geetee 0 Posted January 20 Share Posted January 20 Hi, When opening a new webpage on Google Chrome, I was receiving a pop up warning of a possible threat relating to a RS Voluum A. Any new page I opened it came up with the warning - which I proceeded to press the disconnect tab. I added uBlockOrigin extension onto Chrome (as I saw another thread regarding this) and I stopped getting the warnings. I then went onto the ESET control panel and deleted the files which were in the Quarantine panel. I then did a full PC scan with my ESET product (NOD32 Antivirus), which came back with no threats detected, I have also used Malwarebytes which detects no threats. I have not downloaded anything suspicious, clicked on any links or visited any dodgy sites. I am just wondering if my PC is clean from any threats, as I pressed disconnect on the warnings and deleted the quarantined files, or if I should be concerned? And can anyone tell me what the RS Voluum A. is as I have tried to look online and I think it appears to be an ad tracker which could direct you to potentially unwanted sites/applications which is why it gets blocked. Thanks in advance. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted January 20 Administrators Share Posted January 20 Please provide logs collected with ESET Log Collector. Link to comment Share on other sites More sharing options...
geetee 0 Posted January 20 Author Share Posted January 20 4 minutes ago, Marcos said: Please provide logs collected with ESET Log Collector. Is that something I can find on the ESET control panel under Tools - log files? OR Do i need to follow the link you provided above and download it and run as the above link suggests? Link to comment Share on other sites More sharing options...
geetee 0 Posted January 20 Author Share Posted January 20 47 minutes ago, Marcos said: Please provide logs collected with ESET Log Collector. hopefully this helps. thanks in advance. eav_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted January 20 Administrators Share Posted January 20 The detection is most likely related to Win64/CoinMiner.PQ potentially unwanted application that you have excluded from detection. Link to comment Share on other sites More sharing options...
geetee 0 Posted January 20 Author Share Posted January 20 2 minutes ago, Marcos said: The detection is most likely related to Win64/CoinMiner.PQ potentially unwanted application that you have excluded from detection. thanks. Anyway to remove this program or to include it? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted January 20 Administrators Share Posted January 20 I'd suggest removing the detection exclusions: C:\Users\USER\Downloads\swiftcash-2.1.0\bin\swiftcash-qt.exe C:\Users\USER\Downloads\rapids-qt.exe c:\program files\electra\electra-qt.exe Also you have quite many Chrome extensions installed. Please remove all non-standard ones and add them one by one to narrow it down to that downloads the trojan. Link to comment Share on other sites More sharing options...
itman 1,667 Posted January 20 Share Posted January 20 (edited) 12 hours ago, geetee said: And can anyone tell me what the RS Voluum A. is as I have tried to look online and I think it appears to be an ad tracker Correct. Voluum is ad tracking software. When you added the uBlock Origin extension, it blocked the ad from being displayed on the web page. Additionally, UBlock Origin uses a default TPL that can detect and block voluum.com attempted access; refer to this posting: https://forum.eset.com/topic/37661-jsvoluuma-pop-up/?do=findComment&comment=171600 . If no further Eset alerts occur with the uBlock Origin extension installed, your problem has been resolved. Edited January 20 by itman Link to comment Share on other sites More sharing options...
geetee 0 Posted January 21 Author Share Posted January 21 20 hours ago, itman said: Correct. Voluum is ad tracking software. When you added the uBlock Origin extension, it blocked the ad from being displayed on the web page. Additionally, UBlock Origin uses a default TPL that can detect and block voluum.com attempted access; refer to this posting: https://forum.eset.com/topic/37661-jsvoluuma-pop-up/?do=findComment&comment=171600 . If no further Eset alerts occur with the uBlock Origin extension installed, your problem has been resolved. Thanks. Is it something to worry about as it has me rather anxious as there doesn't seem to be much info online on it? Link to comment Share on other sites More sharing options...
Recommended Posts