Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. dcsang

    HDFury EXE

    The detection was MachineLearning/Anomalous 95%.
  3. Good morning, Steve. To answer your questions Q1 & Q2: I really do not know. I do not know if the same zip file attachments were involved. Q3. As long as you do not open the zip files, or cause the content to be "opened" ....your systems are ok. As long as you delete the email involved, it ought not to "re-appear". It has been a long time since I used the actual Outlook-app-locally-installed. Though I tend to recall that by insuring that the email is selected, then pressing SHIFT key then Delete key will permanently delete the message. The other way, is to go to the Deleted items folder and delete all ( using the Outlook menu). Just by the way, the Microsoft naming convention can make those "threats" seem more scary than needs be. The point is, if you did not actually open the Zip files and then actually "run" the content, then you can "breathe easier". Do do the TrendMicro scan. Lets see the result. Keep in mind what I said about the Smartscreen protection of Windows 10 ( that it can & does at times, block good tools from running). It's reputation-based algorithm is not perfect & is known to have false-positive blocks. Remember what I said about the over-ride for it. My goal with the TrendMicro is just to confirm ( from an independent & trusted tool) that the pc is free of active malicious malware.
  4. The website at the following URL: Appears to be a false positive. Thanks!
  5. dcsang

    HDFury EXE

    Is that the most recent json file located in C:\ProgramData\Malwarebytes\MBAMService\ScanResults? If so, is there a way to submit plain text files securely?
  6. I have had the same problem. Mydialsearch extension is NOT in Chrome, but Malwarebytes keeps finding it. I delete Chrome from the computer, reinstall it, and same thing happens.
  7. Thank you again Maurice. I was already aware of the points you make about email attachments, and I thought I always try to follow them, but clearly I haven't been cautious enough. It seems to me that my basic problem was not realising that these old emails and their attachments were still stored on my PC. Since I could access them from any other PC I logged into, I'd assumed they were stored on some "Outlook" server somewhere and thus "isolated" from my PC. I know better now! A few things I don't understand though, if these emails were permanently stored on my PC - Q1 Why didn't Defender Full Scan find them every time I ran it? Q2 When I had commanded Defender to remove them, and it claimed that it had, how did they come back? Q3 If I've got archived infected Outlook email attachments on my PC and I access my Outlook from another PC, does that PC get infected too? Even though I don't access the infected emails? Could it be that the email files on my PC ARE ALSO stored on some "Outlook" server somewhere, and that server keeps refreshing my PC files when a difference is detected? Sorry if these are nuisance questions, but I'm an engineer, I like to understand how things work! I've also had a look at the Trendmicro Housecall webpage and I'll be following your' advice to do a scan with it shortly and I'll let you know what it finds. Best regards, Steve
  8. ***This is an automated reply*** Hi, Thanks for posting in the AdwCleaner Help forum. In order to help us assist you to resolve your issue, please post or attach your latest AdwCleaner log files with your post. https://support.malwarebytes.com/hc/en-us/articles/360039021593 Someone will reply shortly, but in the meantime here are a few resources which may help resolve your issue: Malwarebytes AdwCleaner guide A malicious element isn't being detected? Submit the sample here! Need help with another Malwarebytes product or malware removal? Click here for home support Click here for business support Click here for malware removal help Thanks in advance for your patience. -The Malwarebytes Forum Team
  9. I recently downloaded a safe portable program by Cheathappens called Cosmos that I put in my Portable folder for which I then created a desktop shortcut that I named Cosmos. Unfortunately Adwcleaner has detected the .lnk file as PUP.Optional.CosmosSystemCare which it isn't connected to. Obviously the PUP software Cosmos System Care creates a shortcut named Cosmos also, hence the detection. Now, I know I can simply add the legitimate .lnk file to exclusions, but I'm wondering if this would then prevent Adwcleaner from detecting a genuine Cosmos System Care shortcut if it ever happened to infect my PC in the future. So, in short, does adding a file to an exclusion just prevent that one file from being detected or does it block all files that happen to be named Cosmos? Thanks.
  10. So, I take it, that overall, this pc is doing better with this latest release version & component. vers / component 1.0.972 I can state from my own usage and testing ( with several web browsers) that I have not encountered any browser stall, or browser freeze, or browser status-bar message about "rresolving host". I have had the Component 1.0.972 ever since it came out in the Beta on Monday June 29, 2020
  11. Hi, Do you have a scan log?
  12. This is the main executable for the HDFury Vertex, homepage https://www.hdfury.com. There is a newer driver but I would like to confirm that this is a false positive. Thanks you. VERTEX-GUI-1.34.zip
  13. Today
  14. Hi, Can you zip and upload this folder as ZIP archive in your next reply? C:\ProgramData\Malwarebytes\MBAMService\ScanResults
  15. I just upgraded IOBit Uninstaller to v9.6. During the installation I kept getting a Malware.Generic false positive for the setup.exe that was unpacked to a temporary directory. Turning off Malwarebytes I got the program installed, but now it is flagging the automatic updater program, "AUpdate.exe" in IOBit Uninstaller's installation folder, as also being Malware.Generic. None of these detections occurred with the prior version of IOBit Uninstaller
