Nothing In Particular

Subjects that don't have their own home
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#12871 Re: Nothing In Particular

Post by pre65 »

Every now and then Malwarebytes lets me "trial" the pay for version.

This time it keeps telling me "website blocked due to Trojan" when I search on Google. The culprit seems to be "mickloid.xyz" but I can't find out much about it. :?

When my free trial ends do I need to worry ?
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#12872 Re: Nothing In Particular

Post by jack »

pre65 wrote: Fri Apr 30, 2021 11:05 pm Every now and then Malwarebytes lets me "trial" the pay for version.

This time it keeps telling me "website blocked due to Trojan" when I search on Google. The culprit seems to be "mickloid.xyz" but I can't find out much about it. :?

When my free trial ends do I need to worry ?
Sounds like you have a search hijacker installed as a browser extension. Normally the plan is to disable your browser extensions one by one until the problem goes away...

The domain was created on 23rd March this year and is served via CloudFlare, which in itself is not unusual, and is registered in the Bahamas. Recently created domains are always a concern.

Which browser are you using?
Last edited by jack on Fri Apr 30, 2021 11:37 pm, edited 3 times in total.
Vivitur ingenio, caetera mortis erunt
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#12873 Re: Nothing In Particular

Post by pre65 »

jack wrote: Fri Apr 30, 2021 11:23 pm Sounds like you have a search hijacker installed as a browser extension.

Which browser are you using?
W10 and Chrome.
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#12874 Re: Nothing In Particular

Post by jack »

pre65 wrote: Fri Apr 30, 2021 11:27 pm
jack wrote: Fri Apr 30, 2021 11:23 pm Sounds like you have a search hijacker installed as a browser extension.

Which browser are you using?
W10 and Chrome.
Disable all your browser extensions and see if the problem goes away.
Vivitur ingenio, caetera mortis erunt
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#12875 Re: Nothing In Particular

Post by pre65 »

jack wrote: Fri Apr 30, 2021 11:42 pm
Disable all your browser extensions and see if the problem goes away.
It does not. :(

I also deleted all cookies and used "Chrome cleaner".
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
User avatar
Ray P
No idea why I do this anymore
Posts: 6294
Joined: Thu Nov 22, 2007 5:18 pm
Location: Somerset

#12876 Re: Nothing In Particular

Post by Ray P »

I teetered on the edge of falling for a scam on Thursday and it reinforced the need to be ever vigilant and cynical. It was the coincidental timing that nearly caught me out.

I was expecting a scheduled delivery via Hermes. I was working at home and heard someone call at the front door but was in a Teams call so couldn't go down. About 15mins later I got a text purporting to be from Hermes saying I needed to arrange a redelivery - I almost followed the link, which looked legitimate - it was only at the last moment that I thought 'why don't they have the tracking number?'. Hermes were Hermes and delivered the following day!
Last edited by Ray P on Sat May 01, 2021 11:58 am, edited 2 times in total.
Sorry, I couldn't resist!
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#12877 Re: Nothing In Particular

Post by jack »

pre65 wrote: Fri Apr 30, 2021 11:48 pm
jack wrote: Fri Apr 30, 2021 11:42 pm
Disable all your browser extensions and see if the problem goes away.
It does not. :(

I also deleted all cookies and used "Chrome cleaner".
Other redirects may be in place. Have you checked your hosts file etc.

C:\Windows\System32\drivers\etc\hosts
Vivitur ingenio, caetera mortis erunt
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#12878 Re: Nothing In Particular

Post by pre65 »

jack wrote: Sat May 01, 2021 8:56 am
Other redirects may be in place. Have you checked your hosts file etc.

C:\Windows\System32\drivers\etc\hosts
Sadly, I'm not a computer expert. :(
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#12879 Re: Nothing In Particular

Post by pre65 »

I followed the following instructions, but when I get to step 5 all I end up with is a file called "host file instructions". :?


Here are the directions on how to modify your hosts file.

