Dangerous URL blocked - any-updatea.icu (Apple Push)?

[cfrsh91]

Hello

 

Ever since 7th March 2020 I’ve had notifications from Kaspersky Web Anti-virus for a dangerous URL blocked, sometimes as frequently as every 10/15 mins.

The URL blocked is always the same, with the exception of the alphanumeric extension at the end.

Per my screenshot below, Kaspersky claims that the application generating the alert is Apple Push - but I never had any previous issues with this, only as of 7th March..

Does anyone have any ideas/insight please?

[Flood and Flood's wife]

Hello @cfrsh91, 

Welcome!

It may be due to (early March) Apple allowing push notifications to be used for advertising or it may be due to an extension/addon, or it may be a false positive🤔

To enable us to look at the data, please download/export the 24hr Report, save as a .txt file, 📎 attach to your reply please?

Please post back?

Thank you🙏

Flood🐳

[cfrsh91]

 

Hello @cfrsh91, 

Welcome!

It may be due to (early March) Apple allowing push notifications to be used for advertising or it may be due to an extension/addon, or it may be a false positive🤔

To enable us to look at the data, please download/export the 24hr Report, save as a .txt file, 📎 attach to your reply please?

Please post back?

Thank you🙏

Flood🐳

Hi @FLOOD, thanks for your reply!

I have attached the report as requested.

Hoping to hear from you 🙏

[Flood and Flood's wife]

Hello @cfrsh91, 

You’re most welcome☺ !

Thank you for the report👌

Kaspersky Threat Intelligence Portal advises any-updatea.icu = Categories: Malware: Botnet C&CTrojan.Win32.Waldek.

However, using another scanner, Kaspersky detects as Malware, Forcepoint as Suspicious. 71 other engines rate as clean & 8 engines have no rating. 

• To have the issue analysed, please raise a request with Kaspersky Technical Support, include, the Report, a detailed history, images of the alert(s), a GSI & Windows Log and zip a copy of the application, name the zip archive Malware, add a password & include the password in the information you provide to Kaspersky. 
• After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will communicate with you, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.

Please let us know the outcome when it’s available? 

Thank you🙏

Flood🐳

[Wesly.Zhang]

Hello,

What’s “Apple Push” application? Could you find it and sent it to me via PM?

Regards.

[Behagai]

Hello @cfrsh91, 

Welcome!

It may be due to (early March) Apple allowing push notifications to be used for advertising or it may be due to an extension/addon, or it may be a false positive🤔

To enable us to look at the data, please download/export the 24hr Report, save as a .txt file, 📎 attach to your reply please?

Please post back?

Thank you🙏

Flood🐳

Hi,

this append to me to since 3/17/2020.

i removed all apple apps from my pc.

i attached my report.

it happens every 5 minutes without a way to resolve this.

can you please assist me?

[Flood and Flood's wife]

Hello @Behagai, 

Welcome!

Thank you for the Report👏

• ➡Reset whichever browser the alerts are happening in, to default, by following these steps:

1. Export Bookmarks for that browser.
2. Run Browser Reset & Cleanup, for Chrome, for example: chrome://settings/reset - select & run: Restore settings to their original defaults
3. Run KIS Privacy Cleaner, select all recommended and all strongly recommended actions. 
4. Reboot, restart device, login, start KIS.
5. Recheck the issue?
6. If the issue is happening in all browsers, please let us know?

Thank you🙏

Flood🐳

[Behagai]

Hello @Behagai, 

Welcome!

Thank you for the Report👏

• ➡Reset whichever browser the alerts are happening in, to default, by following these steps:

1. Export Bookmarks for that browser.
2. Run Browser Reset & Cleanup, for Chrome, for example: chrome://settings/reset - select & run: Restore settings to their original defaults
3. Run KIS Privacy Cleaner, select all recommended and all strongly recommended actions. 
4. Reboot, restart device, login, start KIS.
5. Recheck the issue?
6. If the issue is happening in all browsers, please let us know?

Thank you🙏

Flood🐳

Hi @FLOOD and thank you for your kind reply,

This message does not related to any browser, it happens every 1-20 minutes 2-3 messages at a time.

i’m not sure, nut i think it got something to do with a software (or malware) that run’s in the background. 

as i mentioned, i remove all apple software i had (since the application it states that relate to this massage is Apple Push).

so, i’m not sure is you solution will resolve this. 

pls let me know if you think i should try this nevertheless.

[Wesly.Zhang]

Hello @Behagai 

Please the uploaded screenshot and let me know “Apple Push” is belongs to which process.

Regards.

[Flood and Flood's wife]

Hello @Behagai,

You’re most welcome☺ !

Thank you for replying & the information👌

🅰 Is WhatsApp installed? If “yes, please see step 2. Also, I understand your Browsers information, however, please follow the instructions that also includes steps for Browsers. 

🅱 Now you’ve uninstalled all Apple objects, please do the following steps:

Please follow these steps carefully:

• 1 Create a System Restore Point.
• 2 Uninstall Whatsapp (note this is temporary). 
• 3 Export all Bookmarks for all supported browsers.
• 4 Run Chrome Reset & Cleanup: 
• 5 Run KIS Privacy Wizard, select ALL of the following: 
• a] Perform strongly recommended actions,
• b] Perform recommended actions.
• c] Perform additional actions
• At the completion of the Wizard do not select Reboot. 
• 6 Run Windows in Safe Mode
• 7 Delete everything in:

C:\Windows\Temp

C:\Users\YOURNAME\AppData\Local\Temp

• 8 Return to Normal Mode, start KIS.
• 9 Run manual KIS database update - allow it to complete.
• 🔟 Recheck Apple Push Time, Dangerous URL alert?
• If it persists, run the report of Adware Cleaner - do not actually run the clean, post the report here please, in a text file? 

Let us know the outcome please?

Thank you🙏

Flood🐳

 

Mod. Edit  : Restored from Spam folder

[Behagai]

Hello @Behagai 

Please the uploaded screenshot and let me know “Apple Push” is belongs to which process.

Regards.

hi @Wesly.Zhang ,

thank you for your help.

as you can see below - i don’t have apple push…

 

[Behagai]

Hello @Behagai,

You’re most welcome☺ !

Thank you for replying & the information👌

🅰 Is WhatsApp installed? If “yes, please see step 2. Also, I understand your Browsers information, however, please follow the instructions that also includes steps for Browsers. 

🅱 Now you’ve uninstalled all Apple objects, please do the following steps:

Please follow these steps carefully:

• 1 Create a System Restore Point.
• 2 Uninstall Whatsapp (note this is temporary). 
• 3 Export all Bookmarks for all supported browsers.
• 4 Run Chrome Reset & Cleanup: 
• 5 Run KIS Privacy Wizard, select ALL of the following: 
• a] Perform strongly recommended actions,
• b] Perform recommended actions.
• c] Perform additional actions
• At the completion of the Wizard do not select Reboot. 
• 6 Run Windows in Safe Mode
• 7 Delete everything in:

C:\Windows\Temp

C:\Users\YOURNAME\AppData\Local\Temp

• 8 Return to Normal Mode, start KIS.
• 9 Run manual KIS database update - allow it to complete.
• 🔟 Recheck Apple Push Time, Dangerous URL alert?
• If it persists, run the report of Adware Cleaner - do not actually run the clean, post the report here please, in a text file? 

Let us know the outcome please?

Thank you🙏

Flood🐳

 

Mod. Edit  : Restored from Spam folder

@FLOOD thank you again,

can you please clarify what do you mean in 2 - uninstall?

it’s whats app web…

do you mean to log out?

i have an issue this days uploading large mp4 files to youtube and facebook, do you think it may be related to my issue?

thanks!!!

