All Activity

This stream auto-updates     

  1. Past hour
  2. Offline Agents - 11.17.17 The Malwarebytes Support team is aware of an issue that is currently impacting some of our customers. Until this issue is resolved some endpoints may appear offline or have slow response time in the environment. Please be aware our engineering team is working on a resolution to this issue and will have it corrected soon. Thanks for your patience!
  3. blocking websties

    I am getting this too for everything from chrome.exe, firefox.exe to svchost.exe. To me it would appear that MalwareBytes is blocking the domains: g.symcd.com ss.symcd.com gp.symcd.com gn.symcd.com sh.symcd.com gt.symcd.com Which also happen to be Symantec's OCSP responders. So I suspect MalwareBytes is blocking application cert validation check ups to Symantec's OCSP servers because I have a clean build of Windows 10 and it 100% has no Symantec products installed. C:\Windows\system32>nslookup g.symcd.com Server: x.x.x Address: x.x.x.x Non-authoritative answer: Name: e8218.dscb1.akamaiedge.net Addresses: 2600:1415:8:286::201a 2600:1415:8:281::201a 23.53.155.27 Aliases: g.symcd.com ocsp-ds.ws.symantec.com.edgekey.net
  4. @SoH Let's check into Microsoft Security Essentials(MSE), we've seen a few times where it interfere and cause system slowdowns. 1. First try adding the following Malwarebytes files to MSE Excluded Processes (not Excluded Files) C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Reboot may be needed after this step. 2. If the above does not help, turn off the Real Time Protection in MSE. Reboot may be needed after this step. 3. Best results are seen when MSE is completely uninstalled.
  5. Farflt.sys BSOD Cause

    I recently installed the latest version of MBAM (3.3.1). I too have been getting the BSOD error Unexpected_Kernel_Mode_Trap. The Windows minidump file (attached) confirms that the MBAM Ransomware file "farflt.sys" is the culprit. In my case, the BSOD specifically happens in File Explorer. In the left pane of File Explorer, if I single-click on the "+" sign next to C drive to view the sub-folders, the BSOD immediately occurs every time. Interestingly, if I instead double-click the C drive in the right pane of File Explorer, the subfolders are displayed and the BSOD does not occur. To avoid this problem, I have temporarily turned off Ransomware detection in MBAM. I've attached the minidump and and mb-check-results.zip files. Hope this matter can be resolved soon. Thanks Alex mb-check-results.zip 111817-36656-01.dmp
  6. Persistant popup

    Hello @GSDFandF Here is the best way to find that setting: 1. Open the Malwarebytes 3.x UI. 2. Click on the settings pane on the left hand side 3. Under the Applications tab you will find the Notifications option. 4. The Show Malwarebytes notification in windows system tray is the first option in that settings.
  7. One of the clients was able to install after removing Avast anti virus software and the other laptop was lost by an employee so the issue is solved now. Thanks for you reply.
  8. So maybe there is something else going on here. I ran FRST in Safe Mode and it hung at the same place: Scanning (0) Shortcuts (I've attached the files) I've since reinstalled Malwarebytes using MB-Clean. My CPU is still running > 80% and the fan running high. This is a 3mth old i7 laptop with 20GB of memory. Barely any software installed; Office, Adobe Photoshop/Lightroom, Google Earth. I've flashed the BIOS and used the support DVD to update every Driver. I can't see anything else. Malwarebytes Service is the only Process & Service that consistently shows up high in the Resource Monitor. FRST.txt Addition.txt mb-clean-results.txt
  9. Hijack.Autorun (malware)

    Don't worry about time, I'm a very patient person malwarebytes.txt
  10. Hi, Windows has just updated to Fall Creators Update - Build 16299.64, and upon the install, I wasn't able to get back into my main user account - I've since managed to log into an alternate guest account that doesn't have a password, but my own user account is essentially locked out, with me having no way to be able to access it without logging into the kuikdelivery.com domain? If I click on the connections in the bottom right (taskbar), ethernet shows that I'm going through the kuikdelivery.com domain as well. Any help would be greatly appreciated, Thanks.
  11. Hey Guys, I have had some problems on my pc and I had to reinstall windows on it. Ron has been helping me thou i an taking a break for health. Today my Mom's computer keeps shutting off Malwarebytes and after running full Malwarebytes scan it found nothing and a full kaspersky scan found nothing. But just like my pc had and issue I know there is something on her system. I downloaded the Microsoft Malicious Software Removal tool and started scanning and its been going 20 minutes. It has already found many things such as 409 infected files so I will wait till scan is done and hope I can clean it. I do not ever transfer items to or from my parents pc's ever. So I find it strange that she is also infected and that none of her protection noticed anything wrong. She does not do much on her pc except looking for books to buy for her reader and playing the odd steam game. How can I clean her system and remove any malware/virus she may have since nothing was found by Malwarebytes or Kaspersky? She is running Windows 7 64bit if that matters. Please Help. Thanks in advance Fred Wilhelm
  12. Today
  13. Web Protection Keeps turning off

