Operating System
Windows 7
Infection date and initial symptoms
Around April or May this year. Captcha was blocked on google.com.
Current issues and symptoms
Captcha is no more blocked on google.com, but now captcha is blocked on facebook for two days. (Details in the description.)
Steps taken in order to remove the infection
1) I have registered Kaspersky installed on my computer. When the problem first occurred I scanned whole computer with Kaspersky several times but found nothing. So from experience I have not scan this time, as I know it will only consume time without any result. However, Kaspersky is up-to-date.

2) Downloaded Malwarebytes and using free trial this morning. Scanned with it, and deleted all the PUPs it found.

3) The problem is seen in all browsers I have tried - Chrome, Firefox and Opera; and show similar result.

4) Cleaned with AdwCleaner. The report is attached.

5) I have disabled the anti-banner option in Kaspersky, and even not running it at all after I have installed Malwarebytes.
System logs
I did not upload the FRST.txt logs

kawrno

Level 1
Hello! I am having quite a strange problem. Sometimes captcha is blocked in all browsers for several months. Interestingly enough, I used to have this problem on google.com. But now I am not having the problem on google, but on facebook.com. When the problem was on google, I decided to use other search engines, and bypassed the problem. But now I need to open an account on facebook. Here is the screenshot of the problem:
1544861235339.png

Notice there are several straight lines. At first, when I click the link, there is only one straight line instead of the 'I am not a robot' box. Then if I let it be for few minutes, after every certain period a new line gets added; and stops at a total of six lines I guess. After two or three lines it shows something like - 'your browser is sending unusual traffic' and some other texts along with it. But before and after that, no text shows up.

Please advise.
 

Attachments

kawrno

Level 1
I don't know if it is a malware, but Mozilla keeps downloading openh264-win64-6c2e7008f8bbe2ff90100972f97071eb87ec37cb.zip at least once everytime I open the browser.
 

TwinHeadedEagle

Removal Expert
Staff member
Verified
[img=https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif] Fix with Farbar Recovery Scan Tool

[img=https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif] This fix was created for this user for use on that particular machine. [img=https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif]
[img=https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif] Running it on another one may cause damage and render the system unstable. [img=https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on [img=https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif] icon and select [img=https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg] Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).[/*]
  • Press the Fix button just once and wait.[/*]
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.[/*]
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt. [/*]
Please upload it to your reply.[/img]
 

Attachments

Reactions: stefanos

kawrno

Level 1
@TwinHeadedEagle

I have run the fixing operation three times, none of these are complete. I have attached all three reports.

First day I thought it would take the same time as searching, but it was taking longer, so I had to force-close FRST using task manager after 45/60 minutes as I needed to do another work. On the second day, I managed comparatively more time, yet it was taking longer. Today I ran it for almost five hours, yet, like the rest two, there was no progress after the BTMCOM part.

The new FRST and Addition files are also attached.
 

Attachments

kawrno

Level 1
(I thought you were busy with celebrations so decided to check reply after new year.)

After my last reply, the problem went away, but returned yesterday. I have just scanned with FRST, and when wanted to take a screenshot of the problem (google.com), it is normal again!

By the way, I have removed Malwarebytes after the problem went away, since I have already registered Kaspersky installed on my PC; thought there will be no more problem. And there was a strange thing, while FRST was scanning, Kaspersky suddenly removed the ExterminateIt.exe file saying it was malicious. It is strange because it did not remove that during other times, and Kaspersky wasn't even performing any scan while removing it.
 

Attachments

kawrno

Level 1
Right now I am facing no problems. Everything is alright except some sudden clicking sounds, not a problem though, just seems strange. Thank you for your help. If it is not a big and highly technical discussion, can you please teach me how to prevent this sort of captcha-blocking malware attack?
 

kawrno

Level 1
On my laptop; the exact sound my laptop makes when I open a folder.

And the problem returned.

I don't know if these two have a relation, but when the captcha problem was not there, the sudden clicking sounds occurred. After the problem has returned, there is no more sudden clicking sounds.
 

Attachments

kawrno

Level 1
When it happened, I remember it was happening while browsing the internet. (Can't remember if it also happened when browser was closed.)

By the way, right now I can google properly, but have't faced any captcha challenge recently, so don't know if captcha is working properly. When I face the captcha problem, I can not google at all.
 

kawrno

Level 1
I am not using any router. Just a LAN cable is attached to my computer for using (broadband) internet. Do I need to contact my ISP? What should I tell them?
 

Similar Threads

Similar Threads