Tor Browser Virus

[Christian Swindler]

Whileonly having BRAVE downloaded for a total of 30 minutes, I was notified of a Trojan virus download directly to my BRAVE system cache files. I will throw in some information! Please contact me BRAVE devs so we can resolve the issue. But for the rest of the community here is the information on the file downloaded.

This trojan/malware has nothing to do with brave. It is likely that you (as a user) downloaded sketchy application (.exe file) beforehand and ran it. It then must have attached itself to brave to do whatever it was programmed to do (act as a keylogger etc)

Malwarebytes protects your home devices and your business endpoints against malware, ransomware, malicious websites, and other advanced online threats. Download Malwarebytes for free and secure your PC, Mac, Android, and iOS, or take a free business...

In my opinion you have become your own worst enemy and your software has turned into the biggest malware that is out there. I never really trusted your browser because I had to disable way too many features from the start, but this takes the cake.

Hello,

I thought you might be interested in this free application that does a good job of uninstalling software and any reminants that might be left behind. I previously used to utilize a different software application but I seemingly like this one better:

There are other legit ways they could use to earn money. Abandon crypto and sell Brave VPN, they could make private e-mail service, or cloud servise, and sell that. They could make a merch and sell it. They can keep Brave Rewards (and give us option to completely disable it), but instead of using crypto-scam, they could pay users REAL money.

The way a browser hijacker functions depends on the intent of the attack. It can target different web browser settings and functions to achieve different results. Browser hijacker disruption can range in size, from small changes like added a new toolbar, to larger hijackings that target the domain name system (DNS) and redirect users to website that steal their usernames and passwords.

First of all, I had no extensions installed at that time and also in Private window/browsing the search still got directed to yahoo. I tried every brave setting for security available and also reseted the browser but it had no effect. In the end I used an antivirus and restarted my mac which resolved the issue.

A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit. It is often called a browser redirect virus because it redirects the browser to other, usually malicious, websites.

Part of the aim of a browser hijacker is to help the cybercriminal generate fraudulent advertising revenue. For instance, a browser redirects the victim's homepage to the hijacker's search page. Next, the hijacker redirects a victim's web searches to links the hijacker wants the victim to see, rather than to legitimate search engine results. When the user clicks on the search results, the hijacker gets paid. The cybercriminal can also sell information about the victim's browsing habits to third parties for marketing purposes.

A browser hijacker may contain spyware, enabling the attacker to obtain the user's banking information, credit card number or other sensitive data. Browser hijackers may also install ransomware, a type of malware that encrypts data on the victim's system, holding it hostage until the victim pays the hijackers a sum of money to unlock it.

Browser hijackers can infect devices through malicious email attachments, by downloading infected files or by visiting infected websites. The browser hijacking software could be bundled with a browser extension or be part of the software. Browser hijackers can also originate from shareware, freeware, adware and spyware infections.

Browser hijackers are likely to be downloaded unintentionally by the user. The user may be tricked into agreeing to an additional download in the terms and conditions to install software. The victim may also be fooled after being offered the option to decline the installation of the browser hijacker software, but the query is worded in a way that deliberately confuses the user into downloading the software. Once installed by the user, malicious code embedded in the software begins altering the activity of the user's browser.

The browser settings targeted by browser hijacking vary depending on the hijacker and their goals. Some hijackings may make only small changes -- such as adding a new and unwanted toolbar. These changes tend to be more annoying than dangerous. But the more dangerous hijackings may target the domain name system (DNS) to redirect users to a dangerous website, possibly to steal their passwords and user credentials.

I have a Browser Hijacker that has affected all browsers on my computer. I thought it came from I file that I posted, but was told it was a Phishing program, and not a hijacker. Something seemed to be pointing to the browser extensions. I deleted all extensions in all the browsers. Restarted the computer and all was quiet. I added back some extensions that have been on my computer a long time without an issue. Again, all was quiet (meaning Malwarebytes wasn't having to block the 8-12 attempts per minute). Windows wanted to do an update. After that was done and restarted, Malwarebytes was having to block the attempted connections again. I added all the files as recommended.

I have a very unpleasant problem - there is a virus on my computer that makes the browser crash when you search for words like hosts, etc., and also blocks the installation and launch of antiviruses (including Malwarebytes and many others). I read on your same forum that someone had the same problem. I rebooted into safe mode and ran Farbar Recovery Scan Tool. After the scan, I found very unpleasant results, which confirm that the virus exists. This virus has been giving me nightmares for over six months now, it prevents me from using apps and obviously poses a potential threat to my passwords/data. I am attaching the log

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

This happened because of its own human factor, namely piracy. I removed the executables from this list (to do this I rebooted into Linux), the browser stopped crashing and I was able to install Malwarebytes. According to the results of the Malwarebytes scan, I only saw remnants in the Windows registry. Fortunately, this pirated software was not used. For future people who run into this problem -- don't pirate. Thank you for help. Later I will show what kind of virus it was.

The first picture shows the log of the virus itself, which was used by the "Tektonit" software to carry out fraud. It seems that the virus failed to connect to the server. I punched the IP in the database and it shows the location of Warsaw/Wroclaw (from different databases) and LLC Majorcore. I checked the executable itself in virustotal, where it was determined to be truly malicious.

So, this is a remote control virus, which, according to the idea, was supposed to steal passwords or execute commands from the server using a script. Files with passwords were encrypted by built-in means of Windows and browsers. Passwords have been changed

So I will describe the strategy of this virus:

1. blocking antivirus software

2. Integration

3. Blocking the launch of portable antivirus utilities

4. Blocking the ability to download antiviruses.

5. Attempt to steal data

6. Continuation of existence on the computer until a new data theft request is created or until the virus is removed

Brief instructions for removing the virus:

1. Burn Ubuntu or any other Linux distribution to a USB stick.

2. Download FRST in Windows

3. Reboot into safe mode

4. Run the program as mentioned above. Next, start reading into the logs or ask someone else to do it. If you know when the infection started, it will make the task easier.

5. Delete files from the list that appeared due to infection. You may get "Access Denied" errors, so run Linux and delete files through it, there are no restrictions. Also delete the antivirus folders, because then you won't be able to run them because of the access denial.

6. Clean the basket

7. Reboot back to Windows and install Malwarebytes again

8. Run a final scan with this antivirus

9. Check the browser, just enter the word "hosts", if it pops up, then you did not remove the virus well, if not - then you have cured the computer from it.

10. Change your passwords to prevent tragedy.

11. Do not download files from the site where you caught this virus. Do not pirate, it will be for the best.

I use a website that typically creates a new tab with an ad on the first click. Usually, I can close the tab without even looking at it, but recently a more aggressive strain brings up a pop-up (for both Safari and Chrome on OS X) saying "Virus Found"... which I took a screenshot of:

The first few times this happened, I was using Safari, panicked, and just quit out of Safari, which worked fine. For some reason, Safari would typically not re-encounter this pop-up (or any new tab ads from the site) until I closed all the way out of Safari again.

3a8082e126