[Behagai]

Hello @Behagai,

You’re most welcome☺ !

Thank you for replying & the information👌

🅰 Is WhatsApp installed? If “yes, please see step 2. Also, I understand your Browsers information, however, please follow the instructions that also includes steps for Browsers. 

🅱 Now you’ve uninstalled all Apple objects, please do the following steps:

Please follow these steps carefully:

• 1 Create a System Restore Point.
• 2 Uninstall Whatsapp (note this is temporary). 
• 3 Export all Bookmarks for all supported browsers.
• 4 Run Chrome Reset & Cleanup: 
• 5 Run KIS Privacy Wizard, select ALL of the following: 
• a] Perform strongly recommended actions,
• b] Perform recommended actions.
• c] Perform additional actions
• At the completion of the Wizard do not select Reboot. 
• 6 Run Windows in Safe Mode
• 7 Delete everything in:

C:\Windows\Temp

C:\Users\YOURNAME\AppData\Local\Temp

• 8 Return to Normal Mode, start KIS.
• 9 Run manual KIS database update - allow it to complete.
• 🔟 Recheck Apple Push Time, Dangerous URL alert?
• If it persists, run the report of Adware Cleaner - do not actually run the clean, post the report here please, in a text file? 

Let us know the outcome please?

Thank you🙏

Flood🐳

 

Mod. Edit  : Restored from Spam folder

@FLOOD thank you again,

can you please clarify what do you mean in 2 - uninstall?

it’s whats app web…

do you mean to log out?

i have an issue this days uploading large mp4 files to youtube and facebook, do you think it may be related to my issue?

thanks!!!

[Behagai]

Hello @Behagai,

You’re most welcome☺ !

Thank you for replying & the information👌

🅰 Is WhatsApp installed? If “yes, please see step 2. Also, I understand your Browsers information, however, please follow the instructions that also includes steps for Browsers. 

🅱 Now you’ve uninstalled all Apple objects, please do the following steps:

Please follow these steps carefully:

• 1 Create a System Restore Point.
• 2 Uninstall Whatsapp (note this is temporary). 
• 3 Export all Bookmarks for all supported browsers.
• 4 Run Chrome Reset & Cleanup: 
• 5 Run KIS Privacy Wizard, select ALL of the following: 
• a] Perform strongly recommended actions,
• b] Perform recommended actions.
• c] Perform additional actions
• At the completion of the Wizard do not select Reboot. 
• 6 Run Windows in Safe Mode
• 7 Delete everything in:

C:\Windows\Temp

C:\Users\YOURNAME\AppData\Local\Temp

• 8 Return to Normal Mode, start KIS.
• 9 Run manual KIS database update - allow it to complete.
• 🔟 Recheck Apple Push Time, Dangerous URL alert?
• If it persists, run the report of Adware Cleaner - do not actually run the clean, post the report here please, in a text file? 

Let us know the outcome please?

Thank you🙏

Flood🐳

 

Mod. Edit  : Restored from Spam folder

@FLOOD thank you again,

can you please clarify what do you mean in 2 - uninstall?

it’s whats app web…

do you mean to log out?

i have an issue this days uploading large mp4 files to youtube and facebook, do you think it may be related to my issue?

thanks!!!

[Behagai]

Hello @Behagai,

You’re most welcome☺ !

Thank you for replying & the information👌

🅰 Is WhatsApp installed? If “yes, please see step 2. Also, I understand your Browsers information, however, please follow the instructions that also includes steps for Browsers. 

