All Activity

Version 4.6.12

If there is a message there is a log. Are you using MB4 or 5?

Strange thing is that Malwarebytes is showing very short a message in the taskbar blocking it. Yet it's not showing anything about blocking this. Not in Malwarebytes or Browser Guard. When i look in the detection History now, it's all blank.

Since you did not include a log I added one for you. File: 1 Malware.AI.3148624500, C:\MALWARE TEST NO WD\AUTOCARE\AUTOCARE.EXE, No Action By User, 1000000, -1146342796, 1.0.83603, FC9E0E0AA21ADEA0BBAC3274, dds, 02786200, B5A0E4CF8501F1477A85B7DD185F5F16, EED8500F2261886C7400085FF39072506F641BF1770689280EA1AC69AEBA6F73

Do you have a log?

I use this program for some years on all kind of computers. Now Malwarebytes is effectively blocking this program to download it's driver list. I have to shut down Malwarebytes in the taskbar to let it download the drivers listing. No idea why it's doing that. I tested with Kaspersky, NOD32 and Avira, none of them blocking it. It's just a drivers list it downloads. Can this be fixed please? Kind Regards, Ron

This is my business application that I have been using for 24 years. Today you removed it, and I cannot get my work done. Someone has assisted me in creating an exception, but I need to know if this is a false positive because other AV's suggest it is OK. Cindy AutoCare.zip

Hello, I ran the Microsoft Safety Scanner and it completed without finding anything. Log attached. msert.log

Hello @jee75: The forum is happy to read that the uninstall/reinstall/update with the official MB5 .pkg file has resolved that iMac's menu bar issue. There is; from MB5's open GUI, select the Dashboard ⇾ Detection History ⇾ Activity log. You will likely notice that an Update to the Protection version 4.0.631 was pushed a few hours ago. You may consider this reply as an acknowledgement as upper management will have read your topic. Other MB5 users, for other device types, have made similar remarks, and Malwarebytes management is well aware. Perhaps an agreeable change is forthcoming. Please let the forum know if you require any additional product assistance. Thank you.

Also, I’m shutting down my computer between each of these posts to mitigate any potential changes. Is this alright or should I leave it running?

@AdvancedSetup I turned off "Always register Malwarebytes in the Windows Security Center" in Malwarebytes. I restarted the computer. I disabled all real-time antiviruses and security software. I downloaded and saved the script to my desktop, the same location as the Farbar program. I ran the Farbar program with admin rights and hit "fix" once. The computer restarted as part of the fixing process. I re-enabled real-time antiviruses and security software, although Windows Defender's real-time antivirus was already re-enabled after the restart. Is that normal? I'll attach the FIXLOG.TXT to this message. Fixlog.txt

Since a log was not provided, -Website Data- Category: Phishing Domain: daybreakconcrete.com IP Address: 75.2.60.5 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Attached, thank you. SysnativeFileCollectionApp.zip

Welcome I'll be helping you with your computer. Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding. Please take note of the guidelines for this fix: Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated. First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer. Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me. Please read ALL instructions carefully and perform the steps fully and in the order they are written. If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean. Continue to read and follow my instructions until I tell you that your machine is clean. If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed. Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. Let's begin... There is no apparent malware in the system. This Fix will empty the following folders: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns, please ask before running this fix. The system will be rebooted after the fix has run. FRST64,exe is saved in this location : C:\Users\Dell\Downloads\FRST64.exe Download the enclosed file Fixlist.txt Save it in the same location FRST64.exe is saved (FRSTEnglish.exe) Start FRST (FRST64) with Administrator privileges This time around Press the Fix button and wait When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from. Please attach this file in your next reply. Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply

Do you have the Web site and URL of the ZIP you downloaded and maybe a password if it was password protected? If you still have that URL, it can be submitted in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum so the URL(s) can be submitted in a safe fashion and the trojan analyzed for detection.

Attachment removed. :)

Hello, I recently got tricked into running a .exe file from a discord friend who turned out to be a hacked account under the guise of "testing his game". I downloaded the .zip file, extracted it and ran the .exe file within. There is a password on the zip file that the hacker gave me but I am unable to recall it. I ran the .exe file and it crashed my discord application and browser. I then panicked and immediately tried logging back onto my discord to which it logged me out again, I tried again and then it told me that the credentials were incorrect. I then checked the original email associated with the discord account to which I found an email from discord support telling me my discord email was changed, there were also deleted emails of the email change and password change confirmation process. I also found the file running on my task manager process and on my startup to which I deleted and disabled. After changing the passwords on my important accounts, I then ran the following processes in a desperate attempt to clean my computer. - Show Hidden Folder - Ran HitmanPro - Ran Windows Defender Full Scan - Ran Windows Defender Offline Scan - Ran Bitdefender Full Scan - Ran Malwarebytes Full Scan - Reset my Browser Configuration - Deleted and reinstalled Discord Despite all of this and the scans now coming back as green, I still don't feel completely safe about my computer. My friends have been telling me that since nothing has happened to any of my important accounts, it must've just been a discord account snatcher. I however am very afraid of the possibility of there being key loggers or file exfiltration. Are there any other steps to take regarding malware removal or finding damages that the malware caused?

Hello, This should no longer be detected. Thanks for reporting.

Hey, One of my client's websites is showing as a trojan false positive. https://daybreakconcrete.com/ Can this be audited and corrected? Thank you!

Thank you for the updated information and the log. Let me have you run the following scan from Microsoft Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process [ 1 ] Please make the following system changes. Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed. Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions [ 2 ] I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on the Scan Options & select the FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run. The scan will take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan. This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware.) The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Please attach that log with your next reply. It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not. Then it writes into the log on your computer what it found. Thank you

Thank you for the log, please run the following Please run the following ESET Online Scanner and perform a Full Scan Click the following link to save the installer for ESET Online Scanner https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get started. When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue When prompted for scan type, Click on the Full Scan button Enable ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click the Start scan button. Have patience. The entire process may take a few hours or more. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log and give it a name and location you remember. If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files” ( in blue, at the bottom). Press Continue when all done. You should click to turn off the offer for “periodic scanning”. Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner Please attach the ESET scan log you saved at the end to your next reply

Great, that looks good. How is the computer running now? Are you still having any issues with websites?

Hello, I cleaned up chrome. Please note that I was not logged into chrome and do not log into my google account in chrome. I however followed the instructions to log into the sync portion and reset it. I ran kapersky and it found no issues. Log attached. Thanks. report_2024.04.18_13.05.20.klr.txt

Please make the following change in Malwarebytes if you're using the Premium or Trial version Please open Malwarebytes. Click on the small gear icon to open the Settings and go to the General tab. Then turn off "Always register Malwarebytes in the Windows Security Center" Restart the computer It is highly unlikely that you need to setup exclusions for Windows Defender, however if you experience any issues, please see the following article and setup exclusions between Malwarebytes and Windows Defender Malwarebytes for Windows antivirus exclusions list https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder C:\Users\ryanj\Desktop\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks

After you have completed the steps above, please also do the following Please uninstall, update, or otherwise address the following as appropriate for your system Discord v.1.0.9005 Warning! Download Update Google Chrome v.123.0.6312.123 Warning! Download Update Node.js v.20.12.2 Warning! Download Update Sandboxie-Plus v1.13.3 v.1.13.3 Warning! Download Update ---------------------------- [ UnwantedApps ] ----------------------------- Bonjour (this program is rarely needed on Windows but often causes networking issues, please uninstall) Then RESTART the computer and check for Windows Updates and install any found Let me know if there are still any signs of infection or any other unresolved issues Thank you