Web Antivirus - xmr.omine.org [Solved][Closed]

[pedrohenriquegs]

Hello guys, Please, can you help me found whats is in my computer? Some sites i try to access the Kaspersky Total Security perform a block by Web AV to this site, doesn't matter the site, its random. So, I suppose, there something in my PC or in browsers. I already executed a full scan with Total Security and with Malwarebytes. How can I solve this? I attached two screens, at iracing.com I noticed a white border when KTS block the malicious .js Feel free to request to some logs and send procedures. Thanks in advance.

[richbuff]

Welcome. Kaspersky Settings > Additional > Threats and exclusions > Detection types > enable Detect Other Software. and do a databases update > reboot, then do a scan. Clear the contents of your Temp folder, instructions: http://support.kaspersky.com/1161 and then reboot. After that, uninstall any recently installed junk > reboot. After that, uninstall any and all junk toolbars > reboot. Uninstall/disable any and all junk browser add-ons and extensions and plugins in all of your browsers. Remove the junk argument from the target field of the browser shortcut properties. Remove any and all junk search providers in all of your browsers. Then if need be, change your home page, in all of your browsers. How to clean up your browsers: http://support.kaspersky.com/us/viruses/solutions/10319 If you are using a router, reset the router, change the router password to a strong password, enter the correct information according to your internet providers instructions, then clear browser cache and cookies, reboot. Any better after that? If still no go, Please post your GetSystemInfo report link, instructions: https://support.kaspersky.com/common/diagnostics/3632

[pedrohenriquegs]

I already perfomed all actions, the URL keep trying to be open. Attached my GSI in this link: https://www.sendspace.com/file/u39b0n

[Friend]

Hello, pedrohenriquegs Try to use the recommendations of this article https://support.kaspersky.com/common/start/13985 Please upload the report GetSystemInfo here https://anonfile.com/

[Berny]

pedrohenriquegs Here is your GSI link : https://www.getsysteminfo.com/report/32edef4097faa1a8575e32409d656507 Please wait for additional suggestions.

[pedrohenriquegs]

Guys, I've found the issue, was the LastPass Chrome extension, after removing it the malicious site stopped to be accessed. I got that in debug log from Google Chrome. the line if the information, the confirmation come with the extension ID [12472:14916:0505/090143.618:VERBOSE1:network_delegate.cc(32)] NetworkDelegate::NotifyBeforeURLRequest: https:// xmr.omine. org/assets/v7.js [12472:14916:0505/090143.618:VERBOSE1:network_delegate.cc(32)] NetworkDelegate::NotifyBeforeURLRequest: https:// xmr.omine. org/assets/v7.js [11324:19096:0505/090143.626:VERBOSE1:dispatcher.cc(493)] Num tracked contexts: 3 [7376:9500:0505/090143.627:VERBOSE1:v8_context_snapshot.cc(152)] A context is created from snapshot for non-main world [7376:9500:0505/090143.627:VERBOSE1:script_context.cc(94)] Created context: extension id: hdokiejnpimakedhajhdlcegeplioahd frame: 000018AF11903160 URL: context_type: CONTENT_SCRIPT effective extension id: hdokiejnpimakedhajhdlcegeplioahd effective context type: CONTENT_SCRIPT [7376:9500:0505/090143.627:VERBOSE1:script_context.cc(94)] Created context: extension id: (none) frame: 0000000000000000 URL: context_type: UNSPECIFIED effective extension id: (none) effective context type: UNSPECIFIED