Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Oh right...that...seems odd since, on a fresh installation of MBAE, the notification appears and it shows up in the log but after a reboot nothing at all... From a users perspective the lack of notification or log that it's actually being protected, when everything else gets a popup and logged, makes you think that it isn't...if that makes any sense to you...it adds doubt Thanks for your reply
  3. Here is report from Malwarebytes. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/19/19 Scan Time: 8:11 PM Log File: ffe51930-6319-11e9-8901-10604b65962c.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10248 License: Premium -System Information- OS: Windows 10 (Build 17134.706) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 438096 Threats Detected: 26 Threats Quarantined: 0 Time Elapsed: 11 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEncrypt.Generic, HKU\S-1-5-21-3112735609-2398618125-4238892646-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|oodblefojaocanejnikhhjcglbaelpbp, No Action By User, [14753], [448980],1.0.10248 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\_metadata, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\css, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\USERS\OFFICE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OODBLEFOJAOCANEJNIKHHJCGLBAELPBP, No Action By User, [14753], [448980],1.0.10248 File: 18 PUP.Optional.SearchEncrypt.Generic, C:\USERS\OFFICE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\USERS\OFFICE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OODBLEFOJAOCANEJNIKHHJCGLBAELPBP\3.4.3.5_0\MANIFEST.JSON, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\css\tooltip.css, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon128.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon16.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon16_disabled.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon48.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\input-checked.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\input-unchecked.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\si-logo.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\bg.js, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\page-protection.js, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\panel.js, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\savesettings.js, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\_metadata\verified_contents.json, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\background.html, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\panel.html, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\settings.html, No Action By User, [14753], [448980],1.0.10248 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  4. Sometimes two Pups. I was running up to date malwarebytes when this infection occurred. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft-office.en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft-office.en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com ***** [ Chromium (and derivatives) ] ***** Deleted FromDocToPDF Deleted Search Encrypt Deleted ibiiaimghkbhffgkkdogldehnidojjga ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock *************************
  5. Sometimes two Pups. I was running up to date malwarebytes when this infection occurred. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft-office.en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft-office.en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com ***** [ Chromium (and derivatives) ] ***** Deleted FromDocToPDF Deleted Search Encrypt Deleted ibiiaimghkbhffgkkdogldehnidojjga ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock *************************
  6. Hi Spritesprint, Thanks for posting. It is expected to not see the balloon notifications pop-up for Chrome and Edge since their protection is not the same in the traditional sense (through DLL injection) as with the other applications. So the behavior you see is correct, but we do have protection for Chrome and Edge browsers adhering to the policies imposed by Google and Microsoft. Thank you.
  7. Just for closure on this one... Today Macrium Reflect brought out their latest version update, to 7.2.4228 (that's for the non-free Macrium Reflect Home edition), which contains the official public release of the "fix" to their CBT driver to truly eliminate the conflict with MBAM that was responsible for this long-exisitng "freeze" symptom some number of Win7 systems. I assume a similar fix would be available in the Macrium Reflect Free version. So even thoug a particular "freeze" issue was reported for MBAM users back last December, and then fixed by Malwarebytes in January, that apparently wasn't the only such "freeze" issue involving MBAM in one way or another. As I've described in this thread, I had early on backed out the problematic December version of MBAM and yet still was having freezes, as I'd been having for the previous few months... long before December. And furthermore, even after applying the January "corrected fixed version of MBAM" that supposedly fixed the freeze, I still continued to have my own freeze symptoms. Obviously MBAM may have had its one particular freeze, but this second one involving a collision with the CBT driver of Macrium Reflect was obviously a distinct and unique issue on its own, that also resulted in a "freeze" symptom. Anyway, this second problem is now apparently 100% resolved (based on my own freeze-free experience beta testing their update for two weeks). so it's now out. If you are a Macrium Reflect user be sure to apply this latest version 7.2.4228 (or newer, in the future) update in order to get the fix to MRCBT.SYS. From their Release Notes: Bug Fixes Change Block Tracker Fixed an issue where a TRIM operation on a Registry hive would cause a dead-lock if some third-party software was holding a lock on the Registry.
