Operating System
Windows 7
Infection date and initial symptoms
1 Sept. Watchonline.band
Current issues and symptoms
Watchonline.band,
"secured-kssd.info says Detectamos que seu IP esta sendo usado para propagacao de virus"
Steps taken in order to remove the infection
Ran AVG scan, Ran CCleaner
System logs
I did not upload the FRST.txt logs

will5

New Member
Verified
1. Until this month, can't recall experiencing a malware. My AVG free always protected me. At first (1 Sept), I noticed just a persistent 'popup' called 'Watchonline.band', just above the righthand side of the system tray; the initial one states "This site has been updated in the background". Unless I click on its top-right delete icon, after several minutes subsequent popups accumulate above. All I have done is click the top-right delete icon, never accepted offers.

Typical are invitations to online gambling, warnings Norton has expired (I never used Norton), many from dating sites asking to 'chat'. Language usually Portuguese (I happen to be in Brazil at moment) but some popups are in English. They take valuable screen space.

2. Some days later AVG warned : threat aborted connection to fomaska.com infected with URL p hishing. Unusual. Otherwise AVG has given no warnings. I did a AVG Scan but all it reported was 1 tracking cookie

3. I then noticed in Windows Explorer, quite a few filetype extensions altered : PDF files used to show as 'PDF' in the narrow Type columnm now show as 'AVG HTML Document' and associated with 'AVG Advanced Browser' instead of my usual PDF viewer, JPG files used to show as 'JPG' now show as IrfanView JPG File', so now filetype needs a wider column. The Chrome icon for HTML files now altered to show a 'keyhole in the centre, and now see I have a new Browser installed: AVG ! Until now Google Chrome was my default, with Chromium as alternate. Chrome warns it is no longer default browser, so I reselected Chrome.
I see in Control Panel>Uninstall AVG Browser got installed on 1/9/19, nothing else shown as recently installed.

Non of this was installed with my knowledge (my PC is pwd protected, and only I use it) I use Windows 7 Pro 64 & Windows Firewall

4. 5 Sept: In todaya PC session a new popup occured: "secured-kssd.info says Detectamos que seu IP esta sendo usado para propagacao de virus"
(Watchonline.band popups also occasionally warn of virus !)

5. 8 Sept: When googling for AVG Free forum I saw a malwaretips.com guide to remove 'Watchonline.band' from Chrome - but on Step 3 "In the Privacy and Security section, click on “Content settings“ " in my Privacy & Security section, there is no 'Content settings' - my Chrome reports its uptodate, so why the discrepancy ? - but Note: see 8. below

I continued my search for access to the forum for 'AVG Free' - I registered, but it then tells me I have to buy a subscription !
Somewhere on the AVG site am sure it said free support, but I cannot find it. Do you know if it exists ?

6. I then read your malwaretips.com/blogs/remove-watchonline-band/ page, ran your free AdwCleaner. The scan listed 30 items - but non contain 'watchonline-band'. Some, maybe all of the PUPs are innocent & wanted. one called 'Optional.SweetPage.ShrtcCln...' sounds suspicious but I have not deleted any as I may inadvertently stop some wanted programs from working. Should I upload the AdwCleaner txt file to see what are malwares ?

7. Lastly I ran CCleaner, which said it deleted an enormous qty of tracking cookies. I didnt see 'Watchonline.band' in its list, but after this the popups ceased.

Does this mean 'Watchonline.band' has been fully removed from my PC ?

8. 13 Sept: I now revisited 5. and tried 'Site Settings' I saw Watchonline.band and in the 3 vert dot button clicked 'Remove' - but note, it already stopped displaying after running CCleaner.

If not can you help with advice on how to get rid of 'Watchonline.band' & other above issues with minimum of inconvenience ?

9. I have a large external USB drive (WD Passport) I use both for system backups, and to hold multimedia too large for the internal SSD. Unfortunately it took some days after contracting the malware, and I did save some data files on it (but no new system backups) before I thought to disconnect it, so I am wondering if I need to perform any tests on it once I reconnect after my PC is deemed safe ?

I could not see a 'Upload' btn to upload the FRST & Addtions files
 
Last edited: