Monday, March 20, 2017

Google Analytics white screen of Death caused by Kaspersky Total Security 17.0.0.611 (d)

If you are getting Google Analytics GA (https://analytics.google.com/analytics/web/) White Screen of Death or blank screen, this post will help you.

 A detailed investigate of the cause of white screen of death or blank screen on Google Analytics home page lead to using Google Chrome's development toolswhich allows you to peer behind the loading a page to examine what's the problem. Typically, pages will have errors when resources loaded for the page are missing or blocked, and this can can a cascading errors in the rest dependent dynamic executing scripts, usually code in JavaScript (with extension .js, or .js files).   

On the Google Analytics home page, a major file had been blocked from loading.

In Google Chrome Console revealed that analytics.js was being blocked (see in screen shot below) from loading. This then blocked the entire page from working correctly.

One cause for white screen of death is a recent update to Kaspersky anti-virus product, specifically Kaspersky's Total Security 17.0.0.611 (d). 

 I was suspicious that Kaspersky was the cause, because it was a major (100Mb+) update to the product. 

So I troubleshooted Kaspersky by performing the following steps which all failed; 

1) I turned off Web-Anti Virus and had no effect 
2) AND I have turned off Web Anti-Banner and had no effect 
3) AND I have turned off IM Anti-Virus and had no effect 

Note, that this never happened with Kaspersky before and came as a complete surprise, but I just updated Kaspersky Total Security and like all new releases, bugs get introduced.

Console - error and blocking analytics.js 
https://ssl.gstatic.com/analytics/20170316/web/analytics.js 



































Failing by initial attempts I raised a ticket with Kaspersky Support recommended the following temporary solution when accessing GA, and it worked.

Solution


Kaspersky > Settings > Additional > Network > Do not scan encrypted connections





























Other recommendations from Kaspersky Support for this issue are;
Four things to try, one at a time: 
  1. Kaspersky Settings > Protection > disable Private Browsing > clear browser cache > reboot. Any better after that? 
  2.  Kaspersky > Settings > Additional > Network > Do not scan encrypted connections. Any better after that?
  3. Kaspersky Settings > Additional > Network > Traffic Processing > uncheck Inject Script > reboot. Any better after that? 
  4. Disable Anti Phishing. Kaspersky Settings > Protection > Web AV > bottom of Web AV settings. Any better after that?














Posted by metadataconsulting (profile) at 7:53 PM 4 comments

Thursday, March 16, 2017

Removing Malware, Conduit Search Engine, Perion, UniBlu DriverScanner 2014, Open Candy, BitTorrent toolbar, DivX Toolbar

STEP 1: Uninstall hidden software and the after that, use this AdwCleaner

To remove all the Conduit Search, Uniblue Software (embedded Conduit engine), Bittorrent Toolbar (Conduit) registry keys, DivX Toolbar (Conduit), Ask Toolbar,  Imgburn (Open Cola) files and folders from your computer, we will need to run a scan with the AdwCleaner and Junkware Removal Tool utilities.

Update May 18, 2017 new links


Run a computer scan with AdwCleaner 

The AdwCleaner utility will scan your computer for malicious files and registry keys, that may have been installed on your computer without your knowledge.
  1. Run Bleeping Computer's Rkill . Do not reboot after. This kills background process that may hold files that need to being cleaned.
  2. You can download AdwCleaner utility from the below link.
    ADWCLEANER DOWNLOAD LINK (purchased by Malwarebytes)
  3. Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.

    [Image: AdwCleaner Icon]
    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
  4. When the AdwCleaner program will open, click on the Search button as shown below.

    [Image: AdwCleaner scanning for DivX Toolbar]
    The program will now start to search for malicious files that may be installed on your computer. When it has finished it will display a notepad screen that contains a log file of all the malicious extensions, files, and registry keys that have been detected. Unless you see a program name that you know should not be removed, please close the Notepad window and continue with the next step.
  5. To remove the malicious Toolbar malicious files that were detected in the previous step, please click on the Delete button on the AdwCleaner screen.

    [Image: Adwcleaner removing DivX Toolbar]
    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button.
  6. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.

