Jump to content

Malaware blocks potential threat (metriq.xyz) whenever Chrome is started.


Go to solution Solved by Maurice Naggar,

Recommended Posts

Wasn't paying attention and accidentally clicked on something that said "Allow" that seems to have messed with my browsers.

I initially had fake notification from Edge about viruses infecting my computer and the unrelered.xyz site. I managed to fix this by removing the notification permissions in Edge though.

But I still have an issue metriq.xyz and Chrome trying to connect to it (or something like that?) whenever I open the browser.

I've attached the Malaware Scan log, Malaware Detection log, and the two files from the FRST Scan.

Thanks for any help that you can provide.

FRST.txt Addition.txt MalawareDetectionLog.txt MalawareScanLog.txt

Link to post
Share on other sites

Hello @JSG :welcome: I will guide you forward.
We start out by doing what follows, as the first steps. More will be done later. So stick with me here.
Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use thuis guide https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html
[ 2 ]
Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

Link to post
Share on other sites

AFTER you have finished with run of ADWCLEANER ( from the steps above ^ ^ ^ ^

This custom script is for  JSG  only / for this machine only.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups. 

We will use FRST64  on the Desktop  folder to run a custom script.    The system will be rebooted after the script has run.

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. .  It will also check with the Windows OS Dism.

NOTE-2: It will update MS Defender antivirus & do a Quick scan with MS Defender.

NOTE-3: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome,  and Opera  & BRAVE caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   Desktop   folder

Fixlist.txt           <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Desktop   folder.


RIGHT click on FRST64    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Link to post
Share on other sites

Tell me, is Chrome browser having "Block" notice windows from Malwarebytes?
and if so, you can use the EDGE browser instead.
In addition, Have you any idea why this program "C:\Program Files (x86)\FastDataX" is set to be excluded from protection by Microsoft Defender antiirus ?
Also,

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  CUSTOM scan  & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply. We will do more later.

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

26 minutes ago, Maurice Naggar said:

Tell me, is Chrome browser having "Block" notice windows from Malwarebytes?
and if so, you can use the EDGE browser instead.


In addition, Have you any idea why this program "C:\Program Files (x86)\FastDataX" is set to be excluded from protection by Microsoft Defender antiirus ?

I'm not sure if Chrome is having a "Block" notice. When I start it I see this:

image.thumb.png.a7e6059294a873a5dcb6acdbfd2c815a.png

 

As far as FastDataX goes, I think I did see something about that when I had the issue with unrelered.xyz but I don't know why it's set to be excluded. Should I remove it from the exclusions and then run Defender before running Safety Scanner?

Link to post
Share on other sites

Let us do what follows below.

Close Chrome. use the Edge browser instead of it for now.

Also DELETE the FIXLIST.txt file I had you save on DESKTOP.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

>

This custom script is for  JSG  only / for this machine only.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups. 

We will use FRST64  on the Desktop  folder to run a custom script.    The system will be rebooted after the script has run.

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  This script will  re-attempt to cleanup all exclusions listed in settings of Microsoft Defender antivirus.

NOTE-2: It will update MS Defender antivirus & do a Quick scan with MS Defender. It will also do 3 other scans

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.
  • Please save the (attached file named) FIXLIST.txt   to the   Desktop   folder

Fixlist.txt           <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Desktop   folder.


RIGHT click on FRST64    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Edited by Maurice Naggar
Link to post
Share on other sites

I have seen the Safety Scanner log. That run re-instated the "anti-spyware" protection of MS Defender. That is the minimal protection of that app. Now then, I still urge you to do all that I listed before. This machine needs it.  Do all listed here https://forums.malwarebytes.com/topic/285897-malaware-blocks-potential-threat-metriqxyz-whenever-chrome-is-started/?do=findComment&comment=1512107

 

Link to post
Share on other sites

This run shows very good progress. Yes, a very good run. Let us do one follow-up that should not take a whole lot of time.

 

[Do a custom scan with Microsoft Defender Antivirus ]

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select CUSTOM scan & then pick the C drive  & have it go forward.

Once it has started the scan phase, you can go take a long break.   Let me know the results.

[  2  ]

make real sure that Chrome is "NOT" set to reload the pages from the last session

Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar

Then look deeper in SETTINGS

image.png.9f59b1a99e5e32db2619eeab22b5a72f.png

Make real sure it is "NOT" set to "continue where you left off"

.

[   3   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[   4   ]

I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

[ 5 ]

Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard. For EDGE , also for Firefox.

See Support article how-to

https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard

For Firefox, get the Firefox extension.
The Windows EDGE browser is capable of using the same extension as the Chrome one. Install Browser Guard on the Edge browser.
Note: If your pc also has Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate).

Link to post
Share on other sites

1 hour ago, Maurice Naggar said:

This run shows very good progress. Yes, a very good run. Let us do one follow-up that should not take a whole lot of time.

 

[Do a custom scan with Microsoft Defender Antivirus ]

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select CUSTOM scan & then pick the C drive  & have it go forward.

Once it has started the scan phase, you can go take a long break.   Let me know the results.

Hi,

I wasn't entirely sure that Defender was shown and available for use but I did the update and Custom Scan so I guess it was? Here are a couple screenshots of the results:

image.jpeg.0b4638f5e4681033711191050da8a42a.jpeg

image.jpeg.fe4c0691150ae55a80ba9228c27c465d.jpeg

 

I haven't touched part 2 onwards yet, I assume it's fine to open Chrome now?

Link to post
Share on other sites

Question for clarity and to be real sure: Did you add the Malwarebytes Browser Guard to Chrome ?
Second:  From where exactly do you launch Chrome ?
From Windows Taskbar shortcut?
from link on Desktop?
from ???

Edited by Maurice Naggar
Link to post
Share on other sites

7 hours ago, Maurice Naggar said:

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

Also, should I turn this back on?

Link to post
Share on other sites

Try this here as a test. 

For Chrome incognito  see   Browse in private - Computer - Google Chrome Help

if Chrome is "having an issue" in standard mode:
You can force Chrome to start in reduced mode, called Incognito mode, by putting a parameter at startup.
First, close any prior instances of Chrome via Task Manager.
Then press Windows-key+R for the RUN option and then put a command line similar to this {do use COPY & PASTE}

chrome.exe -incognito
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.