Yesterday visited a music artist website that had been compromised. You can see the malware installed on the site by viewing Surcuri Site Check's scan: https://sitecheck.sucuri.net/results/jodymcbrayer.com. Looks like an exploit kit but not sure.
So when I went to an interior page it redirected to a site that looked like ransomware and a voice said they had taken my Facebook and other passwords. I did not click any buttons on the screen, but it would not let me X out of Firefox 57.0.1. So I went immediately to Task Manager and forced it to close. I should have unplugged from internet first.
This is a Windows 10 64bit system
Then both Windows Fax and Microsoft Upload Center programs opened on their own. Which freaked me out. I believe I closed them before anything uploaded. When I looked to see what had already uploaded it was blank as if nothing did.
I noticed Windows Defender protection was turned off which I did not have turned off before.
I do not have Java installed on the machine. (A target of exploit kits)
I do not have Adobe Reader installed on the machine (a target of exploit kits) but I have Acrobat Professional which is up to date.
I re-installed Adobe Flash. (A target of exploit kits)
I refreshed Firefox.
I downloaded Malwarebytes and Norton Security Suite. Ran them both and they found nothing. Ran them both in Safe Mode, found nothing. Then I ran Malwarebytes again with rootkit checked and it found a .JPG file it said was actually an .exe. I quarantined it and later deleted it. Subsequent scans in safe mode with rootkit checked have found nothing.
So, my question is, do you think this machine is OK? What else should I do or look for?
I do notice two weird entries in Task Scheduler: User_Feed_Synchronization and DataSenseLiveTileTask but they may be legit.
Should I disable Windows Fax and the Microsoft Upload Center programs? Should I change any key passwords?
Edited by DVideo, 01 December 2017 - 07:51 AM.