Kaspersky
Question

KIS19 keeps alerting me about blocked file - cannot trace origin


Windows 10, KIS19 obtained from ISP (Consolidated communication).

Since this morning, when Chrome is open I get this alert every 15 seconds or so (in fact, looking at the alerts, I get 4 every minute):

code:
08.07.2019 12.34.47;
Blocked an advertisement website or a URL that can be used by criminals to damage your computer or personal data;
https://jonysource.com/213db237bbd6bf854a.js;
https://jonysource.com/213db237bbd6bf854a.js;
URL;Google Chrome;07/08/2019 12:34:47


If I turn off Chrome (including taskbar icon) alert stops.
I have purged chrome cache, history and everything else I could (aside from saved passwords) but it continues. I had to stop showing the alerts as they were continuous.

I searched for the website but found nothing of relevance.
I tried opening the website (but not the .js file) in a Virtual Machine but even there I got a malware alert, so I did not continue.

I need to find out what is trying to download or access this URL on such a regular schedule.

In looking at the "detailed report" in the middle of all these alerts I also found the following alerts"

Same site but favicon.ico
code:
08.07.2019 11.53.06;Blocked an advertisement website or a URL that can be used by criminals to damage your computer or personal data;http://jonysource.com/favicon.ico;http://jonysource.com/favicon.ico;URL;Google Chrome;07/08/2019 11:53:06


same site but /robots.txt file
code:
08.07.2019 11.53.06;Blocked an advertisement website or a URL that can be used by criminals to damage your computer or personal data;http://jonysource.com/robots.txt;http://jonysource.com/robots.txt;URL;Google Chrome;07/08/2019 11:53:06


same site but actual website rather than a file therein.
code:
08.07.2019 11.53.06;Blocked an advertisement website or a URL that can be used by criminals to damage your computer or personal data;http://jonysource.com;http://jonysource.com;URL;Google Chrome;07/08/2019 11:53:06


Then I also found these:
Under title: "Object (File) Detected"
code:
08.07.2019 12.34.47; Object (file) detected; https://jonysource.com/213db237bbd6bf854a.js;not-a-virus:HEUR:AdWare.Script.Generic;https://jonysource.com/213db237bbd6bf854a.js;Google Chrome;Adware;07/08/2019 12:34:47


and this under "Download Blocked"
code:
08.07.2019 12.34.47;Download blocked; https://jonysource.com/213db237bbd6bf854a.js;not-a-virus:HEUR:AdWare.Script.Generic;https://jonysource.com/213db237bbd6bf854a.js;Google Chrome;Adware;07/08/2019 12:34:47


All of the other alerts are for the JS file under the heading "Blocked an advertisement website or a URL that can be used by criminals to damage your computer or personal data"

Beside the annoyance, I don't know what level of risk I am facing. Since I had to turn off alerts to be able to work in peace, I could be missing other important notifications.

I can sterilize Chrome (uninstall and install again), but before I do that I'd like to see what other options are available.

Thank you.

This topic has been closed for comments / Тема закрыта для комментариев

22 replies

Userlevel 7
Badge +1
Welcome. Kaspersky Settings > Additional > Threats and exclusions > Detection types > enable Detect Other Software.
and do a databases update > reboot, then do a scan.

Clear the contents of your Temp folder, instructions: http://support.kaspersky.com/1161 and then reboot.

After that, uninstall any recently installed junk > reboot.

After that, uninstall any and all junk toolbars > reboot.

Uninstall/disable any and all junk browser add-ons and extensions and plugins in all of your browsers.

Remove the junk argument from the target field of the browser shortcut properties.

Remove any and all junk search providers in all of your browsers.

Then if need be, change your home page, in all of your browsers.

How to clean up your browsers: http://support.kaspersky.com/us/viruses/solutions/10319

If you are using a router, reset the router, change the router password to a strong password, enter the correct information according to your internet providers instructions, then clear browser cache and cookies, reboot.

