Jump to content

Concerned about logs.kslogs.ru


Go to solution Solved by AdvancedSetup,

Recommended Posts

Lately I have noticed a message pop up in my Edge browser's bottom activity bar when certain websites are loading. It says "Waiting on logs.kslogs.ru.." At first I though it was a specific site, then I started noticing it on other sites as well. I wondered if it was an issue with a plug-in, so I ran Firefox in troubleshoot mode, went to those same websites, and didn't see that message pop up. I then reviewed my plug-ins, and found that I had installed these:

  • Privacy Badger
  • HTTPS Everywhere
  • uBlock Origin
  • AutoPlay Stopper
  • F.B.Purity
  • Google Docs Online
  • RegretsReporter
  • Tampermonkey
  • Image dowloader

I decided to start uninstalling plugins to see if that would cause the message to disappear. The first one I uninstalled was Image downloader, and the post-uninstall tried to bring me to a web page that was marked as dangerous. After I uninstalled this extension, I again visited those same websites and checked for the "Waiting for logs.klogs.ru.." message, but did not see it. I then went to the extension's entry on the Chrome webstore, as I have it installed on Chrome as well, 

https://chrome.google.com/webstore/detail/kdbfjpagopjjaiofmgodphiklmjhcnok

and it is no longer there. There is an "Image Downloader" extension on the Chrome web store but this is at a different link

https://chrome.google.com/webstore/detail/image-downloader/cnpniohnfphhjihaiiggeabnkjhpaldj

 

So, my question is: How concerned should I be about all this? Was "logs.klogs.ru" collecting sensitive information about me? Is it time to start changing passwords? Any information will be appreciated.

  • Microsoft Edge Version 105.0.1343.42 (Official build) (64-bit)
  • Microsoft Windows 10 Home Version 10.0.19043 Build 19043

Thanks.

 

 

 

 

Edited by AdvancedSetup
Disabled live hyperlink
Link to post
Share on other sites

Hello @Comet and :welcome::

Before your question can be best answered, please allow the forum experts to see some logs:

  1. Download the Malwarebytes Support Tool.
  2. Typically downloaded to your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine.
  7. A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file in your next reply.

Thank you.

Link to post
Share on other sites

  • Root Admin

Hello @Comet

I'm not seeing an immediate issue. Please run the following

 

 

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool

How to run a scan with Kaspersky Virus Removal Tool 2020
https://support.kaspersky.com/15674

How to run Kaspersky Virus Removal Tool 2020 in the advanced mode
https://support.kaspersky.com/15680

How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan
https://support.kaspersky.com/15681

 


Select the  image.png  Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

image.png

add -dontencrypt   Note the space between KVRT.exe and -dontencrypt

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.
 
image.png


That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr
Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply.

To start the scan select OK in the "Run" box.

A EULA window will open, tick all confirmation boxes then select "Accept"

image.png

In the new window select "Change Parameters"

image.png

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

image.png

Attach the report information as previously instructed...
 
Thank you
 
 

 

 

Link to post
Share on other sites

  • Root Admin
  • Solution

Yes, those are not infections. Just possible risk if you were not aware of  them. All good

It looks like you'll need to do a very thorough cleaning of MS Edge to remove this entry. We can do some automated clean up but it may not find and remove that entry.

Please go through ALL the settings in MS Edge and clean up cookies, cache, history, etc then retest and see if having the issue. @Comet

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.