Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Hello, I also have pentothal.exe in my startup but when I try to show the location it shows an empty not-existing map in my C:/ProgramData folder. I did the steps above and attached the results. How do I proceed? Kind regards, Joris Addition.txt FRST.txt
  3. Hi Nathan, thank you for your explanation. I am totally understand your point of view. The monitoring software you describe can also not coming into Play Store. We wanted to provide a solution which is on basis of mutual trust. This is why we have had to contact Google Play Developer Support and clarified how the app have to be designed. One of the points was that the software should not provide any data without notifying the device owner that the certain data was requested, like "Papa have just checked your location". Many of our customers are couples who share their data with each other, just saying they have nothing to hide. Of course one can put the app in white list on the phone if he/she trust it, but there are some inconveniences: the scan shows that there is a "Malware found". This is what customers don't understand, when they install the app for the first time. They are thinking we want to stole their data. See screenshot: even when putting it into white list, you see this message: "You have added Malware with known dangerous behavior to the whitelist". The first thing our customers thinking is: "this app is a virus" and these are the messages we getting in our support channel every day, and have to explain: "no this is not a virus, you can use it on the purpose to share your information with your partner". See screenshot: Moreover, our app is used by businesses in some countries to monitor company devices. The fact that the app is detected as Malware ruins our reputation and, accordingly, our business. Is there a way we can additionally change something in our app to not to be detected as Malware by Malwarebytes? Best regards, Ruslan
  4. I'm not seeing anything in the folder. Quite late for me. I'll check back again tomorrow and see. Please verify the upload completed and was not stopped by any security software
  5. What is QuickGo Search?The Malwarebytes research team has determined that QuickGo Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by QuickGo Search?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did QuickGo Search get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove QuickGo Search?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of QuickGo Search? No, Malwarebytes removes QuickGo Search completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the QuickGo Search hijacker. They would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxp://www.quickgosearch.com/webs?s=chdsext2&q={searchTerms} CHR DefaultSearchKeyword: Default -> Quickgo Search CHR Extension: (Quickgo) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi [2019-12-06] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0 Adds the file background.js"="12/4/2019 2:07 PM, 2352 bytes, A Adds the file check.png"="3/28/2019 11:57 AM, 95 bytes, A Adds the file manifest.json"="12/6/2019 9:29 AM, 1649 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0\_metadata Adds the file computed_hashes.json"="12/6/2019 9:29 AM, 239 bytes, A Adds the file verified_contents.json"="12/4/2019 10:12 PM, 1751 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0\icons Adds the file icon128.png"="12/6/2019 9:29 AM, 4252 bytes, A Adds the file icon48.png"="12/6/2019 9:29 AM, 1855 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "clckghfbcfachnecdmnikmenagnenkbi"="REG_SZ", "784644E66D8ACC6173B6B1714E49597B68398D4E110FB87913452EC4DC030D99" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/6/19 Scan Time: 9:12 AM Log File: 311535a8-1800-11ea-adde-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.770 Update Package Version: 1.0.15768 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234858 Threats Detected: 15 Threats Quarantined: 15 Time Elapsed: 10 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.QuickGoSearch, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|clckghfbcfachnecdmnikmenagnenkbi, Quarantined, 214, 692674, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.QuickGoSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0\_metadata, Quarantined, 214, 692674, , , , PUP.Optional.QuickGoSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0\icons, Quarantined, 214, 692674, , , , PUP.Optional.QuickGoSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0, Quarantined, 214, 692674, , , , PUP.Optional.QuickGoSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CLCKGHFBCFACHNECDMNIKMENAGNENKBI, Quarantined, 214, 692674, 1.0.15768, , ame, File: 10 PUP.Optional.QuickGoSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 214, 692674, , , , PUP.Optional.QuickGoSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 214, 692674, , , , PUP.Optional.QuickGoSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CLCKGHFBCFACHNECDMNIKMENAGNENKBI\2.6_0\BACKGROUND.JS, Quarantined, 214, 692674, 1.0.15768, , ame, PUP.Optional.QuickGoSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0\icons\icon128.png, Quarantined, 214, 692674, , , , PUP.Optional.QuickGoSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0\icons\icon48.png, Quarantined, 214, 692674, , , , PUP.Optional.QuickGoSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0\_metadata\computed_hashes.json, Quarantined, 214, 692674, , , , PUP.Optional.QuickGoSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0\_metadata\verified_contents.json, Quarantined, 214, 692674, , , , PUP.Optional.QuickGoSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0\check.png, Quarantined, 214, 692674, , , , PUP.Optional.QuickGoSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\clckghfbcfachnecdmnikmenagnenkbi\2.6_0\manifest.json, Quarantined, 214, 692674, , , , PUP.Optional.QuickGoSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 214, 663236, 1.0.15768, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. A lively band.. I really love country music and used to watch TCN network, but of late it has become premium , so watching the YT channel of it in freeintertv..
