Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET Blocks sync.madnet.ru when specifically visiting reddit?


  • Please log in to reply
7 replies to this topic

#1 HighTide1

HighTide1

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 14 September 2017 - 06:22 PM

Hello everyone. Trying my best to keep my computer clean, but I just wanted a second opinion on this. I've noticed since todag, whenever I visit reddit.com, my ESET antivirus blocks a connection to sync/madnet/ru (replace / with .). This doesn't seem to occur on other sites, but after a run of Adware cleaner, it seems that I had something by the name of Adware.Pokki on Explorer, which I never use in favor of chrome. I'm currently running antivirus scans on the machine, but does anyone have advice on what else I could do? Thanks!


Edited by hamluis, 16 September 2017 - 08:31 AM.
Moved from AV/AM Software to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,889 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:26 PM

Posted 16 September 2017 - 09:19 AM

I use ESET with Firefox and do not have any issues going to reddit.com.

About Pokki

With most Adware/Junkware/PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features (Add/Remove Programs) in Control Panel as explained here or an alternative third party uninstaller like Revo Uninstaller. In many cases, using the uninstaller of the adware not only removes it more effectively, but it also restores many changed configuration settings.

After uninstallation, then you can run specialized tools like Malwarebytes 3.0, Emsisoft Emergency Kit, Hitman Pro, AdwCleaner and JRT (Junkware Removal Tool) to fix any remaining entries they may find. These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants. They also remove related files and folders wherever they hide...to include those within the AppData folder and elsewhere.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 September 2017 - 01:01 PM

Hey quietman7. Nice to hear from you again. I've done some digging around in the Quarantine file for AdwCleaner, and it seems that what it thought was Adware.Pokki was actually a registry key for my HP Power software on my laptop. If you'd be willing, I'd like to upload the quarenting file here so that someone could verify it, as I've never installed Pokki, have JavaScript disabled when browsing, and did not had Adware.Pokki when I last scanned, after which I shut down the laptop and didn't touch until two days ago. I've had AdwCleaner trigger on my laptop's pre-installed software before, so maybe it's the same issue.

On another note, I haven't got the popular on any other machine I've visited reddit with. When I get back to my laptop tomorrow, I'll check to see if the problem continues. Would you know what sync.madnet.ru is? My Google tells me it's something to do with ads?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,889 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:26 PM

Posted 16 September 2017 - 05:07 PM

Sounds like it was a false positive. It is not uncommon for some preinstalled software files to be falsely detected by security scans.

Anytime you suspect a possible false positive or you want a second opinion, submit it to an online services that analyzes suspicious files:About Sync.madnet.ru

See this discussion topic.

BTW, there are number of web resources (URL Link Scanners) which also can be used to check suspicious/unfamiliar sites or get second opinions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 17 September 2017 - 06:21 PM

Hey quiteman7. ESET still blocking sync.madnet.ru whenever I visit reddit, but I'm just not entirely sure why. I screen-capped the warning, along with the certificate information. I can't figure out how to attach it to this post, though, but for a summary of the information:

     - Google Chrome is trying to communicate over a channel encrypted with an untrusted certificate

     - It cannot guarantee that the contacted server (sync.madnet.ru) is legitimate, or if it is masquerading        as this server.

     - The certificate was issued to madnetex.com.

     - The certificate was issued by Let's Encrypt Authority X3.

     - The certificate was valid from 4/22/2017 to 7/21/2017.

 

This issue still only happens on reddit.com, so I'm just not sure why it's happening. I would think any normal Adware would try to run on any website rather than one specifically. Also, the Quarantine file by AdwCleaner was a registry key, not an actual file, so I can't really upload it directly. Searching for the key looks like something for windows Start Menu pins, and if I open it in notepad, though, it looks like it blocked "H P   P o w e r   A s s i s t a n t . l n k" and "H P C M S h o r t c u t . l n k".



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,889 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:26 PM

Posted 17 September 2017 - 07:54 PM

I was referring to submitting possible false file detections to an online services that analyzes suspicious files more as a future reference in case you were not familiar with doing that.

The removal of a registry key may or may not have an adverse affect on installed software...it really depends on what that key was for. Reinstalling the software would correct any issues. However, it AdwCleaner detected it once it most likely will detect it again. As such you may want to report this issue at the official Malwarebytes AdwCleaner Forum so the research team can investigate...be sure to include the log file.

As for ESET still blocking sync.madnet.ru whenever going to reddit, that too you may want to report to their support folks so they can investigate and determine what is going on.I would start with their support forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 18 September 2017 - 05:01 PM

Sorry if I seemed confused. I've used online file scanners in the past for help. I just thought you were saying to put a registry key up there. I've also gone ahead and posted on the ESET support forums for more help, but haven't gotten the topic approved yet, what with the CCleaner issue as of late. Following Bleeping Computer for CCleaner downloads saved my butt on this issue. Also, the removal of the keys doesn't seemed to have effected the software much.

 

Aside from that, is there anything else I can do just to make sure my system is all okay? Still having issues on reddit, and I've run continuous ESET and MalwareBytes scans, in addition to AdwCleaner. Any other advice, or just someway to make sure everything seems okay? Thanks for the help so far.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,889 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:26 PM

Posted 18 September 2017 - 05:52 PM

No need to apologize. Sometimes it is just a miscommunication thing due to writing rather than speaking directly.

If you want a comprehensive look at your system for possible malware by our experts, there are advanced tools which can be used to investigate but they are not permitted in this forum. Just follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users