Blocked Hijack attempt

[DaleHyde]

Suddenly, less than a day after this last update, I have been getting a blocked hijack attempt by happykid.in. It is linked and hidden in your .exe file according to Malwarebytes Premium. Not sure what this is all about. I have attached the Malwarebytes log reports. The logs give you information about my system and such. Just a side note, I am in Houston, Texas, but using a Dallas VPN at this time.

Thank you and I hope to hear back soon.

[New Tobin Paradigm]

So you have internet filtering and it reports the program accessing the website you tried to navigate to so in your uninformed mind that means Pale Moon is somehow infected?

[DaleHyde]

No, it happens even without the VPN. Did you look at the Malewarebytes logs I shared? Just curious, as it is Malwarebytes that is quarantining a file from PaleMoon .exe file. I can understand that, actually, with no problem. My question is why is this happening? I "assume" nothing.

[DaleHyde]

I do take offense at your attitude, by the way. It is not my uniformed mind. If you actually took the time to review the logs I submitted, you would see that I am basing my "opinion" on the reports from Malewarebytes and them mapping it to the PaleMoon .exe file.

[Pentium4User]

I recommend completely reinstalling your operating system. If there was any kind of malware (even Adware), reinstall your OS. It doesn't make sense to rescue an infected system.
If you need further help, I might assist you.

[satrow]

Clearing the cache and cookies might help, depends on what/where the hijacker is, exit the browser, reboot and test.

My Pale Moon(s - I've used many in this Profile) has History covering 6 months + 5770 entries older than that but no trace of any previous access to that site:

It really is an issue that's been triggered on your end.

[DaleHyde]

I did want to add that I was not attempting to visit the site that was quarantined. This is a new Dell system less than two months old and no other issues with anything, other that this. I have seen where such things, mostly PUPs are embedded in software, such as browser software, that gives you no opportunity to not install, or even know if you are installing it. I brought this to the attention here, as I feel it is Pale Moon related, and only started occurring after the most recent update. Regardless, I thank everyone for their help. It does not stop me from visiting sites, nor hinder my computer, but I do get the pop up hijack warning from my Malwarebytes Premium, quite often now, with that same warning.

I have tried clearing cache and rebooting. That does not stop the issue.

Why do the logs point to the Pale Moon .exe file? That is what has me wondering if it is not buried in there. When I go to the Pale Moon .exe file, there are no other folders, or no way for me to see what is in it. Again, just curious why Malwarebytes maps it to Pale Moon for a site I have never visited or heard of.

Edit. I think I have traced it down to a particular website I have visited often. (I have sent a message to their webmaster). I would be interesting to see if anyone else gets any kind of warning from the site. : hxxps://www.nativetreasuresnm.com/index.php/ WARNING - don't go there without protection, or you may meed to reinstall your browsers, OS, ...

[Pentium4User]

Because palemoon.exe requested that site.

Your system might be infected, so please reinstall it immediately.
Win 10 ISO here: https://www.microsoft.com/en-us/softwar ... ndows10ISO
Just open it and run setup.exe.
Then select Advanced and the reinstall Win 10 without keeping programs.

[DaleHyde]

Because palemoon.exe requested that site.

Your system might be infected, so please reinstall it immediately.
Win 10 ISO here: https://www.microsoft.com/en-us/softwar ... ndows10ISO
Just open it and run setup.exe.
Then select Advanced and the reinstall Win 10 without keeping programs.

That is a major step. Please see what I edited and added to my previous post above your reply.

[satrow]

Run MBAM and AdwCleaner, attach the logs.

[DaleHyde]

Run MBAM and AdwCleaner, attach the logs.

Okay, they are attached.

[Pentium4User]

Your system already has been infected. Reinstall to get back a fresh operating system without any rests of Adware.

[Pentium4User]

Edit. I think I have traced it down to a particular website I have visited often. (I have sent a message to their webmaster). I would be interesting to see if anyone else gets any kind of warning from the site. : hxxps://www.nativetreasuresnm.com/index.php/ WARNING - don't go there without protection, or you may meed to reinstall your browsers, OS, ...

I now installed Malwarebytes and visited that site - no message.

It seems that you system is infected.
This also includes the adware detected by AdwCleaner.

The only proper solution is to reinstall Windows.

[satrow]

I now installed Malwarebytes and visited that site - no message.

It seems that you system is infected.
This also includes the adware detected by AdwCleaner.

The only proper solution is to reinstall Windows.

Your blockers are stopping you from seeing the happykid link(s) on that page.

I see no related infection in the AdwCleaner logs, PUP.Optional in favourites and some Dell preinstalls listed.

[gepus]

I visited the site (without protection) and am still alive.

The only proper solution is to reinstall Windows.

Please don't scare the shit out of people, it's not April Fool's Day.
BTW, this is the script:

Code: Select all

<script type="text/javascript" src="https://www.happykid.in/image/catalog/d_blog_module/review/translate.js"></script>

[New Tobin Paradigm]

I do take offense at your attitude, by the way. It is not my uniformed mind.

I'm sorry, let me try again.

So you have internet filtering and it reports the program accessing the website you [or something like another website] tried to navigate to so [by not using your mind at all to evaluate what your logs are telling you in a critical manor] that means Pale Moon is somehow infected?

Is that better?

[Moonchild]

I think it went something like this:
User used Pale Moon to visit a website that tries to load something from a known malware domain. Anti-malware protection kicks in and notifies the user that Pale Moon tried to connect to a known malware domain. User panics, and thinks Pale Moon is trying to connect to the malware domain by design while it was the effect of it being a web browser being told to go there. Proceeds to report the notification to the browser developers/community who spend the better part of a day trying to distil what the hell is going on.

[Tharthan]

critical manor

Off-topic:
Is that anything like "Resident Evil"?

Or is it that place that you always visit in JRPGs?

[DaleHyde]

I think it went something like this:
User used Pale Moon to visit a website that tries to load something from a known malware domain. Anti-malware protection kicks in and notifies the user that Pale Moon tried to connect to a known malware domain. User panics, and thinks Pale Moon is trying to connect to the malware domain by design while it was the effect of it being a web browser being told to go there. Proceeds to report the notification to the browser developers/community who spend the better part of a day trying to distil what the hell is going on.

I actually did not panic. From my understanding, with some IT training, from viewing the logs, I simply felt it may be an issue involving Pale Moon. I concluded this after viewing the logs. I was trying to alert Pale Moon, if, in fact there was something going on. I can now see that reporting things is really not appreciated, so no worries. As mentioned in one of my above posts, I narrowed the problem down to one website that I have visited well over 100 times over the past year for business purposes. Suddenly, upon visiting that website, I was getting that warning. I tested that website in Firefox, and the same warning came up, but it referenced it as a FireFox .exe issue.

Sorry you had "to spend the better part of the day trying to distill what the hell is going on." I will not report any other issues. Have a great day. (I am glad I did not follow the advice of one here earlier, who tried to alarm me to do a total new install of Windows 10 due to my computer being infected.

[Tharthan]

I can now see that reporting things is really not appreciated, so no worries.

That's not the case, and I apologise for any offence.

We get a lot of people who show up here blaming all of their problems on Pale Moon; assuming that the problem is a browser problem.

So a lot of users here have a low tolerance for anyone who tries to propose that an issue that is going on with their own computer is actually the fault of Pale Moon, when evidence would suggest otherwise.