7g6njejx.com pop up.

[Dodong 0]

Has anyone encountered this 7g6njejx.com pop up block ever since yesterday?

[Marcos 5,085]

Sounds like DGA typical for malware and ad domains, the latter are quite common nowadays.

I have limited connectivity and options this week but I hope that other knowledeable users will be able to provide more information, if needed.

[stackz 113]

There's a discussion at CodeProject re 7g6njejx.com linking the popup to ExpressVPN.

refer to: https://www.codeproject.com/Messages/5666747/Re-Hacked-by-Amazon.aspx

 

Edited October 1, 2019 by stackz

[Nightowl 205]

23 hours ago, Dodong said:

Has anyone encountered this 7g6njejx.com pop up block ever since yesterday?

This is the quote by the member in CodeProject :

 

Member 10451815 22hrs 45mins ago

I had exactly the same issue since today. I ran a full ESET scan - nothing. I ran a full Malwarebytes scan - nothing. I ran a full Search&Destroy scan - nothing. Yet the ESET popups about blocked access to 7g6njejx.com kept coming. When I checked the ESET logs it reported this as a JS/Redirector.NDS trojan. The traffic was caused by ExpressVPN executable in my case, specifically: C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe I uninstalled ExpressVPN but the issue persisted. I then remembered that ExpressVPN installs brower extension and sure enough they were still present. I removed the browser extensions and the popups stopped. My concern is that none of the Antivirus/Malware checks found anything yet it was clearly happening. So I am not sure whether my system is clean now. It should probably solve your problem.

[itman 1,667]

4 hours ago, Rami said:

I uninstalled ExpressVPN but the issue persisted.
I then remembered that ExpressVPN installs brower extension and sure enough they were still present.
I removed the browser extensions and the popups stopped.

Appears to be a beacon installed in the ExpressVPN browser extension. Removing the extension fixes the Eset detection alerts.

The question is if that extension is necessary for ExpressVPN to properly handle browser network traffic? In any case, folks need to contact ExpressVPN about this issue.

What doesn't make any current sense is how a browser extension could result in Eset throwing the alert when the browser wasn't open as some posters have indicated? As such, an infected browser extension might only be a partial solution to this issue. Current resolution might require full removal of ExpressVPN until it can resolve the issue and issue a new product download.

A workaround would be to create an Eset firewall rule to block outbound TCP/UDP network traffic from C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe to IP address, 3.218.219.179 . Note that this rule must be placed above any existing C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe rules. Also verify the directory ExpressVPN is installed in. On x(64) systems, it may be in C:\Program Files instead.

Alternatively, one could create an entry in Eset's Web Access Protection "List of blocked addresses" for *.7g6njejx.com/* . This method would be more effective if ExpressVPN changed IP address being used.

Edited October 1, 2019 by itman

[Dodong 0]

I updated my ExpressVPN and it's fine at the moment. I didn't even got my ExpressVPN on browser extension and it was still popping out every 10 minutes. I think updating works, for now. 

[Nightowl 205]

29 minutes ago, Dodong said:

I updated my ExpressVPN and it's fine at the moment. I didn't even got my ExpressVPN on browser extension and it was still popping out every 10 minutes. I think updating works, for now. 

It seems that they have removed the malicious link.

[DrDGO 0]

Same for me. ExpressVPN was updated and its ok now.