Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Suspicious activity. How to find it?
Message
<blockquote data-quote="Parsh" data-source="post: 863188" data-attributes="member: 58090"><p>Ah, that was what I was missing. <u>Adware, PUPs</u> (Potentially Unwanted Programs) and cookies sometimes.</p><ol> <li data-xf-list-type="ol">Enable your sync so that the changes we will do get synced</li> <li data-xf-list-type="ol">Run Malwarebytes and Zemana to remove Adware/PUPs, restart Windows</li> <li data-xf-list-type="ol">Reset your web browser using this <a href="https://support.google.com/chrome/answer/2765944" target="_blank">guide</a>. Don't forget to also read the 'Remove unwanted programs (Windows, Mac)' section. Follow the entire guide</li> <li data-xf-list-type="ol">Restart Windows</li> </ol><p>This should get you through the recurrence of unwanted detections you've been having when you sync your google account. Btw, these are not viruses but unwanted and potentially risky content.</p><p></p><p></p><p>Yeah, keep it UNchecked, as recommended. Downloading another browser is like having another garage for your second car. No concern with relation to the first car or garage. Read garage as browser and your cars as your browsing tabs/activity and browser settings. You can have two, though not needed. One well configured browser is enough.</p><p></p><p></p><p>Important is to close those irritating tabs entirely. You did that, so you shouldn't face them on next browser launch, unless you're infected (not the case here) or you visit that webpage again.</p><p></p><p></p><p>The popup may not necesarily be about taxes or such. You could have entered it at any site that asked for it and has bad intentions, or has been hijacked.</p><p>BTW, are you using any VPNs? That may change your login location and alert mails may follow.</p><p></p><p></p><p>If you've voluntarily created accounts on various platforms/sites and you're receiving their mails</p><ul> <li data-xf-list-type="ul">login mails will follow before or after you logged in to their portal/app</li> <li data-xf-list-type="ul">Code verification may be required when first creating accounts or for successive logins and important account actions</li> <li data-xf-list-type="ul">Activity mails will reflect your activity on those portals, or updates from other members w.r.t. your activity</li> </ul><p>If the mails have relevant content at proper times, then they should be good. If you have a doubt, check with the respective sites, whether the mail id from which you are getting mails is official. And if the mails are relevant and meaningful, then its fine.</p><p></p><p>Also, the gmail and yahoo incidents are two different problems, from what I understand.</p><p>If you're getting mails of login alerts of times you did NOT login, that's suspicious. Yet, the one who's trying to break into your account doesn't have your Auth codes, so no worries.</p><p></p><p></p><p>No problem. Just make sure the linked emails are secured as well.</p><p>When you freshly login to your Yahoo account, does it ask 'email id+authentication code' or 'email id+password'. Does it ask you for any auth code or OTP?</p><p></p><p>You've run scans with good tools already. If they don't detect keyloggers, there are high chances that there aren't.</p><p>Still you can try Emsisoft Emergency Kit, Zemana and HitmanPro Alert scans for peace of mind... after completing above actions. A clean Windows install 9that you said you did) erases such common threats.</p><p>Also, you can share the Process Explorer and Autoruns screenshots the way I mentioned about earlier - for usage and detecting anything suspicious.</p><p></p><p></p><p>You could try keeping the Task Manager open and then run the game full-screen. Extensions? 3 screenshots each showing high use of CPU, Memory and I/O respectively will help one understand things better.</p><p></p><p></p><p>There's seems no risk for your google account by your explanation. I suggested that in case we were led to believe that your account is really compromised. It is rather just adware bundles syncing with your account.</p></blockquote><p></p>
[QUOTE="Parsh, post: 863188, member: 58090"] Ah, that was what I was missing. [U]Adware, PUPs[/U] (Potentially Unwanted Programs) and cookies sometimes. [LIST=1] [*]Enable your sync so that the changes we will do get synced [*]Run Malwarebytes and Zemana to remove Adware/PUPs, restart Windows [*]Reset your web browser using this [URL='https://support.google.com/chrome/answer/2765944']guide[/URL]. Don't forget to also read the 'Remove unwanted programs (Windows, Mac)' section. Follow the entire guide [*]Restart Windows [/LIST] This should get you through the recurrence of unwanted detections you've been having when you sync your google account. Btw, these are not viruses but unwanted and potentially risky content. Yeah, keep it UNchecked, as recommended. Downloading another browser is like having another garage for your second car. No concern with relation to the first car or garage. Read garage as browser and your cars as your browsing tabs/activity and browser settings. You can have two, though not needed. One well configured browser is enough. Important is to close those irritating tabs entirely. You did that, so you shouldn't face them on next browser launch, unless you're infected (not the case here) or you visit that webpage again. The popup may not necesarily be about taxes or such. You could have entered it at any site that asked for it and has bad intentions, or has been hijacked. BTW, are you using any VPNs? That may change your login location and alert mails may follow. If you've voluntarily created accounts on various platforms/sites and you're receiving their mails [LIST] [*]login mails will follow before or after you logged in to their portal/app [*]Code verification may be required when first creating accounts or for successive logins and important account actions [*]Activity mails will reflect your activity on those portals, or updates from other members w.r.t. your activity [/LIST] If the mails have relevant content at proper times, then they should be good. If you have a doubt, check with the respective sites, whether the mail id from which you are getting mails is official. And if the mails are relevant and meaningful, then its fine. Also, the gmail and yahoo incidents are two different problems, from what I understand. If you're getting mails of login alerts of times you did NOT login, that's suspicious. Yet, the one who's trying to break into your account doesn't have your Auth codes, so no worries. No problem. Just make sure the linked emails are secured as well. When you freshly login to your Yahoo account, does it ask 'email id+authentication code' or 'email id+password'. Does it ask you for any auth code or OTP? You've run scans with good tools already. If they don't detect keyloggers, there are high chances that there aren't. Still you can try Emsisoft Emergency Kit, Zemana and HitmanPro Alert scans for peace of mind... after completing above actions. A clean Windows install 9that you said you did) erases such common threats. Also, you can share the Process Explorer and Autoruns screenshots the way I mentioned about earlier - for usage and detecting anything suspicious. You could try keeping the Task Manager open and then run the game full-screen. Extensions? 3 screenshots each showing high use of CPU, Memory and I/O respectively will help one understand things better. There's seems no risk for your google account by your explanation. I suggested that in case we were led to believe that your account is really compromised. It is rather just adware bundles syncing with your account. [/QUOTE]
Insert quotes…
Verification
Post reply
Top