Threat? bnmwork.global

[REDACTED]

Hello,

I hope you can help me. I'm new to this forum and this is my first post. I've had on a few infrequent occasions a new tab open when I'm on Firefox. The address starts with "bnmwork.global" and it's a page trying to look like a Microsoft page but also claiming I've won a new iPhone (logical right?). First couples of times, I just shut it down thinking I may have clicked on an ad by mistake. It's happened a few more times though, but I paid more attention and I know I didn't click on ads and was not visiting any dogdy websites. I did a quick web search but only found websites that seemed dodgy themselves (claiming this was a malware that would allow anyone access to my data and I should download their software to fix it.) I've only had this tab pop open about 6-8 times in the last month or so.

I've tried running a smart scan and nothing was found. I tried running a full virus scan and it's been 1h and it's still at 0%.

So... Does anyone know if I should be worried? Has anyone experienced this before?

I'm using Firefox on mobile and just today and last Friday something similar happened with an obviously fake page "adblock downloaded" (link below) opening spontaneously.
moz-extension://bfb8b2b5-ec94-4fe5-be85-64666f923af3/firstRun.html

Any help or thoughts on the matter would be very welcome!

Thanks!

[Pondus]

Follow instructions and attach requested logs    https://forum.avast.com/index.php?topic=194892.0

[REDACTED]

Thanks, will do!  Might be tomorrow as it's taking a while (and it's late here!)

[Pondus]

Thanks, will do!  Might be tomorrow as it's taking a while (and it's late here!)

naaa,  10minutes   But it is your computer, your choise.  we are here tomorrow also   

[REDACTED]

Hi again,

Here's the logs as requested.

Thanks again for your help 

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF Extension: (Ecosia — The search engine that plants trees!) - C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\gqxtx3zh.default-1453928689064\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2017-05-31]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\gqxtx3zh.default-1453928689064 -> hxxps://www.google.com/search?bcutc=sp-006
2017-10-28 17:53 - 2017-10-28 17:53 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-25 23:15 - 2012-09-07 11:40 - 000000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 23:15 - 2009-07-22 10:04 - 000024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 23:15 - 2012-09-07 11:37 - 000000103 _____ () C:\ProgramData\SetStretch.VBS

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[REDACTED]

Hi,

Here's the fix log.

Thanks!

[Sass Drake]

What is the Firefox status now?

[REDACTED]

Hi,

Do you mean I am still having the same problem? It's not come up yet but as I said it didn't happen very frequently before.

Thanks

[Sass Drake]

Did it showed up again?

[REDACTED]

So far so good. It seems to be OK.

Thanks a lot! 

[Sass Drake]

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.