Jump to content

RS Voluum A. threat


Recommended Posts

Hi,

When opening a new webpage on Google Chrome, I was receiving a pop up warning of a possible threat relating to a RS Voluum A.

Any new page I opened it came up with the warning - which I proceeded to press the disconnect tab. I added uBlockOrigin extension onto Chrome (as I saw another thread regarding this) and I stopped getting the warnings. I then went onto the ESET control panel and deleted the files which were in the Quarantine panel.

I then did a full PC scan with my ESET product (NOD32 Antivirus), which came back with no threats detected, I have also used Malwarebytes which detects no threats.

I have not downloaded anything suspicious, clicked on any links or visited any dodgy sites.

I am just wondering if my PC is clean from any threats, as I pressed disconnect on the warnings and deleted the quarantined files, or if I should be concerned?

And can anyone tell me what the RS Voluum A. is as I have tried to look online and I think it appears to be an ad tracker which could direct you to potentially unwanted sites/applications which is why it gets blocked.

Thanks in advance.

Link to comment
Share on other sites

4 minutes ago, Marcos said:

Please provide logs collected with ESET Log Collector.

Is that something I can find on the ESET control panel under Tools - log files? 

OR

Do i need to follow the link you provided above and download it and run as the above link suggests?

Link to comment
Share on other sites

  • Administrators

The detection is most likely related to Win64/CoinMiner.PQ potentially unwanted application that you have excluded from detection.

Link to comment
Share on other sites

2 minutes ago, Marcos said:

The detection is most likely related to Win64/CoinMiner.PQ potentially unwanted application that you have excluded from detection.

thanks. Anyway to remove this program or to include it?

Link to comment
Share on other sites

  • Administrators

I'd suggest removing the detection exclusions:

C:\Users\USER\Downloads\swiftcash-2.1.0\bin\swiftcash-qt.exe
C:\Users\USER\Downloads\rapids-qt.exe
c:\program files\electra\electra-qt.exe

Also you have quite many Chrome extensions installed. Please remove all non-standard ones and add them one by one to narrow it down to that downloads the trojan.

Link to comment
Share on other sites

12 hours ago, geetee said:

And can anyone tell me what the RS Voluum A. is as I have tried to look online and I think it appears to be an ad tracker

Correct. Voluum is ad tracking software.

When you added the uBlock Origin extension, it blocked the ad from being displayed on the web page. Additionally, UBlock Origin uses a default TPL that can detect and block voluum.com attempted access; refer to this posting: https://forum.eset.com/topic/37661-jsvoluuma-pop-up/?do=findComment&comment=171600 .

If no further Eset alerts occur with the uBlock Origin extension installed, your problem has been resolved.

Edited by itman
Link to comment
Share on other sites

20 hours ago, itman said:

Correct. Voluum is ad tracking software.

When you added the uBlock Origin extension, it blocked the ad from being displayed on the web page. Additionally, UBlock Origin uses a default TPL that can detect and block voluum.com attempted access; refer to this posting: https://forum.eset.com/topic/37661-jsvoluuma-pop-up/?do=findComment&comment=171600 .

If no further Eset alerts occur with the uBlock Origin extension installed, your problem has been resolved.

Thanks. Is it something to worry about as it has me rather anxious as there doesn't seem to be much info online on it?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...