  8. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks
  9. I believe that Samuel @exile360 has provided quite a bit of information to help the user make up their own mind if they want to keep a product labeled as PUP or not. As such I will go ahead and close this old topic now. Thank you
  10. Hi. MBAE updated to 1.13.1.63 and initially I noticed that it wasn't protecting Chrome when launching Chrome. I stopped and started protection, deactivated and activated the shield, rebooted but it was still not protecting Chrome. After uninstalling, deleting the "C:\ProgramData\Malwarebytes Anti-Exploit" folder and re-installing, protection for Chrome was activating when launching Chrome... However after rebooting, MBAE again was not protecting Chrome when opening the browser. All other shields seem to be working (excel, word, opera, firefox etc). Just Chrome shield isn't activating on launch (I have the balloon tooltips enabled so I'm conditioned to spot when it doesn't appear on opening the browser after years of use!) I've replicated the issue on several PCs. All exhibit the exact same behaviour. On Windows 7 x64 and Windows 10 x64.
  11. Hello, Can you attach the file we are detecting for review please?
  12. Today
  13. Hi Which web browser is this ? and Is the popup tab a full screen one? or is it just a small one that shows on the lower right bottom of the screen?
  14. Pup keeps showing up within hours after clearing. I quarantene about 27 files with malwarebytes. Then run AdwCleaner which always finds 1 pup. I clear and restart. But it comes right back in a short while. What else do I need to do. Here is the log from AdwCleaner. # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-04-18.2 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 04-20-2019 # Duration: 00:00:16 # OS: Windows 10 Pro # Scanned: 27356 # Detected: 1 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Legacy dhhjmlmdpcpiojiffodbldlkgcnaeogp ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found.
  15. Hi, Stick with the support ticket. Be sure to do what the automated response suggested, which may likely be to run the Support tool at some point. If you have not attached a Copy of the CD showing the License Keys, I would do so, and be sure to mention where the purchase was made. The lifetime license is only for one Windows pc.
  16. Hello No difference, I tried it before and now again. Boot time is still around 4 minutes...
  17. I found my original box, CD and license activation ID & Key from 2011. When I tried to activate the software using it I get a message that my key has been blacklisted. This issue only happened with the most recent 3.7.1 build 10240 update. That update blacklisted my valid lifetime license. I can't remember if I had registered this key or what email I used 8 years ago when I purchased the software so I created a new account on My.Malwarebytes.com and tried to register the key and I got an error message redirecting me to a support page that doesn't exist. I created another Malwarebytes Support Ticket (# 2590927) since I haven't received anything other than automated responses from Malwarebytes support. I included a photo of the original box, CD and license card with the support ticket to prove that I bought and have owned the software since 2011. Could someone please fix this issue ASAP? I love this software and I don't feel safe using the internet without it backing up my paid antivirus software.
  18. Hello and Welcome. Your issue is most likely cause by the Winmgmt service not running on your computer. That service needs to be running. So to Services and ensure that Windows Management Instrumentation service is set to Automatic and then try and start the service. If it stays running reboot the computer and see if all is well. Also you logs show that this computer is most likely infected, it would probably be best to seek help from one of the experts to get one on one help on getting it cleaned up as well as fix the WMI service. To do so simply follow the instructions in the topic below. Basically start a new topic in the malware removal area and include the same logs you posted above.
  19. Block has been reviewed and will be removed.
  20. ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes 3 Help forum. If you are having technical issues with our Windows product, please do the following: If you are having licensing issues, please do the following: Thanks in advance for your patience. -The Malwarebytes Forum Team
  21. Hi, after upgrading to windows 10 from windows 7 i am now getting "unable to connect the service" error when trying to run Malwarebytes. mbst-grab-results.zip
  22. I cant Find the Programm you meaned, sorry. And can you send me a download link from "Fixlist.txt"
  23. You know what... Maybe one of the first utilities I write will be one that detects RTLO-based obfuscation. I guess RTLO does seem more useful for juvenile pranks than anything else.
  24. Everything is working fine just as it was the first time I set it up. Cheers
  25. I didn't know that it was a spyware. Thanks for the info. If you confrim me that my pc is clean, that would be all. Thank you for all your help.
  26. I have malwarebytes but am continuing to get random websites popping up on new tabs. The last one was "healthierpatriot.com"
  27. Malwarebytes' blog from January 9, 2014 by Metallica -- The RTLO method
  1. Load more activity
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.