How do I block access to reimage.plus?

Balanga · Jan 31, 2017, 1:00 AM

I keep getting directed to reimage.plus when using Chrome on Windows 10.

How do I go about blocking this site via pfSense?

jamesonp · Jan 31, 2017, 1:23 AM

That's a sign of your computer being infected. It could be as simple as a malicious Chrome extension.

You should handle that at a PC level rather than trying to block the redirect.

doktornotor · Jan 31, 2017, 9:00 AM

As noted above, this is not any solution. Disconnect and disinfect/re-image the compromised computer.

Stewart · Jan 31, 2017, 10:43 PM

@jamesonp and @doktonotor are correct in that your PC is infected. However, you could just add an entry into the hosts file for that domain to redirect to 127.0.0.1. If the PC uses the pfSense as it's DNS, you could override it in the DNS Resolver / Forwarder section. Not exactly the proper solution for this issue but could be for similar things. For example, some websites will place advertising over an embedded video that isn't always family friendly and isn't always caught by extensions such as ABP. You could bring up your resource monitor, find the address it's going to, and create an override in the DNS Resolver. That blocks it on the whole network.

marvosa · Feb 1, 2017, 12:12 AM

Your PC is infected with ADware and/or a re-direct Trojan. You could scan your PC with multiple products and you "might" get it clean, but by the time you run your scans, go thru the registry, etc… you could've just re-imaged and been done in half the time.

Especially with Win 10, just use the "Reset this PC" feature and you'll be up and running with a fresh install in like 20 min.

Save yourself the headache and man hours, re-install your OS and then upgrade your AV.

dreamslacker · Feb 1, 2017, 5:33 AM

There shouldn't be a need to reset Windows 10.

Just download and run Adwcleaner, and also reset the browser settings.

Adwcleaner should clean up the relevant registry/ scheduled tasks and also clear up and host file entries.

marvosa · Feb 1, 2017, 9:46 AM

@dreamslacker:

There shouldn't be a need to reset Windows 10.

Just download and run Adwcleaner, and also reset the browser settings.

Adwcleaner should clean up the relevant registry/ scheduled tasks and also clear up and host file entries.

A perfectly viable option, but this pretty much just proves my point. You essentially have two options:

1.

Run an Anti-Virus/Adware/Spyware/Malware scan. I would actually run scans from multiple products with different databases.
Run something like CCleaner to hopefully pick up anything that your AV missed
Run Hijackthis to verify there's nothing left over from the previous two steps
Verify scheduled tasks are clean
Verify the infection didn't add any GPO's
Verify hosts file is clean
Check Programs and Features for leftover apps to uninstall
Run an Uninstaller to verify rogue apps don't leave files or registry entries behind
Cross fingers that the integrity of the OS is still intact and that the infection didn't modify or replace system files, which would force a re-install anyway after all this work

2.

Re-install your OS by leveraging the "Reset this PC" feature of Windows 10

To do option 1 thoroughly, you're easily looking at 2-10 hours of work. For example, anyone remember cleaning PC's with Geeksquad's MRI disc? It was automated and extremely thorough, but took 4-6 hours to run. Now-a-days, it's more efficient and arguably more effective to re-image the PC.

With option 2, you're up and running with a fresh install in 20 min.

It's obviously the OP's call, but time is money, so I know what I would do. Basically, by leveraging the "Reset this PC" feature, you can resolve your issue in less time than it took me to write this reply ;)

Balanga · Feb 1, 2017, 9:37 AM

Can't I trap any adware/trojans at a network level using pfSense?

As for using the "Reset this PC" feature of Windows 10, does that mean having to reinstall all my apps?

doktornotor · Feb 1, 2017, 9:45 AM

OK, so… you have your PC compromised by malware. What you think is the sensible action? Trust some third-party hackery, or do things properly?

Very old article, but still valid points: Help: I Got Hacked. Now What Do I Do?

marvosa · Feb 1, 2017, 10:20 AM

Can't I trap any adware/trojans at a network level using pfSense?

Not with PFsense alone, no. Remember, PFsense is a firewall distro, not a UTM. Are there creative things you can do to stop the virus from communicating back to its home base? Sure, like Stewart suggested…e.g. host file entries, DNS entries, domain overrides, firewall entries, etc, but that's not an effective or efficient way to fight an infected PC and none of those options actually resolve the infection.

As for using the "Reset this PC" feature of Windows 10, does that mean having to reinstall all my apps?

There's an option to keep your files, in which case I believe it will just re-install the system files and keep your apps, but from my perspective… why keep the remnants of a compromised system? Re-building with a clean environment is your best option IMO. Having to re-install your apps will still take less time than trying to thoroughly clean an infected system.