    Please click on the OK button to let AdwCleaner reboot your computer.

STEP 2: Remove hijacking software Conduit, Open Candy with Junkware Removal Tool

Junkware Removal Tool is a powerful utility, which will remove malicious virus from Internet Explorer, Firefox or Google Chrome.

Junkware Removal Tool has the ability to remove the following types of programs:
  • Ask Toolbar
  • Babylon
  • Browser Manager
  • Claro / iSearch
  • Conduit
  • Coupon Printer for Windows
  • Crossrider
  • Facemoods / Funmoods
  • iLivid
  • IncrediBar
  • MyWebSearch
  • Searchqu
  • Web Assistant
  1. Run Bleeping Computer's Rkill . Do not reboot after. This kills background process that may hold files that need to be cleaned. 
  3. You can download the Junkware Removal Tool utility from the below link:
    JUNKWARE REMOVAL TOOL DOWNLOAD LINK (purchase by Malwarebytes)
  4. Once Junkware Removal Tool has finished downloading, please double-click on the JRT.exe icon as seen below.

    [Image: Junkware Removal Tool]
    If Windows prompts you as to whether or not you wish to run Junkware Removal Tool, please allow it to run.
  5. Junkware Removal Tool will now start, and at the Command Prompt, you’ll need to press any key to perform a scan for the malicious files.

    [Image: Junkware Removal Tool scanning for DivX Toolbar virus]
    Please be patient as this can take a while to complete (up to 10 minutes) depending on your system’s specifications.
  6. When the scan Junkware Removal Tool will be completed, this utility will display a log with the malicious files and registry keys that were removed from your computer.

    [Image: Junkware Removal Tool final log]
  7. Run Malware Bytes ~ 10hrs
  8. Run BleachBit ~10mins (replaces paid CCleaner).
  9. Run HitMan Pro - download trial run - ~5hrs
  10. Run F-Prot Antivirus - free trial ~ 10hrs
  11. Run Microsoft Malicious Software Removal Tool  - ~10hrs
  12. Run Windows Defender in Win 8+ or Windows Security Essentials for Win 7 or less.
  13. Run free Kaspersky Security Scan get it here - ~10hrs
  14. Run free Kaspersky Anti-Ransom-ware Tool get it here - ~ 15 mins
  15. Run your Anti-Virus Solution in Deep Scan Mode - ~5hrs 
  16. Done!

Posted by metadataconsulting (profile) at 2:24 PM 0 comments

Notepad Plus Plus Hacked by CIA now Patched - Your freebie notepad editor got hacked


HACKED BY CIA
Everyone's favorite freebie notepad editor was comprised and targeted by your friendly neighborhood CIA agent as revealed in latest WikiLeaks leak, code-named "Vault 7". 

Action: Upgrade to 7.3.3 immediately. 

Notepad++ official addresses the CIA hack.



Recent Wikileaks release mentions "Notepad++" hack for spying on users, under the section called "Fine Dining Tool Module Lists" at https://wikileaks.org/ciav7p1/cms/page_20251107.html

DLL HijackNotepad++User, Note Taker-Text EditorOperator takes notes or views documents while collection is occurring

For the uninitiated, the Wikileaks"Vault 7" release list a host of exploits for common everyday free and paid  applications by the CIA. The "Fine Dining Tool Module Lists" section list applications whose libraries (used to run the program known as dynamically loading libraries (DLL))  have been compromised and replace. This is know as "DLL Hijack" in the document.  A hijacked DLL enables practically anything to be done by the remote collectors; it can collect keystrokes, take screenshots, record microphone, snoop on your mail and the dreaded scenario of complete control over you computer using a remote administration tool RAT.  


Notepad++ 7.3.3 (change.log) bug-fixs & enhancements:

1.  Fix CIA Hacking Notepad++ issue (https://wikileaks.org/ciav7p1/cms/page_26968090.html).

DLL Hijack Explained

 Read my post on how DLL Hijack works even today for programs including Skype.
Posted by metadataconsulting (profile) at 11:35 AM 1 comments
Subscribe to: Posts (Atom)