Results 1 to 8 of 8
  1. #1
    New Lounger
    Join Date
    Mar 2010
    Location
    Laval, Québec, Canada
    Posts
    24
    Thanks
    1
    Thanked 3 Times in 2 Posts

    41.teracreative.com tagged as malicious website

    I don't know if any other WS subscribers has ever encountered this problem, but for the past couple of weeks or so I have been having this pop-up from MBAM whenever I tried to log in to my WS's account to read the newsletters. The pop-up reads as follows:

    Malicious Website blocked
    Domain: 41.teracreative.com
    IP: 72.251.231.55
    Port: 64711
    Type: Oubound

    Alternatively, one can look at the file attachment for full details about the pop-up. It is worth noting that this would happen even when I am changing for the next page in a thread. It's mind-boggling and is driving me crazy. I was wondering if there is a way to fix this issue.
    Attached Images Attached Images

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Does this block impact you logging in?

    See https://blog.malwarebytes.org/threat...st-undetected/ for details why teracreative is blocked.

    It's possible that Chrome's pre-loading is triggering this, trying to access links 'just in case' you might want to click on them, you can limit this kind of behaviour in Chrome's settings, I'd also set 3rd party cookies to blocked unless visited as well.

    You may need to reset Chrome completely before setting these preferences, and/or run ADWCleaner and Junkware Removal Tool http://www.bleepingcomputer.com/download/adwcleaner/ (JRT is on the righthand side).

  3. #3
    New Lounger
    Join Date
    Mar 2010
    Location
    Laval, Québec, Canada
    Posts
    24
    Thanks
    1
    Thanked 3 Times in 2 Posts
    Thanks for your prompt answer. No, the pop-up doesn't prevent me from accessing my WS's account, but it's very annoying and aggravating should I say. What is 41.teracreative. com anyway?. I am not accustomed to having this kind of pop-up before and it is only showing up when I am navigating in Windows Secrets. The weird thing is that I didn't change Chrome's settings recently and third party cookies are already set to "block" unless Chrome changes my settings to default with each update.

    Just before this writing, I ran Trend Micro's House Call and didn't find any malware or virus. Same thing goes for Microsoft's Windows Defender. I am going to try some of suggestions and post back.

  4. #4
    New Lounger
    Join Date
    Mar 2010
    Location
    Laval, Québec, Canada
    Posts
    24
    Thanks
    1
    Thanked 3 Times in 2 Posts
    As promised, there are some of your suggestions I tried. First off, It seems that I cannot run JRT from AdwCleaner since the software's owner is the same as Malwarebytes anti-malware. It's like JRT is being prevented from running by the latter. I have also uninstalled and re-installed Google Chrome but to no avail, since whatever I click inside Windows Secrets be it a header, changing a page, saving a post, causes this infamous pop-up message by MBAM (see above attachment). Understand that this is driving me out of my wits. Annoying would be an understatement. By the way, Google has been set to block third-party cookies.

    Finally, I don't really understand what you mean by and I quote: "It's possible that Chrome's pre-loading is triggering this, trying to access links 'just in case' you might want to click on them". I would be more than happy if you can clarify or elaborate a bit on that one.

    Thanks a lot for your help.

  5. #5
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Unless JRT has been fully incorporated into MBAM very recently, you should still be able to run it as a standalone. ADWCleaner is also a standalone.

    Reset Chrome settings to default

    Chrome Networking: DNS Prefetch & TCP Preconnect and a view from the server side Prefetching resources.

    My browser usage is somewhat different to that which is targeted by Chrome, I have relatively long browser sessions (only 2.3 days currently but it's often close to double figures), no OS DNS caching and a browser that uses a relatively sane prefetch strategy and uses many fewer OS resources as well as having less of an impact on web servers than Chrome.

  6. The Following User Says Thank You to satrow For This Useful Post:

    Tedpacheco (2016-05-11)

  7. #6
    New Lounger
    Join Date
    Mar 2010
    Location
    Laval, Québec, Canada
    Posts
    24
    Thanks
    1
    Thanked 3 Times in 2 Posts
    I have reset Chrome to default, but that didn't help.

  8. #7
    New Lounger
    Join Date
    Mar 2010
    Location
    Laval, Québec, Canada
    Posts
    24
    Thanks
    1
    Thanked 3 Times in 2 Posts
    After reading all your referenced links above, I did a little bit of a homework myself. First, I tried to open my account with WS in another browser (IE11) and I didn't have the pop-up. I ran AdwCleaner (not the JRT) and it found 2 services that I had to remove. Then I ran Google Cleaning Tool which didn't find anything but asked to send the information about my computer to Google. I clicked OK to accept. Once transferred to google browser, there was a message asking me to reset my settings to default. I also gladly accepted. Right after that, I went to log into my WS's account to see if the problem was still persisting. Fortunately, the infamous pop-up was nowhere to be seen.

    I would never be able to thank you enough for your help, satrow. I don't know why my first attempt to reset Chrome settings to default didn't work; maybe I didn't do something correctly. But the fact-of-the-matter is the issue has been resolved. I owe it all to you.

  9. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    No worries, Ted, glad to be of some help.

    You can mark the topic as [SOLVED] from the Thread tools dropdown, if you like, that should make it easier should anyone else search for a similar fix.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •