Neo_Rules Posted July 26 ID:1651295 Share Posted July 26 I installed Inkscape from the microsoft store. Shortly after I closed the app I started getting the following on all my browsers, Website blocked due to malware If you don't want to block this website, you can exclude it from website protection by access Exclusions. Port: 443 Type: Outbound File: c:\Program Files\Google\Chrome\Application\chrome.exe and here is the log: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/26/2024 Protection Event Time: 4:00 PM Log File: 0e3fd126-4b92-11ef-b6c6-a036bc20d53d.json -Software Information- Version: 5.1.6.117 Components Version: 1.0.1280 Update Package Version: 1.0.87172 License: Premium -System Information- OS: Windows 11 (Build 22631.3880) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Malware Domain: IP Address: Port: 443 Type: Outbound File: C:\Program Files\Google\Chrome\Application\chrome.exe (end) What's weird is there is no outbound website or IP address for the destination? Or is that normal? And most importantly is this just a false positive? Thanks JC Link to post Share on other sites More sharing options...
Neo_Rules Posted July 26 Author ID:1651299 Share Posted July 26 Two things of interest. 1) now occasionally Port 41732 pops up. 2) everytime I return to the malwarebytes forum I have to reset my password. I currently have google sync off but that was just so I could perform the clear data on sync on google. Currently running eset online scanner to see if it finds anything different. Thanks again JC Link to post Share on other sites More sharing options...
Neo_Rules Posted July 26 Author ID:1651301 Share Posted July 26 I also noticed that this post has been moved to false positives? I don't know if it is a false positive and the heading for this part of the board warns against reporting unverified false positives. So? now I am really confused. Is this a false positive and y'all moved my post without telling me it was a FP or ? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 26 Root Admin ID:1651316 Share Posted July 26 Hello @Neo_Rules I'm not sure if it's a False Positive or not. I've moved your topic to the Malware Removal forum where we'll run some scans and see what we find. Please run the following for me. Scan with SecurityCheck by glax24 https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/ Scan with FSS Farbar Service Scanner https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/ Scan with Farbar Recovery Scan Tool https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/ Scan with Malwarebytes https://forums.malwarebytes.com/topic/304827-scan-with-malwarebytes/ Scan with AdwCleaner https://forums.malwarebytes.com/topic/304822-scan-with-adwcleaner/ Thank you Link to post Share on other sites More sharing options...
Neo_Rules Posted July 27 Author ID:1651347 Share Posted July 27 I have run all of the above. I have not had any popups since I turned off Google sync. I will send the logs and turn sync back on and see what happens. AdwCleaner[C00].txt AdwCleaner[S00].txt Malwarebytes Scan Report 2024-07-26 230603.txt Addition.txt FRST.txt FSS.txt Link to post Share on other sites More sharing options...
Neo_Rules Posted July 27 Author ID:1651350 Share Posted July 27 I turned sync back on and all seemed ok. I then logged into another google window with one of my other accounts and viola it came back. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 27 Root Admin ID:1651354 Share Posted July 27 Please do the following Please make the following change in Malwarebytes if you're using the Premium or Trial version Please open Malwarebytes. Click on the small gear icon to open the Settings and go to the Security tab. Then turn off "Always register Malwarebytes in the Windows Security Center" Restart the computer Then run the following. NOTE: All devices that run Google need to be cleaned, including any phones Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome Resetting Google Chrome to clear unexpected issues Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 27 Root Admin ID:1651355 Share Posted July 27 Then run the following AV scan Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 5 Root Admin ID:1653151 Share Posted August 5 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts