NadiaSakkaf Posted October 6, 2022 ID:1536693 Share Posted October 6, 2022 I just installed Malwarebytes and keep getting a message that a website was blocked due to fraud. I want to keep the ad blocker, or if it is harming me I want an alternative. Help. Attached are the logs of the last three activities log3.txt log2.txt log1.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 6, 2022 ID:1536712 Share Posted October 6, 2022 Hello @NadiaSakkaf I will guide you along on looking for potential malware. The "block" notices ARE keeping machine safe. Lets keep these principles as we go along. Removing malware can be unpredictable Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. I would like a report set for review. This is a report only. Please download MALWAREBYTES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply The IP block actions by Malwarebytes are keeping the machine safe from potential threats. I do need the support zip reports to see more detail 1 Link to post Share on other sites More sharing options...
NadiaSakkaf Posted October 6, 2022 Author ID:1536714 Share Posted October 6, 2022 Thank you Maurice, here is the zip file mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 6, 2022 ID:1536721 Share Posted October 6, 2022 Thank you. Let's begin with these steps. Take these actions so that Windows 11 is set to show all hidden files and folders. Open File Explorer from the taskbar. Select View > Show > Hidden items. { Step 2 } Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save itguide & download link Then be sure to close all web browsers after the download & before launching the tool. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner Guide article Attach the clean log from Adwcleaner when all completed. Link to post Share on other sites More sharing options...
NadiaSakkaf Posted October 6, 2022 Author ID:1536738 Share Posted October 6, 2022 Hi again, Done. Found one pup virus, saved the log before quarantining it and then saved the new log under _2 AdwCleaner[C00]_2.txt AdwCleaner[S00].txt Link to post Share on other sites More sharing options...
NadiaSakkaf Posted October 6, 2022 Author ID:1536739 Share Posted October 6, 2022 when I opened chrome again, the same message returned. Here is the log, it repeated almost every minute. I am now updating windows 11, i don't know if this is related. ad.vid-blocker.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 6, 2022 ID:1536758 Share Posted October 6, 2022 Quick note. Launch Malwarebytes. turn Off the "Show all notifications in Windows notification area". To view this screen, click the gear icon in the top-right corner of the Dashboard, then click the Notifications tab. Are you saying, that this machine is in the midst of doing a upgrade of the Operating system ?? IF the answer is Yes, then let me know after that has completed. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 6, 2022 ID:1536796 Share Posted October 6, 2022 (edited) When ready, these are next steps. This job will run exclusively and also at the end, it will do a Windows Restart ( reboot). Please be sure to Close any open work files, documents, any apps you started yourself before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app. We will use FRSTENGLISH.exe on the Downloads folder to run a custom script. This script is intended to run SFC to check the system plus, do some cleanup. This custom script is for NadiaS Windows 11 only / for this machine only. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Be sure to let me know, How is the system at that point. Edited October 6, 2022 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2022 ID:1536878 Share Posted October 7, 2022 I have sent you a message. I do suggest you read that and continue forward with the custom fix script. We will do more later. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2022 ID:1536889 Share Posted October 7, 2022 One other thing. I believe it is the settings of the Windows File Explorer ( the way it shows) is likely resulting in your not seeing FRSTENGLISH. Tip: While you are in Windows File Explorer, look for the Search box at the right-side top....then type in FRSTENGLISH. You should see it. 1 Link to post Share on other sites More sharing options...
NadiaSakkaf Posted October 7, 2022 Author ID:1536892 Share Posted October 7, 2022 Hi Maurice I am not sure what I am doing wrong. I am trying to follow the instructions but it says it can't find the txt file when I can clearly see it. Please see screenshot attached Nadia Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2022 ID:1536901 Share Posted October 7, 2022 Take these actions so that Windows 11 is set to show all hidden files and folders. Open File Explorer from the taskbar. Select View > Show > Hidden items. Select View → Show → File name extensions Then take your time & retry the run. NOTE: I will be in and out of here ( off & on) throughout rest of this day. You are still on my radar & in my care. I will return to you as time permits. Link to post Share on other sites More sharing options...
NadiaSakkaf Posted October 7, 2022 Author ID:1536909 Share Posted October 7, 2022 Hi again, So I made sure there is a tick next to show hidden items and next to extensions but it didn't make a difference Then I deleted all the files downloaded yesterday and started again. Did a Malwarebytes Adwcleaner scan, found a pub. virus, quarantined it and then downloaded the FixList.txt file again But this time there was no Frstenglish.exe to be found, did a search, made sure no hidden stuff, but all the same. Let me know what else I can do Thanks Nadia Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2022 ID:1536921 Share Posted October 7, 2022 55 minutes ago, NadiaSakkaf said: Then I deleted all the files downloaded yesterday and started again. Did a Malwarebytes Adwcleaner scan, found a pub. virus, quarantined it and then downloaded the FixList.txt file again I do wish you would not have done either of those. If there is a issue from here on out, just Stop and let me know & wait for me. The important thing to know & keep in mind is that the FRST tool and the Fixlist.txt must be in same folder. I typically ask for the SAVE to be on Downloads folder. Do a new download & Save the FRST64.exe. you can simply download & save a new copy of the tool FRST64.exe from this link https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Be very very sure you have FRST64 & Fixlist.txt on the same folder. Then using FRST64 do the custom-fix run like I listed before. 1 Link to post Share on other sites More sharing options...
