Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Dashke

    ANSWERED www.kyivpost.com false/positive

    Thanks Patrick, the block will be removed.
  3. kevinf80

    cdn.immereeako.info trojan!

    Hello OneAnnoyedStudent and welcome to Malwarebytes, If this issue is only happening when you use Chrome lets make fresh clean install of Chrome, see if that helps.. If your Chrome Bookmarks are important do this first: Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks..... Continue for a clean install: Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html Next, Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings/syncSetup hit enter... In the new window that opens "Sync everthing" will probably be selected, scroll down to and select "Managed sync data on Google Dashboard" A new window will open, scroll down to and select "Reset Sync" that will clear synced data from Google Server... Continue to next step to completely Uninstall Chrome.... Next. Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!! Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata) For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Install Google Chrome : Next, Import your Bookmarks... (instructions in the first step) Next, Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en Does that help Thank you, Kevin...
  4. Hello luci and welcome to Malwarebytes, Please download aswMBR from here: http://files.avast.com/files/rootkit-scanner/aswmbr.exe Save to your desktop. Double click the aswMBR.exe, and click Run There will be a short delay before the next dialog box comes up. Please just wait a minute or two. When asked if you'd like to "download the latest Avast! virus definitions", click Yes. Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready. Click the Scan button to start the scan once the update has finished downloading On completion of the scan, click the save log button, save it to your desktop, attach that to your next reply. Note: There will also be a file on your desktop named MBR.dat do not delete this, zip up that file and attach it to your reply.. Next, Run the following: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin...
  5. Hello, can you please recheck the following domain? (https://hosts-file.net/default.asp?s=www.kyivpost.com) www.kyivpost.com Thanks in advance Patrick
  6. TwinHeadedEagle

    False positive from iasrecst.dll

    @JPP What is your operating system? Can you open Command Prompt as Administrator and type this command: sfc /scannow > C:\Users\%USERNAME%\Desktop\sfc.txt Make sure to replace %USERNAME% with the actual name of the user. When the scan is done, please attach sfc.txt found on your Desktop.
  7. Today
  8. Hello, Can you share both scan and clean logs? Thanks
  9. Quarantine folder is used to save removed items. It could easily be the case that removed items are false positives and may have a negative effect on the OS, in that case the item can be restored. I normally leave quarantined items for maybe 3 days, after that I would recommend removal by deletion... If your PC is still slow lets try a clean boot, see if that makes any difference.... Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135 Basically all none MS services are disabled, see how your system runs in that mode. If clean boot makes your system faster and more responsive it is now a process of elimination to find which non MS service(s) was affecting your system... Go through the process again, this time with all MS services hidden again enable the top half of non MS services, re-boot and see how your system responds, if still ok the top half can be left enabled. Repeat again, enable so many of the bottom half then re-boot. Continue until you locate the problem service(s). A process of elimination, a bit long winded but worth the effort. Let me know the outcome... Thanks, Kevin
  10. I assume you are making the point that the infection still returns after removal, that seems to indicate possible rootkit issues. Run the following and attach the logs to your reply: Download and save Adiag to your Desktop, https://www.adlice.com/download/diag/ Right click and select "Run as Administrator" on the first window select Scan Make sure all items are checkmarked, then select Start Scan Do not use your PC as the scan progresses If malicious entries are found select Results, if not close our the application. In the reports window select "Malicious Only" then "Report" In the new window select "Export" then "Text File" name that file Adiag1 and save to your desktop. Close that window. You will be back to main interface, select "Display all" then "Report" In the new window select "Export" then "Text File" name that file Adiag2 and save to your desktop. Close that window, then close out Adiag Attach Adiag 1 and 2 to your reply. Next, Please read carefully and follow these steps. Download TDSSKiller from here http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop. Doubleclick on to run the application. The "Ready to scan" window will open, Click on "Change parameters" Ensure all entries are Checkmarked under Additionl Options, Ensure all entries are Checkmarked under Objects to scan When Loaded Modules is checkmarked a re-boot will be offered, allow that to happen... Continue after reboot select "Change Parameters" make sure entries are checkmarked and then Select "Start Scan" If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach that log to your reply. Thank you, Kevin
  11. Dashke

