All Activity

Windows Firewall pinged me, telling me to allow "chrome.exe". Is this a false positive by Windows Firewall? Aside from that, are there any other steps or scans I should take to make sure my PC is clean? If not then we should be good.

The site has been whitelisted. Please allow around 30 minutes for the changes to take effect.

Hi, The site has been whitelisted. Please allow 15-30 minutes for the changes to take effect.

Hello, Could you also whitelist https://api.lsp.expert? For a reason this url is also blocked by your software. It would be nice to understand what our urls have been blacklisted. Thank you!

This is our website and it shows v2.6.25 | Heuristics: phishing. Please whitelist

I have not heard of URLscore before but it seems OK. EDIT: It does not seem worth a subscription.

It was an old block due to RDP attacks: https://www.abuseipdb.com/check/146.190.222.240

Anything connected through a compromised WiFi network has the propensity of being targeted and being compromised. However by shear definition a RAT is not a virus. A RAT is the acronym for Remote Access Trojan. Just like a Chevrolet is not a Ford, a virus is not a trojan. All Chevrolets and Fords are automobiles just like all viruses and trojans are malware. Some notes on WiFi security Disable acceptance of ICMP PingsChange the Default Router password using a Strong PasswordUse a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.Disable Remote ManagementCreate separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network. Example: Keep IoT devices on one network and mobile devices on another.Change the network name (SSID). Do not use your; Name, Postal address or other personal information. Make it unique or whimsical and known to your family/group.Is the Router Firmware up-to-date ? Updating the firmware mitigates exploitable vulnerabilities.Specifically set Firewall rules to BLOCK; TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034Many Routers support Saving and Restoring settings from a file. It is suggested to make a backup by saving your Router's settings once it has been configured.Document passwords created and store them in a safe but accessible location.

Thanks for the help. Is there any information you can share on what caused the block originally? We manage that IP so asking just to see if there's something we should be doing.

@AdvancedSetup looks like the forum is dead, no activity. problem has been resolved after updating Windows Firewall Control 6.11.0.0

Closing this topic as it's been resolved.

Hi, Thanks for reporting. The block will be removed.

Hi, The IP (146.190.222.240) block was removed about three weeks ago. Please tell your costumers to check if they're using the latest database.

Dear MalwareBytes Team, I hope this message finds you well. We have recently been informed by our users that our domain, saftehnika.com, has been blocked by MalwareBytes due to alleged fraudulent activity. Attached is a screenshot illustrating this. I would like to clarify that saftehnika.com, along with all affiliated websites under our domain, is owned and operated by our company, AS “SAF Tehnika,” a registered legal entity in Latvia (registration details available at https://www.ur.gov.lv/en/legal-entity/?id=40003474109). We take security and compliance seriously and do not engage in any knowingly malicious activities, including but not limited to fraud or the distribution of malware. If there is any evidence indicating fraudulent activity originating from our online resources, we kindly request that you share it with us so that we can promptly address the issue. However, if there has been a misunderstanding or if there is no substantiated evidence of malicious activity associated with our domain, we respectfully request the removal of saftehnika.com from your blacklist. Thank you for your attention to this matter. We look forward to your prompt response and resolution. Best regards, Viesturs Eihentāls System Administrator IT department, AS "SAF Tehnika"

@JPopovic should the URL be blocked by the browser guard, if there is and instant redirection from https://win.jugabet.cl/casino/wheel-v1 to https://win.jugabet.cl/casino/wheel-v1/ and back to https://win.jugabet.cl/casino/wheel-v1 ? We have localised that some redirections happen, could it be a false positive trigger for Malwarebytes browser guard?

Just for extra clarity, the blocked domain is: https://rbtdaorv.gelato.com/assets/wxyz.rb.js

We're getting intermitent reports of the following domain being blocked: Source domain: gelato.com Blocked domain: rbtdaorv.gelato.com/assets/wxyz.rb.js When I personally visit gelato.com I don't see an issue: But this is the report we've gotten: If there's anything else I can provide please let me know.

Hi, Thanks for reporting. The block will be removed.

@miekiemoes @Porthos Thanks a million for fixing this, I can confirm it works now. This is going to make my life easier.

Additional info, If I use Chrome browser I have no issues. It only happens with Edge.

Malwarebytes detected this website and I want to verify if the detection is legitimate for research reasons. -------------------------------------------------------------------------------------------------------- Website Blocked: modsreloaded.com v2.6.25 | Trojan: 2.0.202404260906 Malwarebytes Browser Guard blocked this page because it may contain malicious activity.

This might help. https://support.threatdown.com/hc/en-us/articles/4413802356755-Anti-exploit-policy-settings-in-Nebula

This may or may not help you, But in the consumer version, you would disable the following setting in the Advanced exploit settings. I do not know if you have similar controls.

Apologies, followed the support links so assumed it was the appropriate place to raise a ticket. I'll do as you suggest. Geoff.

I will ask @Arthi to assist. I do not have experience with With Threatdown. only the consumer version. As a business customer, if you're having issues affecting your business then I would highly suggest you create a Business Support Ticket https://service.malwarebytes.com/hc/en-us/requests/new