NadiaSakkaf Posted October 7, 2022 Author ID:1536925 Share Posted October 7, 2022 OK. I will do my best. Link to post Share on other sites More sharing options...
NadiaSakkaf Posted October 7, 2022 Author ID:1536930 Share Posted October 7, 2022 It is done... please find attached the log Fixlog.txt 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2022 ID:1536941 Share Posted October 7, 2022 Thanks that is good. 💥 👉 This pc has Avira Security. Could you do a scan with Avira to check for potential viruses or other threats. Link to post Share on other sites More sharing options...
NadiaSakkaf Posted October 8, 2022 Author ID:1536982 Share Posted October 8, 2022 Ok. But did you find problems in the log? I think something in chrome keeps sending something once I start the browser becuase the message detected is outbound and it says fraud, what does this mean? And shouldn’t Malwarebytes scan suffice? Do I need two antivirus softwares? Do I need to keep all the downloaded stuff from our session? thanks for everything Nadia Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 8, 2022 ID:1537016 Share Posted October 8, 2022 The block message means that a OUTBOUND connection attempt was STOPPED by the protection of Malwarebytes. The potential threat is OUTSIDE out on the internet at the I P address. The Stop action by the program is keeping your machine Safe from potential harm. Yes you need to keep any downloads I ask you to get. They are not harmful, Plus, when we finish up the case, I will guide you to a proper removal of same. NOTE for example, we may need to use FRST64 later. As to security programs, Avira Security and Malwarebytes are enough. We have more checks to do. We need to do more scanning. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occured and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review 1 Link to post Share on other sites More sharing options...
NadiaSakkaf Posted October 8, 2022 Author ID:1537033 Share Posted October 8, 2022 Working on it. BTW, I have also installed Malwarebytes on my iphone but not sure if it does scan for viruses. Does it? if not, what can I use to make sure my phone is also protected? Thanks Maurice you are a star Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 8, 2022 ID:1537042 Share Posted October 8, 2022 Hi. For help with your iPhone & that Malwarebytes, refer to this dedicated sub-forum https://forums.malwarebytes.com/forum/245-malwarebytes-for-ios-support/ 1 Link to post Share on other sites More sharing options...
NadiaSakkaf Posted October 9, 2022 Author ID:1537089 Share Posted October 9, 2022 17 hours ago, Maurice Naggar said: Full scan done. Attached is the log. Nadia The block message means that a OUTBOUND connection attempt was STOPPED by the protection of Malwarebytes. The potential threat is OUTSIDE out on the internet at the I P address. The Stop action by the program is keeping your machine Safe from potential harm. Yes you need to keep any downloads I ask you to get. They are not harmful, Plus, when we finish up the case, I will guide you to a proper removal of same. NOTE for example, we may need to use FRST64 later. As to security programs, Avira Security and Malwarebytes are enough. We have more checks to do. We need to do more scanning. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occured and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review ScanLogFullScan.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 9, 2022 ID:1537113 Share Posted October 9, 2022 ESET Online scanner found % removed 1 javascript. Good run. Using just the Chrome browser, signin to your Google account ( if not signed in already) https://chrome.google.com/ Then go to https://chrome.google.com/sync? Scroll down the page, press the "CLEAR DATA" button, to clear the Chrome data from your Google account. [ 2 ] for Chrome, while Chrome is running: Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data: Check mark the line "Browsing history" Check mark the line "Download history" Check mark the lined "Cached images and files" and press Clear Data button ( in blue ) [ 3 ] After that, make real sure that Chrome is "NOT" set to reload the pages from the last session Go into the settings menu of Chrome by first clicking the control icon of Chrome on upper right of the adress bar Then look deeper in SETTINGS Make real sure it is "NOT" set to "continue where you left off" . [ 4 ] See this article on our Malwarebytes Bloghttps://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". [ 5 ] Tell me, Today are there any "Block" notice message-windows from Malwarebytes ? 1 Link to post Share on other sites More sharing options...
NadiaSakkaf Posted October 9, 2022 Author ID:1537122 Share Posted October 9, 2022 Hello dear All steps completed and now as I opened chrome since the cookies were deleted I was signed out as you can see from the image attached. But also as you can see from the image, the same message appeared regarding the outbound data chrome seems to insist on sending on my behalf and which Malwarebytes keeps blocking every time it is attempted, which is almost every two seconds. If I disable notofications on Malwarebytes as you showed me, obviously I don't get the notification, but since you wanted me to test it, i allowed notification and it was back again as if we have done nothing. I think what I will do is delete chrome and avoid using it as much as I can. Thanks for everything, I am unsure there is anything more we can do Nadia Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted October 9, 2022 Solution ID:1537125 Share Posted October 9, 2022 Better to use Edge ( rather than Chrome). Watch what you intend, when you say "delete Chrome". If you want to get rid of it, do a regular Uninstall thru Control Panel. and if you do want to use Edge, better to get & use the BRAVE web browser https://brave.com/ Link to post Share on other sites More sharing options...
Recommended Posts