  7. Hello @DrewPeacock and Malwarebytes for Windows has been a globally known product for many years. By the time you notice the new Offline Installer, the new installer executable is likely to have been uploaded multiple times to VirusTotal where the most industry popular digests have been calculated and published with the file's VT overall analysis. Additionally, the file's digital signature, plus countersigning, may be sought & examined. This holds true for the executables, drivers and DLLs that constitute the modules and other internal files within the installed product. Independently you may also verify the digital signature(s) through the use of Microsoft's Sysinternals' Sigcheck, Windows File Explorer and other methods. When it comes to the Network Installer (digitally signed/countrsigned), I believe that proprietary and fairly articulate security methodologies are already in-place. However, a Malwarebytes staffer would need to comment further. Frequently VT community member endorsements may also be added and their member public reputations viewed for all to trace. Coincidentally, much of the above holds true for the Malwarebytes AdwCleaner product. As far as posted or linked checksums, "you can lead a horse to water but you can't make him drink." -English Proverb HTH
  8. G'day @AdvancedSetup A .dmp has been uploaded. Let me know if it's the proper one. Thanx
  9. The only other thing that I saw that could interfere with the connection is Internet Download Manager. Uninstall that temporarily.
  10. Today
  11. "http://www.freeintertv.com/view/id-3334/1-1-0-1"
  12. Hello @DChenery02 Please run the following scan for us so we can get a better look at what might be going on. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you Ron
  13. If you're still having issue then please post the following logs as an attachment. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you
  14. Great,, glad to hear. I will go ahead then and close this topic but if you do need anything further please let us know. Take care
  15. I've sent you 2 private messages. Please follow those directions or let me know in the PM if there are any issues. Thanks
  16. Thank you for the feedback. This has been submitted already but I'm not sure when it will be implemented. I'm not 100% sure but the checksum for CCLeaner and Mint would probably have been the same one as the file was built and served from their own systems. If that were the case the checksum would not matter as it would match what their website said but we get where you're coming from on this.
  17. Please gather and provide logs with the Malwarebytes Support Tool so we can take a closer look at the issues you're experiencing. https://support.malwarebytes.com/docs/DOC-2396
  18. Some products detect uTorrent either because of heuristics signatures that look for new/unknown threats, and others appear to be detecting it due to the fact that uTorrent has been known to sometimes come bundled with a PUP (Potentially Unwanted Program) known as OpenCandy. Malwarebytes would block OpenCandy so I'm sure you aren't infected with that PUP, however you can learn more about what OpenCandy is by reviewing the information found here. As for why Malwarebytes blocked uTorrent, this is because uTorrent, and all Bittorrent software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through uTorrent) and because of this, sometimes uTorrent will connect to a server that is also known for hosting malicious content. This is because servers/IP addresses are often shared by multiple sites, so while what you are downloading through uTorrent may be perfectly safe, some of the sites hosted on some of the IP addresses that uTorrent connects to may be malicious. Such connections are not a threat however, and you may exclude uTorrent from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content). To do so, add uTorrent.exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article. File sharing involves using technology that allows internet users to share files that are housed on their individual computers. Peer-to-peer (P2P) applications, such as those used to share music files, are some of the most common forms of file-sharing technology. However, P2P applications introduce security risks that may put your information or your computer in jeopardy. Risks of File-Sharing Technology I hope this helps, and if there is anything else we might assist you with please let us know.
  19. @Geecogs How are you doing, Just checking up to if your issue is resolved.
  20. Well, on my side I can confirm that cleaning and re-installing using the provided tool works perfectly. I did not have any problem since then. So the conclusion is : "Clean and Install, but do not upgrade"
  1. Load more activity
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.