Jump to content

h.parrable.com Trojan


Recommended Posts

I have recently been inundated with messages mentioning the Blocked Website h.parrable.com (like more than a few others, going by a cursory scan down these forums/reddit over the past month). 

It doesn't happen on every site I visit, but, rather, those that I would call "ad-heavy" (the wikia's being prime examples) with lots of banners and popups and whatnot. All instances are Outbound, Blocked, Classified as a Trojan through Port 443, and for the same IP Address (35.196.86.86) which I checked on Joes/Virustotal. 

My assumption is that the h.parrable site is compromised in some sort of socgholish-esque shenanigannery; the ads under said compromised purview were meant to take me to download something scuzzy; and Malwarebytes blocked everything - but I'm in no way shape or form an expert and wanted to double check. (Adw/Malwarebytes/Defender all turned up nothing and I manually checked tmp files). 

Link to post
Share on other sites

Hi. 

For Your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".
A "malicious website blocked" is entirely different from a "malware detected" event.

The website  Block message indicates that a potential risk was blocked by the malicious website protection.
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Web protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
 
See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true
 
Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.
On Outbound blocks, any attempted connection was stopped.
 
No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).
 A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, or Discord app, or SKYPE or Peer-to-peer software, to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert.

First action step: 

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it
guide & download link

Then be sure to close all web browsers after the download & before launching the tool.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

Guide article

Attach the clean log from Adwcleaner when all completed.

  • Like 1
Link to post
Share on other sites

After that, these are next action steps. 

[   1   ]

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   2   ]

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply
  • The IP block actions by Malwarebytes are keeping the machine safe from potential threats.
  • We do need the support zip reports to see more detail  ( the screen grabs just do not have full details + those screens give no clue as to what processes are running.
  • NOTE: This thread-topic is ONLY for "ScotchDuctTape".  All others needing help must have their own separate thread=topic.
  • Thanks
Link to post
Share on other sites

Unfortunately my computer contains sensitive programs/information for my work and I don't believe I can send un-edited FRST files; they would have to be manually edited.

To be honest I'm starting to believe the issue lies with some banner ad on the sites I've visited - if I turn on ublock Origin and visit I receive no pop up ad, no videos in the side headers - and no MBAM RTP Detection. But the second I turn it off, some stupid video ads pop up .... and voila, Malwarebytes once again has blocked an Outbound Connection to h.parrable.com at the IP Address 35.196.86.86. 

Based on what you wrote initially in regards to further actions - As all these attempts are from the same IP address and I've noticed no signs of infection on my own computer (and neither has Eset, F-Secure, Adware, Malwarebytes, or Windows Defender) I'm inclined to think their isn't an underlying piece of malware on my end causing it; especially considering the prevalence of this issue at the moment (think I'm like the fourth one to ask for help on this forum alone). 

Don't wanna keep tilting at windows if this is some corrupted server-side bit of hooey I'll never be able to affect or change, lol

 

Link to post
Share on other sites

I sincerely suggest you run the support tool and provide me the zip file so I provide you customised help.

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply
Link to post
Share on other sites

Unfortunately I'm unable to send and FRST/system level readouts (even asked HR and nope, violates company blah blah blah). The incompetence of our in house IT is why I'm trying to solve this on my own, lol, but I completely understand if that means you can't help me anymore, no worries!

I do have one or two general questions, if you don't mind - I've been following the advice given to others and my computer doesn't have any suspicious zero byte exe files (the ones that exist are for legitimate processes like Xbox on PC/Python/Office/Winget). Although if you think I should just go ahead and delete them I wouldn't mind. Furthermore, blocking popups completely and totally shuts down the issue. No ads play; no Outbound connection. 

I have done a clean wipe and install of chrome (just to be safe) reset every password stored on this computer (to be neurotically hyper safe, lol) and did a System Restore to a week back. Ran system file checker (which did repair a few files) twice to confirm repairs were completed (which they were). 

I suppose I could do a clean boot and Windows reinstall to be perfectly sure ... but honestly since I don't get any RTP Detections anymore with uBlock I'm wondering if that might be overkill?

Link to post
Share on other sites

Please you have to understand that if you do not provide the requested reports, that then I really cannot help you much.
You also should know that none of the reports provide any content of any of your files.
So.... all I will suggest is that you may consider bringing up a elevated Powershell command prompt, and then apply the tip so that the IP address is set to be blocked on the Windows firewall rules.
Open an elevated Powershell window i.e. run Powershell Prompt as an administrator .

On the Taskbar Search box, type in

powershell.exe

click the line for "run as administrator"


It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  for the whole line, as-is
On that Powershell prompt,  Copy & Paste this command   ( one line at a time )

New-NetFirewallRule -Direction Inbound –LocalPort Any -Action Block -RemoteAddress 35.196.86.86

 

press Enter-key on keyboard to apply

New-NetFirewallRule -Direction outbound –LocalPort Any -Action Block -RemoteAddress 35.196.86.86

press Enter-key on keyboard to apply

Close / Exit Powershell window

The other best tip is to insure that each web browser is emptied of the CACHE files and temporary files.
https://www.lifewire.com/how-to-clear-cache-2617980#toc-edge-clear-browsing-data

I do wish you well. I am closing this specific thread-topic.
 

Edited by Maurice Naggar
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.