Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes 3 Help forum. If you are having technical issues with our Windows product, please do the following: If you are having licensing issues, please do the following: Thanks in advance for your patience. -The Malwarebytes Forum Team
  3. Hi; i do not want to 'upgrade' to windows 10 next year. Will MBAM premium still be supported for years to come, even after support for windows 7 ends? Will MBAM realtime protection keep me safe despite the end of windows 7 security support in 2020? Thanks
  4. Thanks for the Fixlog. Q: Is the computer directly connected with a cable to the internet router box ? or, is it using WIFI ? If the latter, can you manage to get it connected with a cable to the router? . One other thing, this last log showed The RPC server is unavailable. Remote Procedure Call is one of those key central Windows services that has to be on. [ 1 ] Please be sure that you are logged in to Windows with a login that has Administrator-level rights. From Start button, select RUN (or Windows-flag-key +R key) and in the run-text-box type in MSCONFIG and press OK or Enter. On Vista or Windows 7, press Windows-key on keyboard, and type in MSCONFIG You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection) IF it does not, then you click on Normal startup. now Click on Services tab. To get it's display of Windows services. Keep a written list of any changes from my list of services below. That way you and I have a reference document. Look at the bottom line Hide all Microsoft services IF and only IF its is checkmarked, then un-check it. the list of services may be shown in non-alphabetical order, so .... Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services. You can toggle as needed to get the desired order. IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others ! Then using the scroll-bar scroll down the list Look for Base Filtering Engine. Click on the checkbox so that it is checked ( that is needed so that service is ENABLED). Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark. Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark. Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark. Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Look for Windows Defender Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. When done, press the Apply button, and the OK button. You're likely to be prompted to Restart Windows, do so. If not prompted, you need to do a Logoff and Restart of Windows. . [ 2 ] This Windows seems to have a issue on some specific Windows services. I need for you to have pen and paper handy and take notes on what follows, please. Press and hold the Windows-flag-key on keyboard and tap the *R* key to get the RUN menu option. type in and press Enter key. Scroll down the list. Look for "Remote Procedure Call ( RPC )". Does it show in the list as Running? If it does not, then click the line "Remote Procedure Call ( RPC ) to be sure it is selected look on the upper left corner and click on Start service. Scroll down the list. Look for "Windows management Instrumentation". Does it show in the list as Running? If it does not, then click the line "Windows management Instrumentation: to be sure it is selected look on the upper left corner and click on Start service. Close the window when done. [ 3 ] Start NOTEPAD { you can press Windows-key+R keys to get the RUN option and then type in and press Enter key to start NOTEPAD. Check and make sure "word wrap" is off. From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked. IF it -is- checkmarked, click that one time so that it is un-checked. Please copy/paste the lines below to Notepad: @Echo on pushd\windows\system32 ipconfig /release ipconfig /renew ipconfig /flushdns netsh winsock reset all netsh int ip reset resetlog.log shutdown -r -t 1 now Save as flush.bat to your desktop. Double-click flush.bat file to run it. Your computer will reboot. [ 4 ] Then, since this computer is running Windows 10 Enterprise, do a lookup & check on the Windows Network status. Press the Windows-flag key on keyboard to get the fly-out menu. Click on the Windows Settings icon. then press the "Network & Internet. Look at the network status display. click on the line Show available networks. What does it show for your network ? Kindly relay to me all details. Thank you. .
  5. Ron, I did install uBlock (DFLT settings). Reran MWB, adwcleaner and,FRST. MWB-Scanlog-18JUN19.txt AdwCleaner-18JUN19-1025.txt Addition.txt FRST.txt
  6. Before running the Malwarebytes Support Tool, should I re- enable the “web protection” option? Our other Windows machine thankfully retains the full licensed version, and we’ve put the Windows laptop operation on hold until Malwarebytes Support can update my account, which we are still awaiting (Ticket 2635986).
