version of Malwarebytes, so I got the premium version, naively thinking that would get rid of it - but it didn't. Harrumph.

 

I would be grateful for any advice that anyone might have about this.

 

Many thanks and best regards,

 

Njoroge Muzungu

 

What Njoroge Muzungu sees.docx

Link to post
Share on other sites

Hello.      :welcome:

My name is Maurice.  I will guide you.  Let me know what name you prefer to go by. For the time being, try to only use the EDGE browser in lieu of Chrome.

I will guide you along on looking for a resolution. Lets keep these principles as we go along.

  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Please stick with me until I give you the "all clear".

Your topic will be closed if you haven't replied within 4 days!
If I have not replied to your last post after 36 hours, please then send me a P M.

 

The first thing I need is to get a set of reports & logs.

 

That is the first step.  I will then review and use that to guide us along.

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 [   2    ]

I would like a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.

To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

Cheers.

Link to post
Share on other sites

Hello Maurice,

Thanks for your message. Call me Njoroge.

I have attached the log file that you asked for. Can I also just check something:

When you say no "free-wheeling" net-surfing, can I still use the handful of dictionary sites that I need for working (I'm a translator)?

That's it, really. I look forward to hearing from you.

Thanks again and best regards,

Njoroge

 

mbst-grab-results.zip

Link to post
Share on other sites

  • Solution

Hello Njoroge.  This next part needs to be done when you can stop what you are doing on computer & allow it to run this custom script. It hopefully should be under one hour.  This is part 1. We will need to do another follow-up run later. 

Next, a custom script to do  checks & some  cleanups. 

We will use FRSTENGLISH.exe  on the Downloads folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  Njoroge  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.   It will run the Windows DISM tool to check the system.  It will rebuild the Winsock.  It will attempt to clear the cache for Chrome & Edge. 

NOTE-2: As part of this fix it will also attempt to place 2 IP s blocks  in the Winows firewall for 172.67.163.197 & 104.21.15.186

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   user Downloads  folder

Fixlist.txt                <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on FRSTENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.  This here is not a one-shot-cure-all.  There will be more to do later.  Stick with me.

Link to post
Share on other sites

Hi Maurice,

As it happens, I'm just coming to a natural break in my work right around now, so I shall carry out the process that you outline in a couple of minutes from now.

And don't worry about my patience - that is something I have in abundance....

Thanks again and all best,

Njoroge

Link to post
Share on other sites

Hello.  I have the report. Looks like a good run.  How is the situation at present ?  

 

  • and save the tool on the desktop.
  • If Windows's  SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Also, be sure to make a run to Microsoft Windows Update to be sure this system is all up-to-date with security & critical updates & latest Cumulative updates.

Link to post
Share on other sites

Hello Maurice,

Thank you for that additional information.

The situation is unchanged within Google Chrome (i.e. the malware still flags up as before every time I go onto a new Google page), but isn't happening within Microsoft Edge.

But looking back at what you have said previously, I think that you are recommending that I change from using Chrome to Edge in general, no? I had resisted previously, as Microsoft's policy of constantly trying to brow-beat me into using it by repeatedly installing it whether I liked it or not got my goat.

But if it's the best way forward, I shall use it from now on. 

And I have attached the SecurityCheck file that you asked for to this message as well.

Many thanks again and best regards,

Njoroge 

 

SecurityCheck.txt

Link to post
Share on other sites

If your pc is still getting a block notice from Malwarebytes, then go back & un-do the "Solution tick' that you had made yesterday on this post https://forums.malwarebytes.com/topic/283530-malware-flagged-every-time-i-open-a-new-google-page/?do=findComment&comment=1501222
Leave it to me to mark solution once the issue has been resolved. Yes, still use EDGE browser till situation is cleared up.

Follow-up action you need to do to insure apps are the latest + 1 uninstall

Adobe Creative Cloud v.5.5.0.617 Warning! Download

Recommend to uninstall AVG Tuneup

AVG TuneUp v.21.4.3594.4066 Warning! Suspected demo version of anti-spyware, driver updater or un-needed 'tweak' app  optimizer

NEXT

For Chrome browser, Do as much as possible of each of the 5 tips on this 1 post of mine  https://forums.malwarebytes.com/topic/280326-roshur-has-omnatuorcom-block-notice/?do=findComment&comment=1485972
Let me know after you have applied all of the above. Cheers.

Link to post
Share on other sites

Hello Maurice,

Well - I am delighted to say that your instructions seem to have worked entirely, and I am no longer seeing the malware warning that would pop up every time I opened a new Google page.

Thank you very much again for all of your help, and the very best regards.

Njoroge Muzungu

Link to post
Share on other sites

Hello Njoroge. You are very welcome. I am glad to have worked with you.

We can proceed with cleanup of tools we used.

To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe.
Then run that ( double click on it) to begin the cleanup process.

Delete mb-support-1.8.7.918.exe
Delete mbst-grab-results.zip on the Desktop.

do some other clean-up work and remove the other tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • You may attach that file to your next reply. (not compulsory)
Link to post
Share on other sites

Hello again Maurice,

Infuriatingly, immediately after I performed the clean-up steps that you outlined, the original malware problem started up again, exactly as before.

To save us all time, could you tell me at what point within the full list of instructions that you gave me would I need to start again? Presumably the earlier scanning stages are not required again?

Thanks and regards,

Njoroge 

Link to post
Share on other sites

I very much regret that new news. I presume that this is with the use of Google CHROME browser. 

Using just the Chrome browser, signin to your Google account ( if not signed in already)  https://chrome.google.com/
Then go to https://chrome.google.com/sync?
Scroll down the page, press the "CLEAR DATA" button, to clear the Chrome data from your Google account.

[   2   ]

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   3   ]

After that, make real sure that Chrome is "NOT" set to reload the pages from the last session

Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar

Then look deeper in SETTINGS

image.png.9f59b1a99e5e32db2619eeab22b5a72f.png

Make real sure it is "NOT" set to "continue where you left off"

.

[   4   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[   5   ]

I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

Link to post
Share on other sites

  • 4 weeks later...

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.