🅱 Now you’ve uninstalled all Apple objects, please do the following steps:

Please follow these steps carefully:

• 1 Create a System Restore Point.
• 2 Uninstall Whatsapp (note this is temporary). 
• 3 Export all Bookmarks for all supported browsers.
• 4 Run Chrome Reset & Cleanup: 
• 5 Run KIS Privacy Wizard, select ALL of the following: 
• a] Perform strongly recommended actions,
• b] Perform recommended actions.
• c] Perform additional actions
• At the completion of the Wizard do not select Reboot. 
• 6 Run Windows in Safe Mode
• 7 Delete everything in:

C:\Windows\Temp

C:\Users\YOURNAME\AppData\Local\Temp

• 8 Return to Normal Mode, start KIS.
• 9 Run manual KIS database update - allow it to complete.
• 🔟 Recheck Apple Push Time, Dangerous URL alert?
• If it persists, run the report of Adware Cleaner - do not actually run the clean, post the report here please, in a text file? 

Let us know the outcome please?

Thank you🙏

Flood🐳

 

Mod. Edit  : Restored from Spam folder

@FLOOD thank you again,

can you please clarify what do you mean in 2 - uninstall?

it’s whats app web…

do you mean to log out?

i have an issue this days uploading large mp4 files to youtube and facebook, do you think it may be related to my issue?

thanks!!!

[Behagai]

 @FLOOD thank you again,

can you please clarify what do you mean in 2 - uninstall?

it’s whats app web…

do you mean to log out?

i have an issue this days uploading large mp4 files to youtube and facebook, do you think it may be related to my issue?

thanks!!!

[Flood and Flood's wife]

Hello @Behagai, 

Absolutely, thank you for your reply👌

1. Is Whatsapp application installed? 
2. When “Dangerous URL blocked” alerts happen, which applications are actually active?
3. Which KIS version & patch(x) is installed?
4. What is the OS name, version & build? 

Let us know please?

Thank you🙏

Flood🐳

[Wesly.Zhang]

Hello @Behagai 

Please the uploaded screenshot and let me know “Apple Push” is belongs to which process.

Regards.

hi @Wesly.Zhang ,

thank you for your help.

as you can see below - i don’t have apple push…

 

Hello,

Thank for your reply. Maybe this application ‘Apple Push’ isn't be lanuched by another application now. We should find it, So When Kaspersky detects this threat next time, please look for the process of the Apple Push application in the process list. And let me know the result.

Regards

[Behagai]

Hello,

Thank for your reply. Maybe this application ‘Apple Push’ isn't be lanuched by another application now. We should find it, So When Kaspersky detects this threat next time, please look for the process of the Apple Push application in the process list. And let me know the result.

Regards

i will try, it’s not easy… 

thanks!

[Behagai]

Hello @Behagai, 

Absolutely, thank you for your reply👌

1. Is Whatsapp application installed? 
2. When “Dangerous URL blocked” alerts happen, which applications are actually active?
3. Which KIS version & patch(x) is installed?
4. What is the OS name, version & build? 

Let us know please?

Thank you🙏

Flood🐳

hi @FLOOD , 

thank you again,

1. this is my PC so it’s not installed, it’s WhatsApp web…
2. this is during normal usage… i will try your recommendations and then do a clean reboot and see if any software is working as @Wesly.Zhang recommended, i will try and look during the error if i can see any process running this push.
3. i’m using Kaspersky Security Cloud - Family ver. 20.0.14.1085 (j).
4. my OS is win 10 64bit version 1903 build 18362.778

hope that will assist us…

thanks men!

[Flood and Flood's wife]

Hello @Behagai, 

Thank you. 

• Please also update Windows, 1909 is the latest version - please follow Microsoft recommended guidelines for the process.

Thank you🙏

Flood🐳

[Behagai]

Hello @Behagai, 

Thank you. 

• Please also update Windows, 1909 is the latest version - please follow Microsoft recommended guidelines for the process.

Thank you🙏

Flood🐳

OK will do!

[Wesly.Zhang]

Hello @Behagai, 

Thank you. 

• Please also update Windows, 1909 is the latest version - please follow Microsoft recommended guidelines for the process.

Thank you🙏

Flood🐳

OK will do!

Hello @Behagai 

What’s the situtation now, Please let me know it, Thanks !

Regards.