Any better after that?
Hi, conticreative

Thank you for your post
Just for information, I have the same problem
It started on yesterday evening

I already tried to uninstall and reinstall chrome without change

What is surprising is that i get this alert on any/every website i go to with chrome

I switched to MS Edge and Firefox and browsed the samed website without getting any reference to jonysource.com

So for now I uninstalled chrome and switched to Firefox

I'll try to follow this post
Thank you again

Best regards
--
Nassim Bennouna
Userlevel 7
Badge +6
Windows 10, KIS19 obtained from ISP (Consolidated communication).

Since this morning, when Chrome is open I get this alert every 15 seconds or so (in fact, looking at the alerts, I get 4 every minute):

code:
08.07.2019 12.34.47;
Blocked an advertisement website or a URL that can be used by criminals to damage your computer or personal data;
https://jonysource.com/213db237bbd6bf854a.js;
https://jonysource.com/213db237bbd6bf854a.js;
URL;Google Chrome;07/08/2019 12
:34:47




Adding to the contribution from Richbuff.
Anti-virus software exists to protect us, at the end of the day, freewill and freedom of choice is done with full understanding and acceptance of potential risks.

I just switched to another AV and uninstalled Kaspersky, and am not getting the alert now.
Welcome. Kaspersky Settings > Additional > Threats and exclusions > Detection types > enable Detect Other Software.
and do a databases update > reboot, then do a scan.

Clear the contents of your Temp folder, instructions: http://support.kaspersky.com/1161 and then reboot.

After that, uninstall any recently installed junk > reboot.

After that, uninstall any and all junk toolbars > reboot.

Uninstall/disable any and all junk browser add-ons and extensions and plugins in all of your browsers.

Remove the junk argument from the target field of the browser shortcut properties.

Remove any and all junk search providers in all of your browsers.

Then if need be, change your home page, in all of your browsers.

How to clean up your browsers: http://support.kaspersky.com/us/viruses/solutions/10319

If you are using a router, reset the router, change the router password to a strong password, enter the correct information according to your internet providers instructions, then clear browser cache and cookies, reboot.

Any better after that?


Hi. I'm having the same problem and I already had the "detect other software" option enabled. I have not installed any new programs, apps, or extensions recently and this is only happening with the Chrome browser. A scan doesn't turn up anything. I'm getting "download blocked" from jonysource.com notifications every time I open a new tab or reload a page. Someone needs to notify the virus/malware database people at Kaspersky about this issue. If Kaspersky can alert me to a problem, but the scan doesn't find anything, that's a problem on Kaspersky's end. Malwarebytes Premium can't find anything, either, which leads me to wonder if it's a false alarm. Can someone at Kaspersky please look into resolving this issue? We can't be the only ones having this trouble and you're going to have a lot of disgruntled customers on your hands.

This is what KIS keeps telling me the web address is: https://jonysource.com/213db6bf854a.js

jonysource.com doesn't exist, so I don't understand how this malware is originating from a nonexistent site.
Hi nej

I can't tell where as joysource is or not really a malware but at least i find really "surprising" that suddenly a js on this site is requested on EVERY page i go to and this is happening ONLY with chrome

What is also disturbing is that on another computer at work i couldn't find evidence that the same js is being requested (on the same websites)

So there is a possibility , I think, that there is indeed some type of malware or compromission

But still I agree with you , a scan should report something ...
Hi nej

I can't tell where as joysource is or not really a malware but at least i find really "surprising" that suddenly a js on this site is requested on EVERY page i go to and this is happening ONLY with chrome

What is also disturbing is that on another computer at work i couldn't find evidence that the same js is being requested (on the same websites)

So there is a possibility , I think, that there is indeed some type of malware or compromission

But still I agree with you , a scan should report something ...


Hi Nassim. When you reinstalled Chrome, did you do a clean reinstall or did you opt to keep Chrome data? (Sorry, it's been so long since I've had to do this and I can't remember how/when it asks if you want to keep the data or erase all traces of Chrome.) I've done a clean reinstall before when Chrome became infected and it resolved my problems, but now I'm worried that it might not work if others have already tried it with this particular bug.
Hi nej

I didn't cleanup before reinstall
I'll try tonight deleting cache, cookies ... and then reinstall
Userlevel 7
Badge +1
Also, in addition to what Nassim indicates in the post located above this post,

If this issue continues, please contact Tech Support: https://my.kaspersky.com/support/

