ENDSP1EL 0 Posted April 22, 2019 Share Posted April 22, 2019 Hello all! Even tho ESET has not found any virus in my PC I still keep getting these annoying "address has been blocked - amanda.run netc" or something similar. Any help? Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted April 22, 2019 Administrators Share Posted April 22, 2019 Please take a screen shot of the alert and post it here. Also collect logs with ESET Log Collector and post the generated archive. Link to comment Share on other sites More sharing options...
ENDSP1EL 0 Posted April 27, 2019 Author Share Posted April 27, 2019 Unfortunately I am not able to take a screenshot of the warning message as it has not shown since I posted my post. But here's the log eis_logs.zip Link to comment Share on other sites More sharing options...
ENDSP1EL 0 Posted April 27, 2019 Author Share Posted April 27, 2019 (edited) Here it is luckily Edited April 27, 2019 by ENDSP1EL Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted April 27, 2019 Administrators Share Posted April 27, 2019 Is access to the website blocked only in Chrome? Also if you run it without extensions? Or when you visit a specific website? Link to comment Share on other sites More sharing options...
ENDSP1EL 0 Posted April 27, 2019 Author Share Posted April 27, 2019 It's getting blocked in both Chrome and IE, with and also without all my extensions. This pop up appears randomly as far as I can tell Link to comment Share on other sites More sharing options...
itman 1,743 Posted April 27, 2019 Share Posted April 27, 2019 It's a PUA alert and it also triggers in IE11 Link to comment Share on other sites More sharing options...
itman 1,743 Posted April 27, 2019 Share Posted April 27, 2019 As far as URLVoid rating, it is flagged by only one blacklist, ZeroCERT. Link to comment Share on other sites More sharing options...
itman 1,743 Posted April 27, 2019 Share Posted April 27, 2019 (edited) If this popup is appearing randomly, it is probably adware related. In Chrome, look for any suspicious, recently installed, etc., extensions and uninstall them. Ref.: https://malwaretips.com/blogs/remove-runtnc-net/ You can also try one of the specialized adware cleaners like AdwCleaner: https://www.malwarebytes.com/adwcleaner/ Edited April 27, 2019 by itman Link to comment Share on other sites More sharing options...
ENDSP1EL 0 Posted April 27, 2019 Author Share Posted April 27, 2019 I am pretty sure I have none suspicious extensions installed. Also tried multiple malware removal programs. None of them has helped so far Link to comment Share on other sites More sharing options...
itman 1,743 Posted April 27, 2019 Share Posted April 27, 2019 I just scanned the FQDN at Quttera and it came up 100% clean: https://quttera.com/detailed_report/amanda.runtnc.net . So at this point, I don't know what to make of Eset's detection. What I do know is the IP address shown in this scan is not the same as those shown in previous malware detections associated with the domain name. Here's the Robtex scan on the FQDN: https://www.robtex.com/dns-lookup/amanda.runtnc.net . Interestingly, the domain, runtnc.net, is associated with an Amazon server assigned to Massachusetts Institute of Technology in Boston, MA. Go figure? Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted April 28, 2019 Most Valued Members Share Posted April 28, 2019 Googling runtnc.net seems to show other people with the exact URL having the same issue but couldn't see what was causing it. Link to comment Share on other sites More sharing options...
itman 1,743 Posted April 28, 2019 Share Posted April 28, 2019 (edited) From what I have read about this, it appears to be browser redirect adware. The fact it is occurring in multiple browsers points to something that was installed. Again, best to check Windows -> Control Panel -> Programs for anything that shows that was not directly installed and uninstall it. Then it appears all browsers used need to be reset back to their default values to clear all traces of the adware in them. I would also run AdwCleaner as previously suggested since it is great with removing adware crud like this. Edited April 28, 2019 by itman Link to comment Share on other sites More sharing options...
ENDSP1EL 0 Posted April 29, 2019 Author Share Posted April 29, 2019 I even re installed Windows so... Link to comment Share on other sites More sharing options...
itman 1,743 Posted April 29, 2019 Share Posted April 29, 2019 1 hour ago, ENDSP1EL said: I even re installed Windows so... Are you stating that after reinstalling Windows, you are still getting this alert? Link to comment Share on other sites More sharing options...
