Jump to content

Website Blocked Due to Trojan


Go to solution Solved by Maurice Naggar,

Recommended Posts

Just Installed Malware Byte today in order to clean my pc from malware, successfully removed the malware but now I am getting a pop-up message From Malware Byte " Website blocked due to trojan".
I've searched enough for the fix on the forms but looks like it involves running a custom script so here I am. I get the message at least 2-3 times every minute, looks like someone is very desperate to use my pc for mining xD.

Please find the pop-up attached below the message.


 

Screenshot 2023-08-01 164555.png

Link to post
Share on other sites

Hello :welcome: @navi1224

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Checking for malware and removing malware often takes several rounds, over a few days. Have much patience. 
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

If possibly you have a browser issue, can you try using a different web browser?
But in any event, always SAVE the downloads I guide you to. Then after download is complete, you go to the file using File Explorer.
and only then, launch it from there.

Let's do one special run  with Malwarebytes Adwcleaner. 
 
It will not take much time, Read over all lines before starting so that you have a good understanding of the whole method. Take your time and go careful. I ant to make sure you select all of what I list below - before- pressing the "scan" button.
 
First download & save it
 
Then go to where the EXE file is saved. Start Adwcleaner.  Do not rush. There are a few first choices to set as I have listed below.
 
Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt.
 
When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status
Delete IFEO keys
Delete tracing keys
Delete Prefetch files
Reset Proxy
Reset IE Policies
Reset Chrome policies
Reset Winsock
Reset HOSTS file
 
ADW-s-1.png.c32838f45f840beb2b835ad51f0a1b7c.png
 
 
ONLY after you have set the selections above ....only after that .....
Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan.
 
 
This can take several minutes.
When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found.
 
AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean.
Click on the “Continue” button to finish the removal process.
 
 
 
Attach the clean log from Adwcleaner when all completed. For example AdwCleaner[C00],txt
There is much more to do even after this.
Link to post
Share on other sites

Hi Maurice,

Thank You for your assistance. I understand that this process can take a good amount of time and i'll be patient. Before we start i just wanted to say that before i posted this article I did some scans on my own but i wont do anything on my own till the process is going.

I performed the scan and got only 1 infections. Attaching the File below. Also if it helps I will attach the log file before our session started ( the settings were not turned on in that one).

C01 is the log file for the scan you told me to do and C00 is the one i did on my own on 1 August.

Hope it helps.

 

AdwCleaner[C00].txt AdwCleaner[C01].txt

Link to post
Share on other sites

Hi. Thank you. I would like a report set for review. This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished. It may take some 10 or so minutes to complete.
Attach the mbst-grab-results.zip from the Desktop to your next reply..

Link to post
Share on other sites

Thank you. August 1 is the most recent scan date with Malwarebytes. Let us take a few minutes to do a new scan.

Do a new scan with Malwarebytes for Windows.

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

Let me know how that goes.    Next, the Malwarebytes scan

Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

MB4_scan_tick_ALL.jpg.d5c4071c62ed66534301fbb217b93bc0.jpg

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.6c45445994d4125c0b617ac7c5551e03.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

😉

Link to post
Share on other sites

AFTER the scan run above has Completed. These are the next actions to do.
Take these actions so that Windows 11 is set to show all hidden files and folders.
Open File Explorer from the taskbar.

Select View > Show > Hidden items.

Select ViewShowFile name extensions

(   2   )


 
Temporarily disable Microsoft SmartScreen to download the next software below 

Download and make real sure you SAVE this file to the Downloads folder.
Need to download & save a copy of the tool FRST64.exe from this link 

(   3   )

Please run the following custom script. Read all of this before you start. 

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will attempt to clear Cache files of web browsers. It attempts to help with the pest 'miner' 2miners(.)com. It will attempt to clear temporary file areas. Depending on the speed of your computer this fix may take 50 minutes or so.

Please Close all open work before you actually do begin this run.

Farbar  FRST64 program location:   Downloads folder. The tool is already on system. That is what we will use.

Please download the attached fixlist.txt file and save it to Downloads

Fixlist.txt <- < - - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

Right-click with your mouse on  FRST64 and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.

next, press the Fix button just once and wait.