Please attach the following items to your Tech Support request:

a. Description of the issue.
b. Screenshot, as needed.
c. GSI
Userlevel 7
Badge +6
jonysource.com doesn't exist, so I don't understand how this malware is originating from a nonexistent site.Nassim wrote:I can't tell where as joysource is or not really a malware

(Additional to all previous information)

Nej & Nassim,
  • jonysource.com is a domain, registered 5 days ago; it is a source of ADWARE (malware)
  • Using 3 separate browsers, Kaspersky detects the ADWARE.
  • It's possible to go to safe websites that have UNSAFE embedded links (e.g. 213db6bf854a.js).
  • Sometimes the safe website owners don't even know their site is contaminated.




Below, various reading references for ADWARE:
https://www.kaspersky.com/blog/adware-in-chrome-extensions/25668/
https://www.kaspersky.com/blog/tip-of-the-week-2016-changes-control/10174/
https://www.kaspersky.com/blog/adware-toolbar/5513/
https://www.kaspersky.com/blog/tip-of-the-week-stop-adware/11354/
https://www.kaspersky.com/blog/what-is-hoax-report/27282/
https://www.kaspersky.com/blog/whats-the-deal-with-adware-on-android/3013/
Hi,

Sorry i couldn't report earlier
I confirm that reinstalling after cleaning up cache, cookies, history, made the problem disappear on my installation
But, still i go with Firefox for now 🙂

I guess, there is a vulnerability either in chrome or one (or more) of the chrome extensions i installed that allows jonysource js to be "pushed" in every page/request at some point

@FLOOD
>It's possible to go to safe websites that have UNSAFE embedded links
I understand that but i doubt the problem is just a compromised media company
Of course i might be wrong

Just for information a few other sources point now to the present thread and might have interesting informations :
https://support.google.com/chrome/thread/9569385?hl=en
https://stackoverflow.com/questions/56959269/jonysource-com-metrics-errors-in-react-app-with-stripe


Regards
--
Nassim
Userlevel 7
Badge +1
If this issue continues, please contact Tech Support: https://my.kaspersky.com/support/

Please attach the following items to your Tech Support request:

a. Description of the issue.
b. Screenshot, as needed.
c. GSI

I have been following this thread and trying the remedies you recommend. The problem persists. I was hoping for a Kaspersky update which would solve this issue. The URL used to be "jonysource.com," but now it is "proudflex.org."


Userlevel 7
Badge +1
Welcome. Looks like some kind of junk, or junk leftovers.

Kaspersky Settings > Additional > Threats and exclusions > Detection types > enable Detect Other Software.
and do a databases update > reboot, then do a scan.

Clear the contents of your Temp folder, instructions: http://support.kaspersky.com/1161 and then reboot.

After that, uninstall any recently installed junk > reboot.

After that, uninstall any and all junk toolbars > reboot.

Uninstall/disable any and all junk browser add-ons and extensions and plugins in all of your browsers.

Remove the junk argument from the target field of the browser shortcut properties.

Remove any and all junk search providers in all of your browsers.

Then if need be, change your home page, in all of your browsers.

How to clean up your browsers: http://support.kaspersky.com/us/viruses/solutions/10319

If you are using a router, reset the router, change the router password to a strong password, enter the correct information according to your internet providers instructions, then clear browser cache and cookies, reboot.

Any better after that?
Welcome. Looks like some kind of junk, or junk leftovers.

Kaspersky Settings > Additional > Threats and exclusions > Detection types > enable Detect Other Software.
and do a databases update > reboot, then do a scan.

Clear the contents of your Temp folder, instructions: http://support.kaspersky.com/1161 and then reboot.

After that, uninstall any recently installed junk > reboot.

After that, uninstall any and all junk toolbars > reboot.

Uninstall/disable any and all junk browser add-ons and extensions and plugins in all of your browsers.

Remove the junk argument from the target field of the browser shortcut properties.

Remove any and all junk search providers in all of your browsers.

Then if need be, change your home page, in all of your browsers.

How to clean up your browsers: http://support.kaspersky.com/us/viruses/solutions/10319
If you are using a router, reset the router, change the router password to a strong password, enter the correct information according to your internet providers instructions, then clear browser cache and cookies, reboot.

Any better after that?

