Jump to content

All Activity

This stream auto-updates

  1. Past hour
  2. hi thanks. I had already run this program 2 weeks ago, but noticed the change the video suggested about scanning loaded modules/reboot. So I tried that, and alas, nothing found. see attached log (ran it twice, which is why its a bigger log) TDSSKiller.
  3. My client's web application at hxxps://live.quizquizquiz.com, as well as an internal application hosted on the same IP address, is blocked with the reason of "trojan". Please can you review the reason for this block and let me know if any action is needed at our end, as well as removing the false positive? Many thanks.
  4. I noticed you ask everyone for these logs, but you do not tell anyone how much personal and private information might be stored in them. Word documents, Excel spreadsheets, etc are all listed. While you may not have access to the data in the documents, there could be personal/private information that is in the name (banks, IRA/401k, credit cards, etc). You might consider telling people that. That being said, I have included a redacted version of the files. FRST.txt Addition.txt
  5. Help! The "Website blocked due to phishing" problem has returned. I don't see this on the website's home page, and not always on the first sub-page that I visit. But eventually it appears, and once it does it seems to show on all pages. Again, the website is www.mifflinsoaring.org Here's the info that appears in the box that pops up (and which persists for only about 20% of the time necessary to copy its info): Domain: www.mifflinsoaring.org.dream.website [this is a site hosted by DreamHost] IP address: Port: 80 Type: Outboun
  6. Hello! Thanks for your assistance. Unfortunately, the situation hasn't changed and MalwareBytes still detected and blocked the same two applications as before. After that I also signed out of my Firefox and restarted my computer again. Unfortunately, the problem remains and the two applications showed up again. Sincerely Flau Fixlog.txt
  7. Hello, The block will be removed. Thank you and let us know if you need any additional help!
  8. Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The Computer will restart when the fix is completed. It will create a log (Fixlog.txt) please post it to your reply.
  9. Today
  10. Hi, my client has the website https://b-stick.dk/ blocked by Malwarebytes. It is not blacklisted on other security services. The site was infected, but has been cleaned up, updated and is now protected by new and better security. Can you please unlock, thanks.
  11. Does this mean I'm infected with a new strain of this ransomware that doesn't have a decryption method yet?
  12. Hi, This tool looks great but when I try to extract Asset Information I get this error message. Doesn't matter how many Asset there are. Does anyone can help me with this? Thanks in advance
  13. The IP address is blocked. Just in case you missed it, the log files are attached in the previous post. Thanks, Jeng
  14. TeMerc and Dashke, Thank you for your quick responses. The websites in question belong to a local ISP and are used for Webmail. I will call the local ISP and inform them of your feedback. Dashke, I will forward the malicious script code you posted to the local ISP. Thanks again for your responses and have a great weekend!
  15. Hello @David59, I replied to your support ticket. There seems new variant that might be causing this issue.
  16. Update on the firewall rule: I created an outbound rule in the Windows Firewall setting: This should do it, right? Thanks, Jeng
  17. Greetings, Recently one of our customers contacted us and reported that www.pori.fi & pori.fi (latter being a redirect) is currently being blocked by Malwarebytes Browser Guard. The reason for the block is stated as "Website blocked due to phishing" We checked on our end, and we haven't found any issue that would lead to the domain being blacklisted. We believe that this might be a false-positive. We would politely request that if that you could whitelist/unblock the site in question.
  18. Thank you for helping! But when I try decrypting my files with the "STOP Djvu" software I get this error message on all files: Error: No key for New Variant online ID: UMxKWCt3ZhBU8CPXdPsZ8IDzZxzXMI12EUMDqGQN Notice: this ID appears to be an online ID, decryption is impossible
  19. Hey Kevin, Please see the logs in the attachment. For the Firewall rule, I will google that up and do that. Thanks, Jeng FRST.txt Addition.txt
  20. Hiya jengang31, Yes I agree, orange is classed as possibly suspicious but not confirmed. I would leave them alone, I can have a look at Firewall settings in FRST logs. Are you OK to create a Firewall rule to block the problem IP. More reseach does confirm as malicious and guiding you to Ad supported domains.... Thanks, Kevin..
  21. Ahh thanks! I scrolled through the detected items and they are all orange: I guess I will not click the Removal button in this case. I will rerun the FRST and upload the new logs next. Thanks, Jeng
  22. Hello, The block will be removed. Thank you and let us know if you need any additional help!
  23. Apologies, yes you can remove from where you`re at, also only remove items that are RED
  24. Hello DepoC and welcome to Malwarebytes, Can you post the ransom note and attach a copy of one of the encrypted files.... Thank you, Kevin.
  25. Hey Kevin, I haven't closed the result windows, can I click remove directly there? Also, just would like to reconfirm before I click remove - the detected items seems mostly from Glasswire, which is a software for my Network Monitoring and Firewall. Do we need to remove that? Thanks, Jeng
  26. Hello rihabh and welcome to Malwarebytes, Can you post the ransom note and attach a copy of one of the encrypted files.... Thank you, Kevin.
  1. Load more activity
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.