You will see a green-color scroll display while FRST64 is running.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.

(   4   )

Keep going and run this report, please.

Go to Downloads folder. RIGHT-click on FRST64 and select 

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.
Edited by Maurice Naggar
Link to post
Share on other sites

Hi Maurice,

Malware Byte Tool: When I first performed a scan a week ago it detected around 40+ infections I guess. None this time. I exported the result for both times and have attached the reply

FRST Tool: Performed the fix and scan, attaching the requested files below.

I am writing this reply after running all the scans and it has been almost 20 minutes or so since I started my laptop and I haven't got that prompt till now which is new cause earlier it would just pop up every 2-3 minutes. I'll keep you posted with the situation.

Scan Report-5 August.txt Fixlog.txt FRST.txt Addition.txt Scan-Report-1Aug.txt

Link to post
Share on other sites

The custom-run is good. The Windows System File Checker has made some corrections.

Windows Resource Protection found corrupt files and successfully repaired them.
This last run has completed what was originally intended. 

Now, a new quick run

Please Close all open work before you actually do begin this run.

Farbar  FRST64 program location:   Downloads folder. The tool is already on system. That is what we will use.

Please download the attached fixlist.txt file and save it to Downloads

Fixlist.txt <- < - - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

Right-click with your mouse on  FRST64 and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.

next, press the Fix button just once and wait.

You will see a green-color scroll display while FRST64 is running.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Link to post
Share on other sites

Hey there,

Updates: That pop-up doesn't come anymore.

Ran the last fix as you asked me to do. Attaching the logs here.

Thanks for your help and assistance so far man, really appreciate it. 

Also please let me know when I can turn back the smart screen, I did turn it back on after the first FRST scan but turned it off before this final scan.

 

Fixlog.txt

Link to post
Share on other sites

  • Solution

Thanks for the report. One executable file needs to be removed. 

Now, a new very, very quick run

Please Close all open work before you actually do begin this run.

Farbar  FRST64 program location:   Downloads folder. The tool is already on system. That is what we will use.

Please download the attached fixlist.txt file and save it to Downloads

Fixlist.txt<- < - - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

Right-click with your mouse on  FRST64 and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.

next, press the Fix button just once and wait.

You will see a green-color scroll display while FRST64 is running.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

As to Smartscreen , while EDGE is opened, use its menu:   

Select Settings and more  > Settings  > Privacy, search, and services .

Under Services, turn Microsoft Defender SmartScreen on

  • Like 1
Link to post
Share on other sites

Alright. It turns out the file was not present, after all. End of worries.

I would recommend getting a readout report as to update status of some key apps.
Temporarily disable Microsoft SmartScreen to download the next software below 

Download SecurityCheck by glax24 from here

and save the tool on the desktop.

                   If Windows's  SmartScreen block that with a message-window, then
                         Click on the MORE INFO spot and over-ride that and allow it to proceed.

                             This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

When all done, you may go back to turn ON the EDGE Smartscreen protection.

  • Like 1
Link to post
Share on other sites

SDecurityCheck has highlighted these programs as needing follow-up action.
Oracle VM VirtualBox 6.1.6 v.6.1.6  Warning! Download Update

Ghostscript GPL 8.64 (Msi Setup) v.8.64  Warning! Download Update
Uninstall old version and install new one.

WinRAR 6.00 (64-bit) v.6.00.0  Warning! Download Update

Picasa 3 v.3.9  Warning! This software is no longer supported.

Discord v.0.0.309  Warning! Download Update
Telegram Desktop v.4.8.10 [+]

VLC media player v.3.0.16  Warning! Download Update

McAfee Security Scan Plus --- if you are not pa=ying for this, if you do not have a license for this, you do not need it.

On the next round, we will do tools cleanup. I am understanding that there have been NO further Block notices about 2miners(.)com. 

To remove the FRST64 tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select

RENAME

& then change it to

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.

Delete mb-support-1.9.1.977.exe
Delete mbst-grab-results.zip on the Desktop.

Adwcleaner you may keep and use as needed.
Any other download file I had you download, you may delete.
Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

I am marking this case for closure.
I wish you all the best. Stay safe.
Sincerely.

Maurice

  • Like 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

  • Like 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.