    The latest update seemed to have resolved the problem of web protection tunring off for me - unless Kaspersky Total Security was running a rootkit scan. Quiting and relaunching MBytes solved the problem. Tonight when I powered up and saw lots of messages on the subject and my web protection off I quit and relaunched again and so far so good. Clearly severalmismatches in the system still - each of us finding our own resolution!
  14. Can't install any antivirus!

    Hello, Aura! Im Diogo i think i deleted everything is pirate! Thank you for helping me in this "journey" to cleanup my computer. mbar-log-2017-11-17 (21-13-07).txt
  15. Cannot uninstall, update or remove

    Just an update to all of this, we have 172 machines with MBAM installed over 80ish sites. Mix of Win 10 and 7. 151 of them had to be updated in safe mode. Those group policies you see are from Foolish IT's CryptoPrevent program that is also installed on all of them Thanks again for the help. Jeff
  16. Freezing is not expected after a reboot initiated by Malwarebytes... continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them. Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana AntiMalware again. Click on icon and double click the latest report. Now click File > Save As and choose your Desktop before pressing Save. Attach saved report in your next message. Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Let me see those logs, also let me know if there are any remaining issues or concerns.... Thank you, Kevin... fixlist.txt
  17. Persistant popup

    Hi nikhils, Thanks for your reply. Unfortunately I have no idea how to access the "Show Malwarebytes notifications in Windows System Tray" I've trawled around my laptop, but struggling.
  18. Bad PUPs - can't stop them

    Hello @PeregrineKodiak My screen name is Android8888 but if you wish you can call me Rui which is my real name. Please read the instructions in this link I'm infected - What do I do now? , run the requested scans and provide the logs. We need to see that information in order to help you. Thank you. Rui
  19. Hmm. I have run two Malwarebytes scans now. The first found the four items mentioned in my last post. The second found 16 PUPs. After each scan completed, I quarantined all threats found, and allowed Malwarebytes to initiate a reboot. Both times, the computer froze while on the "Restarting" screen. Is this common? I found your latest post while waiting for the second Malwarebytes scan to complete. After forcing a power cycle to complete the reboot after that scan, I ran FRST as indicated. The log files from both Malwarebytes scans and the two log files generated by the FRST scan are attached. Malwarebytes log 2.txt Addition.txt FRST.txt Malwarebytes log 1.txt
  20. I'll open up Google Chrome or FireFox and after a while Malwarebytes shuts it down and runs a scan. In the quarantine section it shows a file called Cassiopeia pup. I delete the file, but MB continues to do the same thing. I've searched for this file and can't find it to uninstall.
  21. Great idea...I'm gonna go make myself a separate policy just as you described. Thanks
  22. here is the log files you asked for, but i have a feeling they won't be very useful since antiexploit is not working anymore, since i added the files you had me d/l. included in the .zip file is the mbamservice.log, and mbae-default.log the directory C:\Programdata\MBAE_minidumps does not exist, so naturally, i can not add them to the the .zip file MBAMSERVICE.zip
  23. @SoH We are looking over the logs that did make it in detail currently. There may be something else going on due to the issues with fan running and abnormal usage. Our software does not control fan speeds so we are trying to investigate the logs with careful detail. While we are looking over existing information, do the following: Try running FRST in safe mode and attach logs that are able to generate in safe mode, submit the logs. Reinstall Malwarebytes using MB-Clean while we look at logs and see it a new installation behaves the same way MB-Clean
  24. Hijack.Autorun (malware)

    Hi mistercrab My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Can you provide me the Malwarebytes log where I can see the Hijack.Autorun detection?
  25. Hi KingZor My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan. https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.
  26. Cannot delete malware

    Ok so I scanned my pc again, found no malware when I used malwarebytes, then I scanned again with SuperAntySpyware (found some files...I don't know if they were really infected but I deleted them just to be sure), then I runned Ccleaner, but there were not improvements. The virus activates when I connect to internet...you can see the icons from desktop start refreshing ....do you guys have any ideeas? Where the root file is hidden and how to find it? Anything?
  1. Load more activity