RS Voluum A. threat

[geetee 0]

Hi,

When opening a new webpage on Google Chrome, I was receiving a pop up warning of a possible threat relating to a RS Voluum A.

Any new page I opened it came up with the warning - which I proceeded to press the disconnect tab. I added uBlockOrigin extension onto Chrome (as I saw another thread regarding this) and I stopped getting the warnings. I then went onto the ESET control panel and deleted the files which were in the Quarantine panel.

I then did a full PC scan with my ESET product (NOD32 Antivirus), which came back with no threats detected, I have also used Malwarebytes which detects no threats.

I have not downloaded anything suspicious, clicked on any links or visited any dodgy sites.

I am just wondering if my PC is clean from any threats, as I pressed disconnect on the warnings and deleted the quarantined files, or if I should be concerned?

And can anyone tell me what the RS Voluum A. is as I have tried to look online and I think it appears to be an ad tracker which could direct you to potentially unwanted sites/applications which is why it gets blocked.

Thanks in advance.

[Marcos 5,085]

Please provide logs collected with ESET Log Collector.

[geetee 0]

4 minutes ago, Marcos said:

Please provide logs collected with ESET Log Collector.

Is that something I can find on the ESET control panel under Tools - log files? 

OR

Do i need to follow the link you provided above and download it and run as the above link suggests?

[geetee 0]

47 minutes ago, Marcos said:

Please provide logs collected with ESET Log Collector.

hopefully this helps. thanks in advance.

eav_logs.zip

[Marcos 5,085]

The detection is most likely related to Win64/CoinMiner.PQ potentially unwanted application that you have excluded from detection.

[geetee 0]

2 minutes ago, Marcos said:

The detection is most likely related to Win64/CoinMiner.PQ potentially unwanted application that you have excluded from detection.

thanks. Anyway to remove this program or to include it?

[Marcos 5,085]

I'd suggest removing the detection exclusions:

C:\Users\USER\Downloads\swiftcash-2.1.0\bin\swiftcash-qt.exe
C:\Users\USER\Downloads\rapids-qt.exe
c:\program files\electra\electra-qt.exe

Also you have quite many Chrome extensions installed. Please remove all non-standard ones and add them one by one to narrow it down to that downloads the trojan.

[itman 1,667]

12 hours ago, geetee said:

And can anyone tell me what the RS Voluum A. is as I have tried to look online and I think it appears to be an ad tracker

Correct. Voluum is ad tracking software.

When you added the uBlock Origin extension, it blocked the ad from being displayed on the web page. Additionally, UBlock Origin uses a default TPL that can detect and block voluum.com attempted access; refer to this posting: https://forum.eset.com/topic/37661-jsvoluuma-pop-up/?do=findComment&comment=171600 .

If no further Eset alerts occur with the uBlock Origin extension installed, your problem has been resolved.

Edited January 20 by itman

[geetee 0]

20 hours ago, itman said:

Correct. Voluum is ad tracking software.

When you added the uBlock Origin extension, it blocked the ad from being displayed on the web page. Additionally, UBlock Origin uses a default TPL that can detect and block voluum.com attempted access; refer to this posting: https://forum.eset.com/topic/37661-jsvoluuma-pop-up/?do=findComment&comment=171600 .

If no further Eset alerts occur with the uBlock Origin extension installed, your problem has been resolved.

Thanks. Is it something to worry about as it has me rather anxious as there doesn't seem to be much info online on it?