Jump to content

7g6njejx.com pop up.


Dodong
 Share

Recommended Posts

  • Administrators

Sounds like DGA typical for malware and ad domains, the latter are quite common nowadays.

I have limited connectivity and options this week but I hope that other knowledeable users will be able to provide more information, if needed.

Link to comment
Share on other sites

  • Most Valued Members
23 hours ago, Dodong said:

Has anyone encountered this 7g6njejx.com pop up block ever since yesterday?

This is the quote by the member in CodeProject :

 

Popular member Member 10451815 22hrs 45mins ago 
 
 
arrow-up24.png

I had exactly the same issue since today.

I ran a full ESET scan - nothing.
I ran a full Malwarebytes scan - nothing.
I ran a full Search&Destroy scan - nothing.
Yet the ESET popups about blocked access to 7g6njejx.com kept coming.

When I checked the ESET logs it reported this as a JS/Redirector.NDS trojan.
The traffic was caused by ExpressVPN executable in my case, specifically:
C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe


I uninstalled ExpressVPN but the issue persisted.
I then remembered that ExpressVPN installs brower extension and sure enough they were still present.
I removed the browser extensions and the popups stopped.

My concern is that none of the Antivirus/Malware checks found anything yet it was clearly happening.
So I am not sure whether my system is clean now.

It should probably solve your problem.

 
Link to comment
Share on other sites

4 hours ago, Rami said:

I uninstalled ExpressVPN but the issue persisted.
I then remembered that ExpressVPN installs brower extension and sure enough they were still present.
I removed the browser extensions and the popups stopped.

Appears to be a beacon installed in the ExpressVPN browser extension. Removing the extension fixes the Eset detection alerts.

The question is if that extension is necessary for ExpressVPN to properly handle browser network traffic? In any case, folks need to contact ExpressVPN about this issue.

What doesn't make any current sense is how a browser extension could result in Eset throwing the alert when the browser wasn't open as some posters have indicated? As such, an infected browser extension might only be a partial solution to this issue. Current resolution might require full removal of ExpressVPN until it can resolve the issue and issue a new product download.

A workaround would be to create an Eset firewall rule to block outbound TCP/UDP network traffic from C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe to IP address, 3.218.219.179 . Note that this rule must be placed above any existing C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe rules. Also verify the directory ExpressVPN is installed in. On x(64) systems, it may be in C:\Program Files instead.

Alternatively, one could create an entry in Eset's Web Access Protection "List of blocked addresses" for *.7g6njejx.com/* . This method would be more effective if ExpressVPN changed IP address being used.

Edited by itman
Link to comment
Share on other sites

I updated my ExpressVPN and it's fine at the moment. I didn't even got my ExpressVPN on browser extension and it was still popping out every 10 minutes. I think updating works, for now. 

Link to comment
Share on other sites

  • Most Valued Members
29 minutes ago, Dodong said:

I updated my ExpressVPN and it's fine at the moment. I didn't even got my ExpressVPN on browser extension and it was still popping out every 10 minutes. I think updating works, for now. 

It seems that they have removed the malicious link.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...