Jump to content

Recommended Posts

Hello all!

Even tho ESET  has not found any virus in my PC I still keep getting these annoying "address has been blocked - amanda.run netc" or something similar. Any help?

Thanks

Share this post


Link to post
Share on other sites

Please take a screen shot of the alert and post it here. Also collect logs with ESET Log Collector and post the generated archive.

Share this post


Link to post
Share on other sites

Unfortunately I am not able to take  a screenshot of the warning message as it has not shown since I posted my post. But here's the log

eis_logs.zip

Share this post


Link to post
Share on other sites
Posted (edited)

Here it is luckily 

 

Komentár 2019-04-27 165235.png

Edited by ENDSP1EL

Share this post


Link to post
Share on other sites

Is access to the website blocked only in Chrome? Also if you run it without extensions? Or when you visit a specific website?

Share this post


Link to post
Share on other sites

It's getting blocked in both Chrome and IE, with and also without all my extensions. This pop up appears randomly as far as I can tell

Share this post


Link to post
Share on other sites

It's a PUA alert and it also triggers in IE11

Eset_PUA.thumb.png.2beb890332fb633d9b7592c067a90a7d.png

 

Share this post


Link to post
Share on other sites

As far as URLVoid rating, it is flagged by only one blacklist, ZeroCERT.

Share this post


Link to post
Share on other sites
Posted (edited)

If this popup is appearing randomly, it is probably adware related. In Chrome, look for any suspicious, recently installed, etc., extensions and uninstall them.

Ref.: https://malwaretips.com/blogs/remove-runtnc-net/

You can also try one of the specialized adware cleaners like AdwCleaner: https://www.malwarebytes.com/adwcleaner/

Edited by itman

Share this post


Link to post
Share on other sites

I am pretty sure I have none suspicious extensions installed. Also tried multiple malware removal programs. None of them has helped so far

Share this post


Link to post
Share on other sites

I just scanned the FQDN at Quttera and it came up 100% clean: https://quttera.com/detailed_report/amanda.runtnc.net . So at this point, I don't know what to make of Eset's detection. What I do know is the IP address shown in this scan is not the same as those shown in previous malware detections associated with the domain name.

Here's the Robtex scan on the FQDN: https://www.robtex.com/dns-lookup/amanda.runtnc.net . Interestingly, the domain, runtnc.net, is associated with an Amazon server assigned to Massachusetts Institute of Technology in Boston, MA. Go figure? 

Share this post


Link to post
Share on other sites

Googling runtnc.net seems to show other people with the exact URL having the same issue but couldn't see what was causing it. 

Share this post


Link to post
Share on other sites
Posted (edited)

From what I have read about this, it appears to be browser redirect adware. The fact it is occurring in multiple browsers points to something that was installed. Again, best to check Windows -> Control Panel -> Programs for anything that shows that was not directly installed and uninstall it. Then it appears all browsers used need to be reset back to their default values to clear all traces of the adware in them.

I would also run AdwCleaner as previously suggested since it is great with removing adware crud like this.

Edited by itman

Share this post


Link to post
Share on other sites
1 hour ago, ENDSP1EL said:

I even re installed Windows so...

Are you stating that after reinstalling Windows, you are still getting this alert?

Share this post


Link to post
Share on other sites
Posted (edited)

I used this function so I could like start with brand new Windows but with my files so im not sure

Edited by ENDSP1EL

Share this post


Link to post
Share on other sites
2 hours ago, ENDSP1EL said:

used this function so I could like start with brand new Windows but with my files so im not sure

I assume you are running Win 10. If you did the "Reset option," all your user account files would have been retained but you would have had to reinstall all your apps. If you did a "Repair option," both your apps and files would have been retained.

I assume you did a "Reset" and then reinstalled your apps?

Share this post


Link to post
Share on other sites
23 hours ago, itman said:

I assume you are running Win 10. If you did the "Reset option," all your user account files would have been retained but you would have had to reinstall all your apps. If you did a "Repair option," both your apps and files would have been retained.

I assume you did a "Reset" and then reinstalled your apps?

Yes, that might fit

Share this post


Link to post
Share on other sites

I assume the popup issue has not reappeared since the Win 10 reinstall?

Also previously did you override an Eset PUA alert and proceed with the installation? Did you verify that Eset protections for PUA and suspicious applications are enabled? See below screen shot:

Eset_PUA.thumb.png.27aa3739bfdc15f51aaf2eb151e16567.png

Share this post


Link to post
Share on other sites
19 hours ago, itman said:

I assume the popup issue has not reappeared since the Win 10 reinstall?

Also previously did you override an Eset PUA alert and proceed with the installation? Did you verify that Eset protections for PUA and suspicious applications are enabled? See below screen shot:

Eset_PUA.thumb.png.27aa3739bfdc15f51aaf2eb151e16567.png

The pop ap also appeared after the "clean up". That is why  I have started this topic and yes everything is put to active.

Share this post


Link to post
Share on other sites

Did you reinstall all your app software after you reinstalled the OS?

Share this post


Link to post
Share on other sites
On 5/1/2019 at 9:27 PM, itman said:

Did you reinstall all your app software after you reinstalled the OS?

 

Yes, there are only few apps that had to be reinstalled

Share this post


Link to post
Share on other sites
1 hour ago, ENDSP1EL said:

Yes, there are only few apps that had to be reinstalled

Are you still getting the Eset alerts?

Share this post


Link to post
Share on other sites
Posted (edited)

Since you already did a Win 10 reset install and the issue still persists, do the following. At least, this will stop the Eset alerts for the time being and allow for hopefully, identifying which process is performing this activity.

1. Go to your Eset Filtered Web Sites log and search for all long entries related to amanda.run netc. Make a note of all IP addresses associated with the log entries. Hopefully, they are all the same IP Address or only a few.

2. Create an Eset firewall rule to block; i.e. "Deny", "TCP and UDP protocol", and  Direction set to "Out." Name your rule something meaningful.

  • Set Logging Severity to "Warning." Do not checkmark the Notify user option, since this will keep giving you alerts.
  • Click on the Remote tab. Navigate to the window labeled IP. Enter each previously noted IP address.  If entering multiple IP addresses, enter a comma after the end of the address, a space, and then the next IP address. Do not enter a comma after the last IP address entered. 

Click on the "OK" tab and every "OK" tab thereafter to save you newly created firewall rule.

Once a few Eset Network log entries have been created from this firewall, copy those entries and post them into your next forum reply. Hopefully, this will point us to what process is performing this activity.

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...