  16. I apologize, it's been doing it randomly and is not consistent url: htxxp://irishost.xyz/
  17. Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === By refreshing Chrome as suggested the items/entries causing this were removed. No other action is necessary. Keep the removal instructions in the event that in the future you encounter the same problem. If however the fix does not solve the issue it's possible that something else causing it Then start a new topic and follow these directives. Download the Farbar Recovery Scan Tool (FRST). Choose the 32 or 64 bit version for your system. and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please Attach it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file: In the Reply section in the bottom of the topic Select Click the Choose a File. Navigate to the location of the File. Click the file. It will appear in section. Click the Saving button. Please attach the logs and helper will peruse them and advise. Wait for further instructions ====
  18. Just FYI, it is my understanding that AVZ was replaced by Kaspersky's own portable scanner, AVPTool and that AVZ hasn't been updated in several years. I don't even think it was in development at all since Windows Vista or even XP. If anyone knows better please feel free to correct me.
  19. Hi, I couldn't reproduce the detection. Can you fetch this report please? C:\ProgramData\Malwarebytes\MBAMService\ScanResults\27f130ce-bcd0-11ea-8bc2-f8cab826195b.json
  20. Hi, Malwarebytes flags NordVPN install as false positive, please whitelist it. Setup file and log attached. Thank you. NordVPNSetup.exe.zip nordvpn update malware warning 03-07-2020.txt
  21. It sounds as though the business version doesn't register with the Security Center by default, though you can check the settings in Malwarebytes to see. In the consumer version there is an option to control whether Malwarebytes registers with the Windows Security Center located under the General tab in settings and if the business version has the ability to register with the Windows Security Center there is likely an option for it somewhere in the UI and/or policy (if using the managed version).
  22. What is Serp App? The Malwarebytes research team has determined that Serp App is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Serp App? You may see this entry in your list of installed Chrome extensions: and you may have noticed these warnings during install: and this new search page: Note the extra o in the address How did Serp App get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Serp App? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Serp App? No, Malwarebytes removes Serp App completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Serp App hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Serp App) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao [2020-07-03] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0 Adds the file background.js"="6/19/2020 4:37 AM, 4614 bytes, A Adds the file manifest.json"="7/3/2020 9:00 AM, 1223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\_metadata Adds the file computed_hashes.json"="7/3/2020 9:00 AM, 183 bytes, A Adds the file verified_contents.json"="6/19/2020 4:39 AM, 2237 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\assets\icons\app_icons Adds the file icon128.png"="7/3/2020 9:00 AM, 12346 bytes, A Adds the file icon16.png"="7/3/2020 9:00 AM, 520 bytes, A Adds the file icon48.png"="7/3/2020 9:00 AM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\assets\icons\ba_icons Adds the file icon128.png"="7/3/2020 9:00 AM, 1228 bytes, A Adds the file icon16.png"="7/3/2020 9:00 AM, 167 bytes, A Adds the file icon48.png"="7/3/2020 9:00 AM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao Adds the file 000003.log"="7/3/2020 9:00 AM, 51 bytes, A Adds the file CURRENT"="7/3/2020 9:00 AM, 16 bytes, A Adds the file LOCK"="7/3/2020 9:00 AM, 0 bytes, A Adds the file LOG"="7/3/2020 9:15 AM, 184 bytes, A Adds the file MANIFEST-000001"="7/3/2020 9:00 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "fmdaigicalbbnbafdmlnolgjoebkhgao"="REG_SZ", "F8DE46E2DC7E985223575406B2F0297596E3BD73C6F6CD2C683A2C651D89C295" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/3/20 Scan Time: 9:21 AM Log File: d2781aa8-bcfd-11ea-8321-00ffdcc6fdfc.json -Software Information- Version: Components Version: 1.0.972 Update Package Version: 1.0.26337 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232259 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 5 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fmdaigicalbbnbafdmlnolgjoebkhgao, Quarantined, 15214, 832194, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMDAIGICALBBNBAFDMLNOLGJOEBKHGAO, Quarantined, 15214, 832194, 1.0.26337, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\000003.log, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\CURRENT, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\LOCK, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\LOG, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\MANIFEST-000001, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMDAIGICALBBNBAFDMLNOLGJOEBKHGAO\1.4_0\MANIFEST.JSON, Quarantined, 15214, 832194, 1.0.26337, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  23. @Porthos Here is the zip file. mbst-grab-results.zip
  24. Hey so I followed this guide here https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/ It seemed to solve the issue but what im asking is basically. Does the method in that forum post I linked actually delete the malware? Or does it just block Malwarebytes from detecting it. If its malware I want to get rid of it. I have a txt file from saving the results of the scan if youd like me to send it. Im just not sure if theres private information inside of it about my desktop.
  25. I meant anti-malware protection and self defense were successfully started on every boot according to UI. Firefox was taking very long time to resolve host.
  1. Load more activity
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.