All done and no change.
Userlevel 7
Badge +1
If reset and/or un and re install Chrome does not work, please contact Tech Support: https://my.kaspersky.com/support/

Please attach the following items to your Tech Support request:

a. Description of the issue.
b. Screenshot, as needed.
c. GSI
Userlevel 7
Badge +6
All done and no change.
Hello GregP507,
As well as the advice from Richbuff.
  • Proudflex is a safe site, however, it's also the source of embedded adware. '
  • Components of the site are configured to automatically download/install.
  • The scan report will not show anything, bc, Kaspersky is blocking the js files.
  • The detections show in the KIS REPORTS Web Anti-VIRUS, see attached report.
  • Have you asked the Malware experts/Lab, to analyse the .js files?



  • Please let us know?
Thanks!
Try deleting google app launcher extension to get rid of proudflex problem
Userlevel 7
Badge +6
Advice from Kaspersky experts: SPECIFIC to proudflex

" The detection is correct, as Kaspersky applications classify the specified objects as Adware and do not identify them as malicious. The notifications displayed are informative and correct. "

"Legitimate software which can be used to damage a computer are generally classified as riskware which also includes adware. In your case, the codes on the website have been detected to be adware which can be used to generate advertisements and collect marketing data. Riskware by itself is harmless, but it can be exploited. More information about riskware and adware can be found here:

https://www.kaspersky.com/resource-center/threats/riskware
https://www.kaspersky.com/resource-center/threats/adware "
Userlevel 2
Badge
Hi @conticreative

Also, plus what FLOOD has indicated above,

Sometimes kaspersky is not able to detect Adwares that is in your browser despite making sure that the recommended settings for kaspersky is running. So what kaspersky will do for this undetected Adwares is block any malicious downloads that could potentially harm the computer.

Are you still having the issue on your chrome?

If you, I highly suggest resetting your browser back to the default settings or uninstall or re-install chrome to remove the Adware.

You can check on this link for the instructions on how to reset the chrome browser:
https://support.google.com/chrome/answer/3296214?hl=en


Regards,
"30.07.2019 15.30.49;Blocked an advertisement website or a URL that can be used by criminals to damage your computer or personal data;https://proudflex.org/213db237bbd6bf854a.js;https://proudflex.org/213db237bbd6bf854a.js;URL;Google Chrome;07/30/2019 15:30:49"


I kept getting ". https://jonysource.com/ ..." around mid-July to Early August 209 that later changed to " https://proudflex.org/213db237bbd6bf854a.js",

Kaspersky keep intercepting and notifying advertisement calls to the address.

Tried but could not find a fix. Lived with it for a while now. 😫
Only happens with Chrome Browser.

Today I was able to find the cause of the problem is "Apps Launcher" extension in Google Chrome,🤔

SOLUTION: Either disable or remove the "App Launcher" extension.

I no longer get these. 😁
Userlevel 7
Badge +1
... ... ...

Today I was able to find the cause of the problem is "Apps Launcher" extension in Google Chrome,🤔


SOLUTION: Either disable or remove the "App Launcher" extension.

I no longer get these. 😁

Nice save!

Kaspersky Settings > Additional > Threats and exclusions > Detection types > enable Detect Other Software.
and do a databases update > reboot, then do a scan.

Clear the contents of your Temp folder, instructions: http://support.kaspersky.com/1161 and then reboot.

After that, uninstall any recently installed junk > reboot.

After that, uninstall any and all junk toolbars > reboot.

Uninstall/disable any and all junk browser add-ons and extensions and plugins in all of your browsers.

Remove the junk argument from the target field of the browser shortcut properties.

Remove any and all junk search providers in all of your browsers.

Then if need be, change your home page, in all of your browsers.

How to clean up your browsers: http://support.kaspersky.com/us/viruses/solutions/10319

If you are using a router, reset the router, change the router password to a strong password, enter the correct information according to your internet providers instructions, then clear browser cache and cookies, reboot.

Any better after that?

If still no go, Please post your GetSystemInfo report link, instructions: https://support.kaspersky.com/common/diagnostics/3632

Very lengthy topic thread is amicably closed. If anyone needs help with issue, please start a new topic, because this one is just plain simply too long. 🙂