Comet Posted September 23, 2022 ID:1535071 Share Posted September 23, 2022 (edited) Lately I have noticed a message pop up in my Edge browser's bottom activity bar when certain websites are loading. It says "Waiting on logs.kslogs.ru.." At first I though it was a specific site, then I started noticing it on other sites as well. I wondered if it was an issue with a plug-in, so I ran Firefox in troubleshoot mode, went to those same websites, and didn't see that message pop up. I then reviewed my plug-ins, and found that I had installed these: Privacy Badger HTTPS Everywhere uBlock Origin AutoPlay Stopper F.B.Purity Google Docs Online RegretsReporter Tampermonkey Image dowloader I decided to start uninstalling plugins to see if that would cause the message to disappear. The first one I uninstalled was Image downloader, and the post-uninstall tried to bring me to a web page that was marked as dangerous. After I uninstalled this extension, I again visited those same websites and checked for the "Waiting for logs.klogs.ru.." message, but did not see it. I then went to the extension's entry on the Chrome webstore, as I have it installed on Chrome as well, https://chrome.google.com/webstore/detail/kdbfjpagopjjaiofmgodphiklmjhcnok and it is no longer there. There is an "Image Downloader" extension on the Chrome web store but this is at a different link https://chrome.google.com/webstore/detail/image-downloader/cnpniohnfphhjihaiiggeabnkjhpaldj So, my question is: How concerned should I be about all this? Was "logs.klogs.ru" collecting sensitive information about me? Is it time to start changing passwords? Any information will be appreciated. Microsoft Edge Version 105.0.1343.42 (Official build) (64-bit) Microsoft Windows 10 Home Version 10.0.19043 Build 19043 Thanks. Edited September 23, 2022 by AdvancedSetup Disabled live hyperlink Link to post Share on other sites More sharing options...
1PW Posted September 23, 2022 ID:1535124 Share Posted September 23, 2022 Hello @Comet and : Before your question can be best answered, please allow the forum experts to see some logs: Download the Malwarebytes Support Tool. Typically downloaded to your Downloads folder, open the mb-support-x.x.x.xxx.exe file. In the User Account Control pop-up window, click Yes to continue the installation. Run the MBST Support Tool. In the left navigation pane of the Malwarebytes Support Tool, click Advanced. In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine. A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file in your next reply. Thank you. Link to post Share on other sites More sharing options...
Comet Posted September 23, 2022 Author ID:1535171 Share Posted September 23, 2022 Here are the logs. Thanks. mbst-grab-results.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 27, 2022 Root Admin ID:1535580 Share Posted September 27, 2022 Hello @Comet I'm not seeing an immediate issue. Please run the following Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool How to run a scan with Kaspersky Virus Removal Tool 2020https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced modehttps://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scanhttps://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencryptC:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you Link to post Share on other sites More sharing options...
Comet Posted September 28, 2022 Author ID:1535768 Share Posted September 28, 2022 Here is the log file. I skilled deletion of the two detections to make sure they were not part of my workplace VPN. They were not, so I deleted them. report_2022.09.28_09.36.36.klr.txt Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted September 28, 2022 Root Admin Solution ID:1535789 Share Posted September 28, 2022 Yes, those are not infections. Just possible risk if you were not aware of them. All good It looks like you'll need to do a very thorough cleaning of MS Edge to remove this entry. We can do some automated clean up but it may not find and remove that entry. Please go through ALL the settings in MS Edge and clean up cookies, cache, history, etc then retest and see if having the issue. @Comet Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 4, 2022 Root Admin ID:1536442 Share Posted October 4, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts