Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious Website Blocked


  • Please log in to reply
9 replies to this topic

#1 steve77265

steve77265

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sandy, Tennessee
  • Local time:11:48 PM

Posted 28 July 2016 - 08:03 AM

Hi all,

 It was suggested that I move this request here for help? Not real familiar with this site, I have only done some reading here (great info available!)   

I am running an upgraded version of WIN10 Home. I downloaded a PDF install file (Adobe it said?) and since then I keep getting a small warning in lower right side saying "Malicious Website Blocked" and then I get redirected to some other site (varies which site). Sometimes it will freeze up, sometimes I can close the redirected window and will continue to the site I requested? I can work around it, to some degree, but it is really getting irritating. I have files for MBAM, FRST and Addition available if that helps?

Thanks for any help,

Steve77265 


Edited by steve77265, 28 July 2016 - 08:26 AM.


BC AdBot (Login to Remove)

 


#2 Ant_Teh_Nee

Ant_Teh_Nee

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 AM

Posted 28 July 2016 - 01:44 PM

Hello, and welcome to the forums. 

 

Please be warned that I am only a member. I may only be able to assist you so far. If I can't help you, try and get someone of a higher status to help instead.

 

This appears to be adware. Lucky for you, adware removal is my specialty.

 

Note: I am not entirely aware about functions with Windows 10.

 

 

First off, let's see if we can stop the ads.

 

1. Install Adblock Plus. This should be able to stop the redirects and prevent further infection. Download link: https://adblockplus.org/

 

2. Install and run AdwCleaner. This will detect and delete most adware on the machine. Choose to reboot when finished. Download link: http://www.bleepingcomputer.com/download/adwcleaner/

 

3. Download and run Malwarebytes Anti-Malware. Be sure the database is up to date. Run a CUSTOM SCAN by clicking "Scan" and then clicking "Custom Scan". Checkmark all drives on the computer and enable scanning rootkits (Mid left). Run the scan and post the log here. Download link: https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

 

Finally, please tell me the default browser you are using. This will help in the removal process.

 

Also, be sure to send me the logs of AdwCleaner and Malwarebytes.

 

Happy Surfing!


Edited by Ant_Teh_Nee, 28 July 2016 - 01:45 PM.


#3 steve77265

steve77265
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sandy, Tennessee
  • Local time:11:48 PM

Posted 28 July 2016 - 10:21 PM

Hi Ant_Teh_Nee,

  Thanks for the welcome and the help! I did have Adwcleaner and Malwarebytes. I had run both yesterday neither had found anything, but I did redownload Adwcleaner and it still found nothing. Malwarebytes has had a few updates today and I am running it now, but seems very slow? It has found a few pups that it hadn't before. I will post Adwcleaner file below and Malwarebytes file tomorrow. .

Thanks Again , I don't see how to attach it? 

Steve

 

# AdwCleaner v3.311 - Report created 02/11/2014 at 14:51:56

# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cheryl - CHERYL-HP
# Running from : C:\Users\Cheryl\Desktop\adwcleaner_3.311.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.111
 
[ File : C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4478 octets] - [17/05/2014 09:55:59]
AdwCleaner[R1].txt - [1037 octets] - [31/05/2014 06:58:00]
AdwCleaner[R2].txt - [1520 octets] - [20/09/2014 16:59:06]
AdwCleaner[R3].txt - [1169 octets] - [02/11/2014 14:50:21]
AdwCleaner[S0].txt - [4613 octets] - [17/05/2014 09:57:16]
AdwCleaner[S1].txt - [1103 octets] - [31/05/2014 06:58:45]
AdwCleaner[S2].txt - [1593 octets] - [20/09/2014 17:01:20]
AdwCleaner[S3].txt - [1237 octets] - [02/11/2014 14:51:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1297 octets] ##########
# AdwCleaner v5.201 - Logfile created 28/07/2016 at 18:34:42
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-28.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Steve - CHERYL-HP
# Running from : C:\Users\Cheryl\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [4908 bytes] - [27/07/2016 09:28:28]
C:\AdwCleaner\AdwCleaner[C2].txt - [2704 bytes] - [28/07/2016 18:25:23]
C:\AdwCleaner\AdwCleaner[R0].txt - [4478 bytes] - [17/05/2014 12:55:59]
C:\AdwCleaner\AdwCleaner[R10].txt - [14455 bytes] - [25/07/2016 15:37:15]
C:\AdwCleaner\AdwCleaner[R11].txt - [14579 bytes] - [25/07/2016 17:12:05]
C:\AdwCleaner\AdwCleaner[R1].txt - [1037 bytes] - [31/05/2014 09:58:00]
C:\AdwCleaner\AdwCleaner[R2].txt - [1520 bytes] - [20/09/2014 19:59:06]
C:\AdwCleaner\AdwCleaner[R3].txt - [1169 bytes] - [02/11/2014 17:50:21]
C:\AdwCleaner\AdwCleaner[R4].txt - [1884 bytes] - [02/08/2015 12:48:58]
C:\AdwCleaner\AdwCleaner[R5].txt - [11451 bytes] - [26/06/2016 17:48:42]
C:\AdwCleaner\AdwCleaner[R6].txt - [18778 bytes] - [30/06/2016 20:18:20]
C:\AdwCleaner\AdwCleaner[R7].txt - [11516 bytes] - [09/07/2016 22:10:33]
C:\AdwCleaner\AdwCleaner[R8].txt - [13600 bytes] - [25/07/2016 08:20:38]
C:\AdwCleaner\AdwCleaner[R9].txt - [13722 bytes] - [25/07/2016 08:38:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [4613 bytes] - [17/05/2014 12:57:16]
C:\AdwCleaner\AdwCleaner[S10].txt - [14518 bytes] - [25/07/2016 15:41:16]
C:\AdwCleaner\AdwCleaner[S11].txt - [14642 bytes] - [25/07/2016 17:16:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [5961 bytes] - [31/05/2014 09:58:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [4136 bytes] - [20/09/2014 20:01:20]
C:\AdwCleaner\AdwCleaner[S3].txt - [3399 bytes] - [02/11/2014 17:51:56]
C:\AdwCleaner\AdwCleaner[S4].txt - [1877 bytes] - [02/08/2015 12:50:07]
C:\AdwCleaner\AdwCleaner[S5].txt - [7358 bytes] - [26/06/2016 17:51:22]
C:\AdwCleaner\AdwCleaner[S6].txt - [11602 bytes] - [30/06/2016 20:26:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [11578 bytes] - [09/07/2016 22:13:42]
C:\AdwCleaner\AdwCleaner[S8].txt - [13662 bytes] - [25/07/2016 08:29:27]
C:\AdwCleaner\AdwCleaner[S9].txt - [13784 bytes] - [25/07/2016 08:43:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3914 bytes] ##########


#4 steve77265

steve77265
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sandy, Tennessee
  • Local time:11:48 PM

Posted 29 July 2016 - 02:23 PM

Hi Ant_Tee_Nee,

 Here is the Mbam log: (it told me it removed 5 pups)  I see no change in the laptops behavior, it still does redirect me sometime and the Malicious website blocking every time I try to go somewhere?

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 7/29/2016
Scan Time: 1:57 PM
Logfile: Mbam 7 29 2016.txt
Administrator: Yes
 
Version: 0.0.0.0000
Malware Database: v2016.07.29.09
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Steve
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 525845
Time Elapsed: 3 hr, 33 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#5 Ant_Teh_Nee

Ant_Teh_Nee

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 AM

Posted 29 July 2016 - 02:44 PM

Your computer looks clean, but we know that isn't the case. This could be a bit more than adware.

I am unable to get to my computer at this time, but here are a few things you can try in the meantime.

Have you attempted to restart the computer after the scan?

Did you install AdBlock Plus to your browser?

Try looking at your browser extensions. See if there is anything odd there. If there is something that looks suspicious there, remove it from your extensions and restart your browser.

I'm still waiting on what default browser you use. Do you know?

I'll be able to help you further soon.

Good luck!

#6 steve77265

steve77265
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sandy, Tennessee
  • Local time:11:48 PM

Posted 30 July 2016 - 08:58 AM

Hi, Ant_Teh_Nee,

 Sorry, I have to type this out and try to post 4/5 times before I can get it to post, and through all that, I sometimes forget to include everything that I had in it the first time! I am using Google Chrome Version 52.0.2743.82 m (as best I can...lol) Yes, I did install Adblock plus then ran Adwcleaner and did the reboot and then Malwarebytes and reboot. I was getting around a little better (less redirecting) right after install Adblock plus, but back to about the same at this time (as best I can recall)

Question, If I transfer my pics and few few documents to a flash (USb) will I be transferring this virus with me?     I am copying this to me the redo a lot easier...lol



#7 steve77265

steve77265
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sandy, Tennessee
  • Local time:11:48 PM

Posted 30 July 2016 - 09:01 AM

One thing I forgot...again! I can't get chrome to let me look at my extensions, any thoughts on that? (it redirects and/or just acts like I did not click on it?) 

Thanks,

Steve



#8 Ant_Teh_Nee

Ant_Teh_Nee

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 AM

Posted 31 July 2016 - 12:50 PM

Sorry for being gone for so long, I was busy.

 

Because something is blocking access to the extensions, that could be source of the problem. You could get into the chrome folder to delete them, but you wont know which one you are deleting because you must find the code number to delete the right one.

 

Try uninstalling Google Chrome and any other affected browsers and reinstall them. This should remove all extensions from the browsers. However, you will need to reinstall AdBlock Plus.

 

You should be safe transferring things to a flash drive. On occasion, however, the virus may copy itself to the flash drive and infect the receiving computer.

 

Let me know how it goes.

 

Edit: I found an alternative. Try installing Avast! Free. This is a antivirus with all sorts of features for problems like this. Install it and run a Smart Scan. This should find anything odd on the computer, including bad browser add ons. I don't reccomend it very often becuase it lags computers sometimes because of it's deep scanning real-time protection. Download link: https://www.avast.com/download-software


Edited by Ant_Teh_Nee, 31 July 2016 - 12:57 PM.


#9 steve77265

steve77265
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sandy, Tennessee
  • Local time:11:48 PM

Posted 31 July 2016 - 04:08 PM

Hi Ant_Teh_Nee,

 Ok, I uninstalled and reinstalled Chrome, AdBlock stayed on and is active, but no change in Chrome. I ran Avast free, but no virus or extension issues found! It wants me to uninstall McAfee (I did not!) and I updated a few apps. Avast did install their free Browser, it will run without any problems, so I do think the issue is in the Chrome browser extensions, however I still can't get to them? I have not transferred anything to a flash drive yet, i would rather not, (long process) but if a clean install is required, I will have to buy a disk, and if transferring the issue is still a possibility,  I would prefer trying any other thoughts/suggestions?   

Thanks,  

Steve



#10 steve77265

steve77265
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sandy, Tennessee
  • Local time:11:48 PM

Posted 01 August 2016 - 05:09 PM

Hi,
 Just an FYI, I worded the question on google for "no extension access on Chrome" and found other people that had this complaint/issue. All that is required is a cleanup tool from google? I got it below: https://www.google.com/chrome/cleanup-tool/ Be sure to run the reset at the end! 
 
Thanks again for all the help, Ant_Teh_Nee 
 
BTW, all I removed was 2 Java extensions? and all is well? (I was guessing, but it worked?)
Steve





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users