All Activity

Hi Malwarebytes team, While accessing this domain http://languagecouncils.sg/, we found there is an alert that says the website is blocked due to trojan. We believe this alert is false positive since it only contains informational content. May we have your assistance in checking on this and unblocking the site? If you confirm that this alert is a true alert, may we know the details of the issue? Thank you.

I have attached 2 sets of logs. Logs 1 is from my initial scan utilizing the 3 programs you suggested sequentially, with malware bytes doing a full system scan. Logs 2 was after reading the link you said for adwcleaner (as i already had it installed) and altering some settings, and rerunning the scans, this time malware bytes was updated and it was just a regular scan. I shall leave Malwarebytes doing a full system scan in between this and your next reply just in case. In terms of results im sure that bitch.exe under visual studio it detected was from a previous project with a friend where he taught me to create my own discord bot, this may be why its being flagged as I'm sure i had to use some external programs for parts of it though. I have quarantined everything just in case. Logs1.zip logs2.zip

Thank you, I appreciate the swift response!

Thanks :D

Hi, Thanks for reporting - We will get this fixed.

Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks

Hello @goofeephoto Please try to clean and reset ALL sync data from the Microsoft Edge browser Reset Microsoft Edge data in the cloud https://learn.microsoft.com/en-us/deployedge/edge-learnmore-reset-data-in-cloud Then run the following Scan with SecurityCheck by glax24 https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/ Scan with FSS Farbar Service Scanner https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/ Scan with Farbar Recovery Scan Tool https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/ Thank you

I'm closing this topic now. However, if you do experience the issue again, please create a new topic and we'll take a look Take care and stay safe out there

HELLO @TomWaeghe Please make the following change in Malwarebytes if you're using the Premium or Trial version Please open Malwarebytes. Click on the small gear icon to open the Settings and go to the Security for MB4 or General tab for MB5 tab. Then turn off "Always register Malwarebytes in the Windows Security Center" Restart the computer It is highly unlikely that you need to setup exclusions for Windows Defender, however if you experience any issues, please see the following article and setup exclusions between Malwarebytes and Windows Defender Malwarebytes for Windows antivirus exclusions list https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list

Thank you for the logs. Please go ahead and run the following Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe How to run a scan with Kaspersky Virus Removal Tool 2020 https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced mode https://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan https://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencrypt C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you

Hi, A VirusTotal scan has this flagged as malware and has for several days. Can I please request its removal from your database. I have read your sticky on VirusTotal flags and it has yet to clear. Hash: 9e1097b510eca063d33f21a18789de8389cc9a1f0bae12e6cdb01999d226b1e8 Filename: HicapsConnectAPIPlugin.exe VirusTotal Link: https://www.virustotal.com/gui/file/9e1097b510eca063d33f21a18789de8389cc9a1f0bae12e6cdb01999d226b1e8?nocache=1 Company Name: HICAPS Pty Ltd (https://www.hicaps.com.au/) a subsidiary of National Australia Bank (NAB) https://www.nab.com.au/ Exe: https://drive.google.com/file/d/1h1SjkJV0Ml50_h8T-zRVrTe4ouivJK3l/view?usp=drive_link (sorry I can't attach it from my work laptop due to the malware flag) This application you have flagged is a piece of software used by my company HICAPS (a subsidiary of National Australia Bank https://www.hicaps.com.au/) to talk to our terminals from our API services. We used this piece of software to facilitate sending card present transactions to the terminal for the end customer to tap and pay. Effectively it allows medical practices to used their practice managed system to send the billable amount to the terminal for the customer to pay. Thanks, Rhys

No protection is 100% and Malwarebytes is no exception. Most infections come from the failure of the device between the keyboard and the chair.

Since it is a test website "made" by Malwarebytes before there was even a Mac version I do not know if it is in the Mac protection database. On Windows, I got the expected block but then I turned on the VPN and no more block. @treed Can give some insight.

Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe After renaming the file right-click over FRSTEnglish.exe and select "Run as administrator" When the tool opens click Yes to the disclaimer if this is the first time using the tool Make sure there is a check mark in the Addition.txt check box Press the Scan button. It will make a log FRST.txt and Addition.txt in the same directory the tool is run from. Please attach both logs to your next reply.

how likely is it that virus can avoid malwarebyte and other av detection

Hi This is the message I gat after running http://iptest.malwarebytes.com/ to test if my Malwarebytes premium was working fine. This is the message I've received... If you are able to reach this page it means that IP protection is disabled on your machine. But the Malwarebytes Premium dashboard says my connection is private. If I go to MacOS security, I have no warning or error message giving me any clue. Anybody as been through this and found a solution? Simon B

If you can not see the Browser Guard icon in the browser toolbar, click the puzzle icon and unhide or pin the icon. If you're having issues with Malwarebytes Browser Guard you may want to try to update the program manually. Click on the extension icon Click the Kebab Menu -> then Support Click the Check for database updates button If still having an issue then click Clear Browser Guard Storage, Restart the Browser, and check for Database Updates again

Please update your Browser Guard. I see no block. Support --> Check for database updates If it is still blocked Clear the Browser guard storage Support --> Clear Browser Guard storage

Thank you so much, how much of time it will take, is there any action i need to take or you want me to just wait until its unblock. because now imotion.my still blocked

I only saw message briefly but I think the BSOD said "Windows was not properly shut down" and then rebooted. Since then I have been rebooting into regular W11 (without a network connection) opening and closing files playing a bit etc without a crash. Could it be a network hardware or software issue? I'll reconnect blue cable today and see what happens

Good day everyone, not sure why but that website is blocked as riskware on malwarebytes. I have a trial license and the report is in the screenshot : Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 4/18/2024 Protection Event Time: 8:05 AM Log File: b5d07196-fd1f-11ee-98dc-c4bde5865965.json -Software Information- Version: 5.1.2.109 Components Version: 1.0.1214 Update Package Version: 1.0.83567 License: Trial -System Information- OS: Windows 11 (Build 22631.3296) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: www.um-surabaya.ac.id IP Address: 103.114.35.113 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)

ok

Hello @jee75: Are you still with us?

The Tor Browser 13.0.14 (All Platforms) has been released. (17-April-2024) Tor Browser 13.0.14 is now available from the Tor Browser download page and also from our distribution directory. Blog/Announcement | Full Changelog |