Jump to content

api.vid-adblocker.com


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello :welcome:  @NadiaSakkaf

I will guide you along on looking for potential malware. The "block" notices ARE keeping machine safe. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply
  • The IP block actions by Malwarebytes are keeping the machine safe from potential threats.
  • I do need the support zip reports to see more detail  
  • Like 1
Link to post
Share on other sites

Thank you. Let's begin with these steps. Take these actions so that Windows 11 is set to show all hidden files and folders.
Open File Explorer from the taskbar.

Select View > Show > Hidden items.

{ Step 2 }

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it
guide & download link

Then be sure to close all web browsers after the download & before launching the tool.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

Guide article

Attach the clean log from Adwcleaner when all completed.

Link to post
Share on other sites

Quick note. Launch Malwarebytes. turn Off the "Show all notifications in Windows notification area".
To view this screen, click the gear icon in the top-right corner of the Dashboard, then click the Notifications tab.

Are you saying, that this machine is in the midst of doing a upgrade of the Operating system ?? IF the answer is Yes, then let me know after that has completed.

Link to post
Share on other sites

When ready, these are next steps. 

This job will run exclusively and also at the end, it will do a Windows Restart ( reboot).

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

We will use FRSTENGLISH.exe  on the Downloads folder to run a custom script.    This script is intended to run SFC to check the system plus, do some cleanup.

This custom script is for  NadiaS Windows 11  only / for this machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt        <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads  folder.


RIGHT click on FRSTENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Be sure to let me know, How is the system at that point.

Edited by Maurice Naggar
Link to post
Share on other sites

One other thing. I believe it is the settings of the Windows File Explorer  ( the way it shows) is likely resulting in your not seeing FRSTENGLISH. Tip: While you are in Windows File Explorer, look for the Search box at the right-side top....then type in FRSTENGLISH.  You should see it.

  • Like 1
Link to post
Share on other sites

Take these actions so that Windows 11 is set to show all hidden files and folders.
Open File Explorer from the taskbar.

Select View > Show > Hidden items.

Select View → Show → File name extensions

Then take your time & retry the run.

NOTE: I will be in and out of here ( off & on) throughout rest of this day. You are still on my radar & in my care. I will return to you as time permits.

Link to post
Share on other sites

Hi again,

So I made sure there is a tick next to show hidden items and next to extensions but it didn't make a difference

Then I deleted all the files downloaded yesterday and started again.

Did a Malwarebytes Adwcleaner scan, found a pub. virus, quarantined it and then downloaded the FixList.txt file again

But this time there was no Frstenglish.exe to be found, did a search, made sure no hidden stuff, but all the same.

Let me know what else I can do

Thanks

Nadia

Link to post
Share on other sites

55 minutes ago, NadiaSakkaf said:

 

Then I deleted all the files downloaded yesterday and started again.

Did a Malwarebytes Adwcleaner scan, found a pub. virus, quarantined it and then downloaded the FixList.txt file again

I do wish you would not have done either of those. If there is a issue from here on out, just Stop and let me know & wait for me. The important thing to know & keep in mind is that the FRST tool and the Fixlist.txt must be in same folder. I typically ask for the SAVE to be on Downloads folder. Do a new download & Save the FRST64.exe. you can simply download & save a new copy of the tool FRST64.exe from this link https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Be very very sure you have FRST64 & Fixlist.txt on the same folder. Then using FRST64 do the custom-fix run like I listed before.

  • Sad 1
Link to post
Share on other sites

Ok. But did you find problems in the log? I think something in chrome keeps sending something once I start the browser becuase the message detected is outbound and it says fraud, what does this mean?

And shouldn’t Malwarebytes scan suffice? Do I need two antivirus softwares?

Do I need to keep all the downloaded stuff from our session?

thanks for everything 

Nadia 

Link to post
Share on other sites

The block message means that a OUTBOUND connection attempt was STOPPED by the protection of Malwarebytes. The potential threat is OUTSIDE out on the internet at the I P address.  The Stop action by the program is keeping your machine Safe from potential harm.

Yes you need to keep any downloads I ask you to get. They are not harmful, Plus, when we finish up the case, I will guide you to a proper removal of same.
NOTE for example, we may need to use FRST64 later.
As to security programs, Avira Security and Malwarebytes are enough.

We have more checks to do.

We need to do more scanning. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. 

Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

  • At screen "Detections occured and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
  • Like 1
Link to post
Share on other sites

17 hours ago, Maurice Naggar said:

Full scan done. Attached is the log.

Nadia

 

 

The block message means that a OUTBOUND connection attempt was STOPPED by the protection of Malwarebytes. The potential threat is OUTSIDE out on the internet at the I P address.  The Stop action by the program is keeping your machine Safe from potential harm.

Yes you need to keep any downloads I ask you to get. They are not harmful, Plus, when we finish up the case, I will guide you to a proper removal of same.
NOTE for example, we may need to use FRST64 later.
As to security programs, Avira Security and Malwarebytes are enough.

We have more checks to do.

We need to do more scanning. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. 

Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

  • At screen "Detections occured and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review

 

ScanLogFullScan.txt

Link to post
Share on other sites

ESET Online scanner found % removed 1 javascript. Good run.

Using just the Chrome browser, signin to your Google account ( if not signed in already)  https://chrome.google.com/
Then go to https://chrome.google.com/sync?
Scroll down the page, press the "CLEAR DATA" button, to clear the Chrome data from your Google account.

[   2   ]

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   3   ]

After that, make real sure that Chrome is "NOT" set to reload the pages from the last session

Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar

Then look deeper in SETTINGS

image.png.9f59b1a99e5e32db2619eeab22b5a72f.png

Make real sure it is "NOT" set to "continue where you left off"

.

[   4   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[   5   ]

Tell me, Today are there any "Block" notice message-windows from Malwarebytes ?

  • Like 1
Link to post
Share on other sites

Hello dear

All steps completed and now as I opened chrome since the cookies were deleted I was signed out as you can see from the image attached. But also as you can see from the image, the same message appeared regarding the outbound data chrome seems to insist on sending on my behalf and which Malwarebytes keeps blocking every time it is attempted, which is almost every two seconds.

If I disable notofications on Malwarebytes as you showed me, obviously I don't get the notification, but since you wanted me to test it, i allowed notification and it was back again as if we have done nothing.

I think what I will do is delete chrome and avoid using it as much as I can.

Thanks for everything, I am unsure there is anything more we can do

Nadia

 

notification.jpg

Link to post
Share on other sites

  • Solution

Better to use Edge  ( rather than Chrome). Watch what you intend, when you say "delete Chrome". If you want to get rid of it, do a regular Uninstall thru Control Panel. and if you do want to use Edge, better to get & use the BRAVE web browser  https://brave.com/

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.