Jump to content
Dodong

7g6njejx.com pop up.

Recommended Posts

Has anyone encountered this 7g6njejx.com pop up block ever since yesterday?

Share this post


Link to post
Share on other sites

Sounds like DGA typical for malware and ad domains, the latter are quite common nowadays.

I have limited connectivity and options this week but I hope that other knowledeable users will be able to provide more information, if needed.

Share this post


Link to post
Share on other sites
23 hours ago, Dodong said:

Has anyone encountered this 7g6njejx.com pop up block ever since yesterday?

This is the quote by the member in CodeProject :

 

Popular member Member 10451815 22hrs 45mins ago 
 
 
arrow-up24.png

I had exactly the same issue since today.

I ran a full ESET scan - nothing.
I ran a full Malwarebytes scan - nothing.
I ran a full Search&Destroy scan - nothing.
Yet the ESET popups about blocked access to 7g6njejx.com kept coming.

When I checked the ESET logs it reported this as a JS/Redirector.NDS trojan.
The traffic was caused by ExpressVPN executable in my case, specifically:
C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe


I uninstalled ExpressVPN but the issue persisted.
I then remembered that ExpressVPN installs brower extension and sure enough they were still present.
I removed the browser extensions and the popups stopped.

My concern is that none of the Antivirus/Malware checks found anything yet it was clearly happening.
So I am not sure whether my system is clean now.

It should probably solve your problem.

 

Share this post


Link to post
Share on other sites
Posted (edited)
4 hours ago, Rami said:

I uninstalled ExpressVPN but the issue persisted.
I then remembered that ExpressVPN installs brower extension and sure enough they were still present.
I removed the browser extensions and the popups stopped.

Appears to be a beacon installed in the ExpressVPN browser extension. Removing the extension fixes the Eset detection alerts.

The question is if that extension is necessary for ExpressVPN to properly handle browser network traffic? In any case, folks need to contact ExpressVPN about this issue.

What doesn't make any current sense is how a browser extension could result in Eset throwing the alert when the browser wasn't open as some posters have indicated? As such, an infected browser extension might only be a partial solution to this issue. Current resolution might require full removal of ExpressVPN until it can resolve the issue and issue a new product download.

A workaround would be to create an Eset firewall rule to block outbound TCP/UDP network traffic from C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe to IP address, 3.218.219.179 . Note that this rule must be placed above any existing C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe rules. Also verify the directory ExpressVPN is installed in. On x(64) systems, it may be in C:\Program Files instead.

Alternatively, one could create an entry in Eset's Web Access Protection "List of blocked addresses" for *.7g6njejx.com/* . This method would be more effective if ExpressVPN changed IP address being used.

Edited by itman

Share this post


Link to post
Share on other sites

I updated my ExpressVPN and it's fine at the moment. I didn't even got my ExpressVPN on browser extension and it was still popping out every 10 minutes. I think updating works, for now. 

Share this post


Link to post
Share on other sites
29 minutes ago, Dodong said:

I updated my ExpressVPN and it's fine at the moment. I didn't even got my ExpressVPN on browser extension and it was still popping out every 10 minutes. I think updating works, for now. 

It seems that they have removed the malicious link.

Share this post


Link to post
Share on other sites

Same for me. ExpressVPN was updated and its ok now.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...