Jump to content

"Website blocked: xmrig.moneroocean.stream" - Please help


Recommended Posts

@Torama

lthough I will not be directly assisting you, a malware removal expert will be along to assist after you do the following.

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes: Please pay close attention the the instructions in all of the following links.

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point  <<<<< Important.
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup   Windows 8 and newer only <<<<< Important.
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans: Please pay close attention the the instructions in all of the following links.

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes
       RESTART the computer <<<<< Important.
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

Then be patient for the next expert to take your case. <<<<< Important.

 

Thank you

Link to post
Share on other sites

  • Root Admin

Run the following @Torama

Show-Hidden-Folders-Files-Extensions

 

Then run the following

Disable-Fast-Startup  

 

Next,

As your language is French, please follow the directions to rename the Farbar program

OLD NAME:   C:\Users\Julien\Desktop\FRST64.exe

NEW NAME:  C:\Users\Julien\Desktop\FRSTEnglish.exe

 

Then run the Farbar scan as shown and get me NEW fresh logs

 

Scan with Farbar Recovery Scan Tool
https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/

 

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @Torama

 

The logs indicate this computer is being used to download and run pirated software by someone.

In order to best assist you, please uninstall or otherwise remove all cracked, pirated software.

Piracy Guidelines
Malwarebytes does not condone nor support piracy in any shape or form. Any discussion topics that ask for help with pirating software, circumventing copy protection, or any other illegal activities related to copy righted content in any form will be closed and locked. If you feel this is ever done in error, please report the post or PM an Administrator.
 
As a reminder, using pirated software or utilities that allows one to pirate software (e.g. cracks, key generators, registration/license removal, redirection, or workaround utilities, etc.) is not a safe practice and can lead to malware infection, ransomware attack, or even legal action. Because of these risks, we always recommend that you remove any pirated software or pirating utilities before asking for support on our forums in order to improve our ability to best support you and to help protect yourself and your data from malware or other piracy related consequences.

https://forums.malwarebytes.com/terms/

 

 

Please follow the steps below

 

[ 1 ]

Please go to Control Panel, Programs, Programs and Features, Uninstall a program

Then right-click and uninstall the following

  • Bonjour (this program is rarely needed on Windows but often causes networking issues)  
  • Java 8 Update 401 (64-bit) (this is an old version, if needed please always keep Java up to date and remove old versions) 

 

Error: (09/19/2024 12:36:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Julien.local already in use; will try Julien-2.local instead

Error: (09/19/2024 12:36:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Julien.local. Addr 192.168.1.109

 

 

[ 2 ]

Your DNS Servers: 192.168.1.254    

Please consider changing your default DNS server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 5 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6

  • Quad 9 Public DNS  IPv4  9.9.9.9 and 149.112.112.112  IPv6  2620:fe::fe  and  2620:fe::9  (one of the best for most users)
  • Google Public DNSIPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • CloudflareIPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNSIPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCHIPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b


The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

[ 3 ]

Please make the following change in Malwarebytes if you're using the Premium or Trial version

  • Please open Malwarebytes. Click on the small gear icon to open the Settings and go to the General tab.
  • Then turn off "Always register Malwarebytes in the Windows Security Center"
  • Restart the computer

 

 

[ 4 ]

I would recommend removal of the following software

Driver Booster 11

If a driver does need updating, please visit the manufacturer website for updates.

 

[ 5 ]

I would recommend that you consider using another Web browser. The Opera browser used to be a great alternative browser but today it does not care about your privacy.

Using Firefox or Brave would be a much better, safer option, but the choice is yours.

 

[ 6 ]

 

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\Julien\Downloads\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
                Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

Overall the fix ran well @Torama

Please run the following AV scan

 

 

Lets try another scanner:

ESET Online Scanner

Please run the following and perform a Full Scan
 
Click the following link to save the installer for ESET Online Scanner
https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get started.
  • When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
  • On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
  • When prompted for scan type, Click on the Full Scan button
  • Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
  • Have patience.  The entire process may take a few hours or more.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log and give it a name and location you remember.
  • If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
  • Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.


 
Note: If you do need to do a File Restore from ESET please follow the directions below
[KB2915] Restore files quarantined by the ESET Online Scanner version 3
https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner
 
Please attach the ESET scan log you saved at the end to your next reply

Link to post
Share on other sites

  • Root Admin

Thank you for the log. The ESET scanner found a few threats and removed.  @Torama

Please RESTART the computer and then run the following to get me NEW fresh logs

 

Scan with Farbar Recovery Scan Tool
https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/


Scan with FSS Farbar Service Scanner
https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/


Scan with SecurityCheck by glax24
https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/

 

 

 

Link to post
Share on other sites

  • Root Admin

Overall the logs look pretty good @Torama

 

Please Uninstall, Update, or otherwise address the following as appropriate for your computer

  1. Audacity 3.4.2 v.3.4.2 Warning! Download Update
  2. Discord v.1.0.9034 Warning! Download Update
  3. iTunes v.12.13.2.3 Warning! Download Update | ^Please use Apple Software Update tool.^
  4. Microsoft Silverlight v.5.1.50918.0 Warning! This software is no longer supported.
  5. Opera GX Stable 112.0.5197.115 v.112.0.5197.115 Warning! Download Update
  6. VLC media player v.3.0.20 Warning! Download Update

 

Then RESTART the computer and check for Windows Updates and install any found

 

How is the computer running now?

Are there still any signs of infection or any other unresolved issues?

 

Link to post
Share on other sites

  • Root Admin

Excellent, glad to hear all is well again. I'll go ahead and close your topic now and wish you well.

Please follow the directions below to remove the logs and tools we've used. If any are still left after that you can manually uninstall or delete them.

Take care and stay safe out there. Try to follow as much of the advise below as you can as well.

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt. You can close it.

 

We're glad that we were able to assist you.

 

The following information will help you to keep your computer and data safer as well as improve your overall privacy

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/780233/best-password-manager/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download     https://patchmypc.com/about-us
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity

 

Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.