    ANSWERED Website Blocked

    Thanks, the block will be removed.
  12. TempLost

    Malwarebytes Keeps Breaking Itself

    Also, it's important to note that the support tool contains its own dedicated uninstaller for Malwarebytes and it's advised that it be run in preference to the Windows Uninstaller. The former is far more thorough.
  13. Instructions you seek at the following link: https://winaero.com/blog/how-to-restore-the-trustedinstaller-ownership-in-windows-10/
  14. Yes C:\ drive is where your system is, that is where we will be making changes. If necessary we may possibly have to reset those changes if any have an adverse effect. The same goes for uninstalling programs, if registry damage occurs we have a restore point to correct that damage.
  15. Greetings, We should be able to get your software back up and running again. I noticed that in your logs it shows a couple of things of concern. First, User Account Control is not set to its default configuration. While this may not be the cause of the problem, Malwarebytes, like the vast majority of modern software, was designed to be fully compliant and compatible with UAC so I would advise re-enabling it/resetting it back to its default setting: UAC Settings: =================== SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA DWORD 1 Status: ON SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin DWORD 0 Status: OFF If you require instructions on how to do so, please refer to the information on this page. Next, it appears that you are running an older version of Malwarebytes 3, so I would recommend you try downloading and installing the latest version from here to see if that resolves the issue. If the problem still persists, then please try performing a clean installation by following the instructions below: Download and run the latest version of the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here Please let us know how it goes and if you have any further issues or questions. Thanks
  16. TwinHeadedEagle

    scan found banker.trojan

    Yes, this was a False detection. You can restore that file from quarantine.
  17. the only concerns i have is my computer is slow that he use to be . the seconde thing what should i do with the threat that are in the quarantine in ADWcleaner?? delete them??restore them??? Again million thank you for your assistance.
  18. I hope you are able to help with this. I am getting the same notification each time I open notepad++. I have scanned the program which turned up no problems. -Log Details- Protection Event Date: 12/15/18 Protection Event Time: 9:21 AM Log File: 0594957f-003a-11e9-b30e-9cb6d08e7726.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8331 License: Premium -System Information- OS: Windows 10 (Build 17763.194) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Malware Domain: p0358.cf IP Address: 141.8.224.221 Port: [59023] Type: Outbound File: C:\Program Files\Notepad++\notepad++.exe (end) ======================================================================================================================= I have added exclusions for both the notepad++ file and website but I still get the same notification when I start up notepad++. Thanks for any help you can offer!
  19. cant start mb. i ran the check-tool and it said to post in support forum and attach the zip. Thank you mb-check-results.zip
  20. https://www.yahoo.com/ https://www.yahoo.com/lifestyle/miss-universe-making-history-pageant-133000676.html https://news.google.com/articles/CAIiEJBPUJV-q6xSrowqP5tzN1EqGQgEKhAIACoHCAowocv1CjCSptoCMPrTpgU?hl=en-US&amp;gl=US&amp;ceid=US%3Aen
  21. Testing URL copy/paste https://www.yahoo.com/ https://www.google.com/ https://www.reddit.com/ https://www.reddit.com/r/pics/comments/a6tyeo/fix_our_water_flint/
  22. decided to re-do the steps to avoid report confusion. so first, FRST report then Malwarebytes report ADWCLEANER report and finally, Windows Malware Removal Tool report
  23. miekiemoes

    bxactions from Google play Store

    Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Also see here for more explanation: I verified this file is indeed not malicious. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.
  24. Here is the scan log. scan log.txt
  25. Add me to the list of people hoping for a fix soon on this issue on a Windows 7 (64bit) system. I had the same problems as well with the two most recent beta component updates, and really tried to avoid/postpone this "release" update after seeing that others were experiencing the same hard lockups I was with the betas (frozen system, no mouse or keyboard working, but no BSOD or auto-reboot either, so only resolution was reset button or power-off restart). I moved back off the beta channel and onto the older release (stable version) for a couple of weeks and all was OK again. I thought that I had read in the forums that this update was being "withheld" pending resolution of this, but my system finally self-updated to the 1.0.508 component version on Friday (Dec 14th), and I had my first full lockup upon resuming from standby today (Dec 16th). It's been better than the betas (they caused all sorts of lockups), but sadly not bug-free.
  26. AdvancedSetup

    .tmp popup on every startup

    Okay, please temporarily uninstall all iObit software. If you have a license key make sure you have it available to use to reinstall later on. Once all iObit software has been removed please post back new FRST logs. Thanks
  27. I would say go back and follow their directions closely and have the sample unmodified file they say to use. The log indicates the key was not found to decrypt.
  1. Load more activity
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.