I keep ketting the message website blocked due to malware magiccopy.xyz

[raptor003]

I keep on getting this message:
Walwarebytes
Website blocked due to malware
Learn about malware. If you don't want to block this website, you can exclude it from website protection by accessing Exclusions.
Domain:    magiccopy.xyz
IP Address:    103.224.182.251
Port:    443
Type:    Outbound
File:    C:\Program Files\Google\...e\Application\chrome.exe

I did a complete reset of the setting of Google Chrome on my Windows 11 PC.
But I keep on getting these messages.

What can I do to solve it?

[raptor003]

I don't use magiccopy.
Maybe I have used it in the past but not anymore.

[AdvancedSetup]

Hello @raptor003 

Please clean up Google Chrome. After you've finished cleaning Google Chrome run the other scans too.

 

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome

Resetting Google Chrome to clear unexpected issues
 

 

Then run the following after cleaning Chrome

 

 

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

• If you have not done so already - Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans:

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes 
      RESTART the computer
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
    

Example image of where to click to attach files when posting your reply

 

Thank you

 

[raptor003]

Thanks for the support.
I did the scans you recommended.
The "FRST.txt" file and the "Addition.txt" file are in the attachment.
I still keep getting the message: website blocked due to malware magiccopy.xyz
I remember I have used magiccopy.xyz in the past.
But it is not longer installed on any of my devices. Windows Android or iOS.
 

FRST.txt Addition.txt

[AdvancedSetup]

Where is the Malwarebytes scan log and the AdwCleaner scan log? @raptor003

 

[raptor003]

Here they are in the attachment.

Malwarebytes scan.txt AdwCleaner[C00].txt AdwCleaner[S00].txt

[AdvancedSetup]

Thank you for the logs

Did you clean Google Chrome as I showed you?

 

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome

Resetting Google Chrome to clear unexpected issues
 

Thank you

 

[raptor003]

I did a complete reset of Google Chrome.
I also reinstalled Google Chrome.
I started following this tutorial:


 

But I don't understand it.
Why make a backup of my bookmarks, and paswords and extensions?
This is linked to my Google account.
If I buy a new Windows PC.
I just have to download Google Chome and login to my Google account, and all my bookmarks, passwords, and extensions will be there.

 

[raptor003]

Here are two other files from scans that I did.

mbst-fix-results.txt magiccopy.xyz.txt

[raptor003]

I did remove all the extensions. 
Than I did a complete reset of Google Chrome.
I also reinstalled Google Chrome.
Afterwards I reinstalled only the extensions that I want.

[raptor003]

If there is no easy fix I will to a complete reinstall of Windows 11 and install all my programs.
I'm pretty sure this will fix the issueu "keep getting the message website blocked due to malware magiccopy.xyz".
But it takes me 5 hours to do a clean install so I would prefere a quick fix. 

[raptor003]

I'm afraid if I follow the tutorial that I will loos some important data. Like all my online stored data on Google Keep.

[raptor003]

I only did a scan this way (like I always do).
Would it help to do Advanced scanners?


And what options to select?
 

[AdvancedSetup]

You don't need a custom scan.

We'll try some other scanners to try and clean the computer.

Please run the following

 

Please run the following ESET Online Scanner and perform a Full Scan

 

Click the following link to save the installer for ESET Online Scanner

https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

• It will start a download of "esetonlinescanner.exe"
• Save the file to your system, such as the Downloads folder, or else to the Desktop.
• Go to the saved file, and double click it to get started. 
• When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
• On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
• When prompted for scan type, Click on the Full Scan button
• Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
• Have patience.  The entire process may take a few hours or more.
• When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
• Click The blue “Save scan log” to save the log and give it a name and location you remember.
• If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
• Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
• Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Please attach the ESET scan log you saved at the end to your next reply

 

[David H. Lipman]

On 4/1/2024 at 3:02 PM, raptor003 said:

I don't use magiccopy.
Maybe I have used it in the past but not anymore.

It is the name of a Website on the .XYZ TLD (known for an abundance of malicious sites)

Any web site can be named anything and may or may not reflect a PC software.

In this case the web site is a malvertiser.  A web site used to specifically redirect to malicious advertisements (aka; malvertising).

Edited April 3 by David H. Lipman
Edited for content, clarity, spelling and/or grammar

[raptor003]

I did a full scan with ESET Online Scanner and noting was find.
Can it be that the malware 

-Website Data-
Category: PUP
Domain: magiccopy.xyz
IP Address: 103.224.182.251
Port: 443
Type: Outbound
File: C:\Program Files\Google\Chrome\Application\chrome.exe

Was first removed with Malwarebytes?

And that that is the reason why noting was find with ESET Online Scanner?

Maybe I have to disable Malwarebytes for a day.
And than whyle Malwarebytes is disabled doing a scan.

[AdvancedSetup]

Maybe you download Firefox and use it for a day and see if you have the same issue. I'm betting you don't.

 

[raptor003]

My computer crashed. I couldn't type anyting anymore or my mouse cursur.
I had to do a complete reinstall of Windows 11 and all of my programs.
So is was a serious problem.
I I have a computer problem with malware or virusses, I alway and up having to do comlete reinstall of Windows and all of my programs.
This is my exerience over the years.

[raptor003]

So if you are correct I will still get this message "website blocked due to malware magiccopy.xyz"
After I did a clean insall of Windows 11 an reinstalling Google Chrome an tun on sync?

[AdvancedSetup]

You tell me. After the reinstall do you still get the block message from Malwarebytes?

 

[raptor003]

So far, I haven’t received the block message again. I’m looking for an efficient method to back up my programs and files. This will enable me to swiftly reinstall Windows 11 and restore all my programs. By doing so, I can avoid spending 5 hours and wasting time attempting to resolve the issue in other ways.

[AdvancedSetup]

Please see the following

Backup Software
https://forums.malwarebytes.org/index.php?/topic/136226-backup-software

 

[raptor003]

What do you think about EaseUS ToDO PCTrans?
It has good reviews online.

[Porthos]

1 hour ago, raptor003 said:

What do you think about EaseUS ToDO PCTrans?
It has good reviews online.

That software is not backup software. It is used to transfer from an old PC to a new PC.

Those types of programs are rarely 100% effective and I will never use or recommend them personally.