s3-us-west-2.amazonaws.com virus

[mamooth]

"s3-us-west-2.amazonaws.com" is supposed to be a browser-hijacker virus. I clearly had some version of it. How did I get it? Dunno. I suspect dodgy Facebook links, and me not running NoScript for a time.

Descriptions say it would redirect searches, but that's not how it affected me. With me, it would only redirect the links on Facebook that go to the cutesy stories about dogs in wheelchairs. It would redirect me to a s3-us-west-2.amazonaws.com fake-Microsoft page, where fake-Microsoft would tell me my computer was infected, and I had to call them right now or they'd cut off my internet in 5 minutes. I'd just close the tab, and that was it. Nothing else bad was happening on my computer. Web searches were all fine. A scan with Malwarebytes showed no problems. No suspicious processes running. Also, the same problem existed when using Microsoft Edge.

Reading up on it, various dodgy software programs advertised that they'd remove it. I passed on downloading them, as it's my experience that those programs tend to be malware themselves. They also suggested using the "Reset Firefox" button. I did that. The problem didn't go away.

Not knowing what else to do, I restarted Firefox in Safe Mode. The problem was gone. I restarted Firefox in normal mode, and the problem was still gone. Microsoft Edge, problem gone. The problem hasn't come back.

So, I don't understand what's happening. It looks like the virus is gone, but I don't know if the virus is really gone, or if it's still hiding somewhere. Any ideas?

(And though I grumble when my banking sites all demand an authorization code from my cellphone to proceed, I see the point of it.)

[Brummelchen]

"s3-us-west-2.amazonaws.com" is at first a rentable hosting service
https://aws.amazon.com/s3/

you need the exact IP and maybe some extended informations about send/received data and/or malware then contact amazon aws.

AdwCleaner AdwCleaner Download
Insert [Report] here, then [Cleanup]

[Reflective]

It's not a virus. It's an endpoint: http://www.bucketexplorer.com/documenta ... gions.html

[minutestozero]

I need some serious input on this, please. If the ONLY domain traffic I'm seeing on my home router is the "s3-us-west-2.amazonaws.com", does this mean that it's a virus, or can it mean that the user is using a routerless VPN?

[Brummelchen]

you had serious input
where is the logfile from adwcleaner?

[minutestozero]

Why the hostility? I meant no offense, or to imply that the prior responses were not serious, only that I seriously needed help in this matter. I have limited knowledge with this, and am just trying to understand if the domain traffic that I'm seeing on my home router from one particular pc that is labeled "s3-us-west-2.amazonaws.com" is indication of a VPN or a virus.

For all other users, domain traffic is listed as one would expect. But for one particular laptop, the only domains listed every 10 seconds, is the amazonaws one. I'm trying to determine if the user is trying to be deceptive by knowingly using Amazon Cloud VPN, or if that particular pc is infected. I had blocked the domain on OpenDNS at one point, and the traffic stopped for about 20 minutes...and then restarted with the same doman, but with a cisco domain added into it as well. I'm baffled, and all the research I've done on this particular address indicates either VPN or virus. If there is a way to tell which it is, or direct me to how to find out, I'd be eternally grateful.
If I were able to attach a screenshot, I would. I don't have a link that I can provide, sorry.

[DanRaisch]

See this to post a screen shot to the forum -- http://kb.mozillazine.org/Posting_a_scr ... _the_forum

[Brummelchen]

it was written twice that s3-us-west-2.amazonaws.com is no virus or anything bad.
the TO did not understood that he has an adware problem or a really bad adblocker (not ublock or adblock plus).
this forum is full of complains about fake mozilla or microsoft webpages because users dont use a decent adblocker and get any crap shown.

[minutestozero]

Thanks for the info. I've tried thinking of another way, as I'm at work with highly restrictive filters, and am unable to post it via this method. (I've got a photo of the screenshot saved to my phone).
What essentially is listed is line after line of:
2017-8-09 18:15:00 Macintosh-3 s3-us-west-2.amazonaws.com
2017-8-09 18:14:57 Macintosh-3 clientservices.googleapls.com
2017-8-09 18:14:49 Macintosh-3 s3-us-west-2.amazonaws.com

-The "client services appears once. the amazonaws then appears every 10 seconds before and after. The only exception to the listed domains is one entry at 18:16:22 for
"p26-btmmds.icloud.com.adadns.net" and the Kaspersky virus protection every once in a while at "dnl-07-geo.kaspersky.com"

[minutestozero]

Then, is it indication of a vpn? If not a virus, what is it, and why is it the only domain that shows on traffic?

[Grumpus]

Simple statement is it's not a VPN (Virtual private network) unless you established a VPN on your system.
Secondly, the identity of the server being used for what ever page/site connection you are making.
This latest user agent string, as it appears you have several, makes it difficult to suggest a software solution.
Using things like network utilities, a connection traffic monitor or some other utility which provides either number of connections information or reverse lookups would help if you weren't on some form of mobile device with limited capability.
If you go on line to Google and type in "whois" you can find a service to provide the IP number of the server.
If you feel it is unnecessary and becoming a nuisance, place the IP in your firewall to block.
Most of these amazonaws identities are in the cloud and you may see any number of valid sites which have located their graphics and information on Amazon's cloud service.
In some case, as with Mozilla, when visiting a page there may be some hits from Amazon identified servers.
Blocking them may or may not be beneficial.

[minutestozero]

Grumpus, thank you, thank you, a thousand times, thank you! Your response is incredibly helpful, and I am very appreciative!

[Grumpus]

You're welcome but there are numerous threads on this in both support, general and tech forums.

[Brummelchen]

@Grumpus

you need the exact IP and maybe some extended informations about

he never asked how or wrote a result - why should i care about later?
adwcleaner is still missing so i assume he is not interested in a real solution only in firefox bashing.

the problem is not the problem - the problem is users view to the problem.

[minutestozero]

I'm so sorry for that enormous chip on your shoulder. it must get really heavy. I wasn't looking to bash anything. I was seeking knowledge.
As I had mentioned, I don't have a lot of knowledge in this area, and I wasn't looking to clean up a virus. I was simply asking if it was a virus or if it could possibly be a VPN indication. Because it was the only item showing up on the traffic despite other sites being viewed, I assumed it had to be one or the other.
Thank you again to everybody who responded.