The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
Since yesterday afternoon ESET a/v has been reporting that it has blocked access to 7g6njejx.com, roughly every ten minutes. That domain name does not exist, but ESET also gives me the IP. The IP given cycles through five addresses - and every one points to Amazon on every IP check site I can find - specifically the Amazon in Ashburn, Virginia on amazonaws.com. It has three goes in every session to connect, and then ten minutes later tries another of the five IPs.
At first I thought it might be related to MS Outlook, as that downloads every ten minutes, but it isn't. I can't see anything likely in Task Manager either.
Anybody seen this before, or have any idea what is going on? Even if all my browsers are closed, it still keeps popping up - AND IT'S DRIVING ME CRAZY*!!!!!!
I ran a full ESET scan - nothing.
I ran a full Malwarebytes scan - nothing.
I ran a full Search&Destroy scan - nothing.
Yet the ESET popups about blocked access to 7g6njejx.com kept coming.
When I checked the ESET logs it reported this as a JS/Redirector.NDS trojan.
The traffic was caused by ExpressVPN executable in my case, specifically:
C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
I uninstalled ExpressVPN but the issue persisted.
I then remembered that ExpressVPN installs brower extension and sure enough they were still present.
I removed the browser extensions and the popups stopped.
My concern is that none of the Antivirus/Malware checks found anything yet it was clearly happening.
So I am not sure whether my system is clean now.
Last Visit: 23-Nov-20 21:14 Last Update: 23-Nov-20 21:14