ENDSP1EL 0 Posted April 29, 2019 Author Share Posted April 29, 2019 (edited) I used this function so I could like start with brand new Windows but with my files so im not sure Edited April 29, 2019 by ENDSP1EL Link to comment Share on other sites More sharing options...
itman 1,743 Posted April 29, 2019 Share Posted April 29, 2019 2 hours ago, ENDSP1EL said: used this function so I could like start with brand new Windows but with my files so im not sure I assume you are running Win 10. If you did the "Reset option," all your user account files would have been retained but you would have had to reinstall all your apps. If you did a "Repair option," both your apps and files would have been retained. I assume you did a "Reset" and then reinstalled your apps? Link to comment Share on other sites More sharing options...
ENDSP1EL 0 Posted April 30, 2019 Author Share Posted April 30, 2019 23 hours ago, itman said: I assume you are running Win 10. If you did the "Reset option," all your user account files would have been retained but you would have had to reinstall all your apps. If you did a "Repair option," both your apps and files would have been retained. I assume you did a "Reset" and then reinstalled your apps? Yes, that might fit Link to comment Share on other sites More sharing options...
itman 1,743 Posted April 30, 2019 Share Posted April 30, 2019 I assume the popup issue has not reappeared since the Win 10 reinstall? Also previously did you override an Eset PUA alert and proceed with the installation? Did you verify that Eset protections for PUA and suspicious applications are enabled? See below screen shot: Link to comment Share on other sites More sharing options...
ENDSP1EL 0 Posted May 1, 2019 Author Share Posted May 1, 2019 19 hours ago, itman said: I assume the popup issue has not reappeared since the Win 10 reinstall? Also previously did you override an Eset PUA alert and proceed with the installation? Did you verify that Eset protections for PUA and suspicious applications are enabled? See below screen shot: The pop ap also appeared after the "clean up". That is why I have started this topic and yes everything is put to active. Link to comment Share on other sites More sharing options...
itman 1,743 Posted May 1, 2019 Share Posted May 1, 2019 Did you reinstall all your app software after you reinstalled the OS? Link to comment Share on other sites More sharing options...
ENDSP1EL 0 Posted May 9, 2019 Author Share Posted May 9, 2019 On 5/1/2019 at 9:27 PM, itman said: Did you reinstall all your app software after you reinstalled the OS? Yes, there are only few apps that had to be reinstalled Link to comment Share on other sites More sharing options...
itman 1,743 Posted May 9, 2019 Share Posted May 9, 2019 1 hour ago, ENDSP1EL said: Yes, there are only few apps that had to be reinstalled Are you still getting the Eset alerts? Link to comment Share on other sites More sharing options...
ENDSP1EL 0 Posted May 11, 2019 Author Share Posted May 11, 2019 Yes Link to comment Share on other sites More sharing options...
itman 1,743 Posted May 11, 2019 Share Posted May 11, 2019 (edited) Since you already did a Win 10 reset install and the issue still persists, do the following. At least, this will stop the Eset alerts for the time being and allow for hopefully, identifying which process is performing this activity. 1. Go to your Eset Filtered Web Sites log and search for all long entries related to amanda.run netc. Make a note of all IP addresses associated with the log entries. Hopefully, they are all the same IP Address or only a few. 2. Create an Eset firewall rule to block; i.e. "Deny", "TCP and UDP protocol", and Direction set to "Out." Name your rule something meaningful. Set Logging Severity to "Warning." Do not checkmark the Notify user option, since this will keep giving you alerts. Click on the Remote tab. Navigate to the window labeled IP. Enter each previously noted IP address. If entering multiple IP addresses, enter a comma after the end of the address, a space, and then the next IP address. Do not enter a comma after the last IP address entered. Click on the "OK" tab and every "OK" tab thereafter to save you newly created firewall rule. Once a few Eset Network log entries have been created from this firewall, copy those entries and post them into your next forum reply. Hopefully, this will point us to what process is performing this activity. Edited May 11, 2019 by itman Link to comment Share on other sites More sharing options...
Recommended Posts