Step 1.
Click the Windows button and type Notepad in the search bar.

Step 2.
Right click on Notepad and then Run as Administrator.

Step 3.
You’ll be asked, “Do you want to allow this app to make changes to your device?”. Choose Yes.

Step 4.
In Notepad, choose File then Open.

Step 5.
Navigate to C:\Windows\System32\drivers\etc\hosts or click the address bar at the top and paste in the path and choose Enter. If you don’t readily see the host file in the /etc directory then select All files from the File name: drop-down list, then click on the hosts file.

Step 6.
Add the appropriate IP and hostname at the end of your hosts’ file, select Save, and then close the file.

Step 7.
Finally, you will want to flush your DNS cache for your computer to recognize changes to the file. Click the Windows button and search command prompt.

Step 8.
Type the following command in the terminal and press Enter

ipconfig /flushdns


*
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#12880 Re: Nothing In Particular

Post by jack »

pre65 wrote: Sat May 01, 2021 10:18 am
jack wrote: Sat May 01, 2021 8:56 am
Other redirects may be in place. Have you checked your hosts file etc.

C:\Windows\System32\drivers\etc\hosts
Sadly, I'm not a computer expert. :(
Rather than edit it, just view it.

It should contain only a couple of lines (excepting comments which are prefixed with a "#") like:
127.0.0.1 localhost
::1 localhost
Vivitur ingenio, caetera mortis erunt
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#12881 Re: Nothing In Particular

Post by pre65 »

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#12882 Re: Nothing In Particular

Post by pre65 »

It seems to me Malwarebytes is blocking an outward bound file to this IP address.

https://dnslytics.com/ip/172.67.200.14
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
Michael L
Old Hand
Posts: 653
Joined: Tue Feb 19, 2013 5:10 pm
Location: Shrewsbury

#12883 Re: Nothing In Particular

Post by Michael L »

Knipex pliers at a good price

At the risk of someone telling me I could have bought something twice as good for half the price these seem much cheaper than anywhere else I've checked. The dreaded Amazon I'm afraid.
Cressy Snr
Amstrad Tower of Power
Posts: 10552
Joined: Wed May 30, 2007 12:25 am
Location: South Yorks.

#12884 Re: Nothing In Particular

Post by Cressy Snr »

Michael L wrote: Mon May 03, 2021 6:30 pm Knipex pliers at a good price

At the risk of someone telling me I could have bought something twice as good for half the price these seem much cheaper than anywhere else I've checked. The dreaded Amazon I'm afraid.
Thought you were ex BT. Where’s ‘yer 81s? :wink:
Sgt. Baker started talkin’ with a Bullhorn in his hand.
User avatar
Mike H
Amstrad Tower of Power
Posts: 20157
Joined: Sat Oct 04, 2008 5:38 pm
Location: The Fens
Contact:

#12885 Re: Nothing In Particular

Post by Mike H »

pre65 wrote: Fri Apr 30, 2021 11:05 pm Every now and then Malwarebytes lets me "trial" the pay for version.

This time it keeps telling me "website blocked due to Trojan" when I search on Google. The culprit seems to be "mickloid.xyz" but I can't find out much about it. :?

When my free trial ends do I need to worry ?
Google 'mickloid.xyz'

Example:

dictionaryext.xyz - Malwarebytes Labs | Malwarebytes Labs ...
https: // blog.malwarebytes.com › Detection Types
The domain dictionaryext.xyz is blocked by Malwarebytes because it is a search hijacker that delivers a forced Firefox extension.

You may need to delete your DNS.

With Firefox I could do a complete refresh, which returns it to defaults. I think I've done this twice.

A little warning about malwarebytes - the free version is great, but I made the mistake of buying the pro version. Don't do it. :shock: It totally takes over your computer so everything is reeeaaally slooowww presumably because it's checking everything to see if it's OK. But it takes too long! :(
 
"No matter how fast light travels it finds that the darkness has always got there first, and is waiting for it."
Post Reply