  7. Today
  8. This morning I returned to Chrome, re-activated sinchronization, and repeated all the steps specified by the Belgian girl. I have attached the Summary from the lastest MWB scan. Do you think the "about.blank" was the result of a PUP? I want to save all the instructions you gave me. Do you think Firefox is a better choise than Chrome? I have not used Firefox because I need a program like GoogleTranslator, and also I don''t know how to move LastPass to Firefox. I greatly appreciate your help during the past three days. You are a valuable resource!!! Export Summary3.txt
  9. Hi nasdaq, I have similar problems with 33 pups that I quarantine Daily on my Windows 8.1 PC. Version 6.3.9600 I use Chrome and the only windows I had opened today are the Malwarebytes Forum yet the same 33 PUPs were detected and quarantined again today. I will post the FRST.txt file in this thread as instructed unless you think a new thread is needed.
  10. Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === The file wermgr.exe is the Windows Problem Reporting process Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The Computer will restart when the fix is completed. It will create a log (Fixlog.txt) please post it to your reply. === Please post the Fixlog.txt and let me know what problem persists in normal mode. p.s. If the problem persists execute the computer in safe mode and let me know if all is well or not. fixlist.txt
  11. Change made and confirmed. I await the next notification and I will update you. Thanks again
  12. Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions: Windows 2000 Windows Vista Windows XP Windows 7 Windows Server 2003 Windows Server 2003 R2 Windows Server 2008 Windows Server 2008 R2 An attacker can exploit this vulnerability to take control of an affected system. Technical Details BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. According to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled.[1] After successfully sending the packets, the attacker would have the ability to perform a number of actions: adding accounts with full user rights; viewing, changing, or deleting data; or installing programs. This exploit, which requires no user interaction, must occur before authentication to be successful. BlueKeep is considered “wormable” because malware exploiting this vulnerability on a system could propagate to other vulnerable systems; thus, a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017.[2] CISA has coordinated with external stakeholders and determined that Windows 2000 is vulnerable to BlueKeep. Mitigations CISA encourages users and administrators review the Microsoft Security Advisory [3] and the Microsoft Customer Guidance for CVE-2019-0708 [4] and apply the appropriate mitigation measures as soon as possible: Install available patches. Microsoft has released security updates to patch this vulnerability. Microsoft has also released patches for a number of OSs that are no longer officially supported, including Windows Vista, Windows XP, and Windows Server 2003. As always, CISA encourages users and administrators to test patches before installation. For OSs that do not have patches or systems that cannot be patched, other mitigation steps can be used to help protect against BlueKeep: Upgrade end-of-life (EOL) OSs. Consider upgrading any EOL OSs no longer supported by Microsoft to a newer, supported OS, such as Windows 10. Disable unnecessary services. Disable services not being used by the OS. This best practice limits exposure to vulnerabilities. Enable Network Level Authentication. Enable Network Level Authentication in Windows 7, Windows Server 2008, and Windows Server 2008 R2. Doing so forces a session request to be authenticated and effectively mitigates against BlueKeep, as exploit of the vulnerability requires an unauthenticated session. Block Transmission Control Protocol (TCP) port 3389 at the enterprise perimeter firewall. Because port 3389 is used to initiate an RDP session, blocking it prevents an attacker from exploiting BlueKeep from outside the user’s network. However, this will block legitimate RDP sessions and may not prevent unauthenticated sessions from being initiated inside a network. References [1] Microsoft Security Advisory for CVE-2019-0708 [2] White House Press Briefing on the Attribution of the WannaCry Malware Attack to North Korea [3] Microsoft Security Advisory for CVE-2019-0708 [4] Microsoft Customer Guidance for CVE-2019-0708 Revisions June 17, 2019: Initial version June 17, 2019: Revised technical details section. Source: https://www.us-cert.gov/ncas/alerts/AA19-168A
  13. I made the mistake of torrenting stuff and not being smart about it. Something I installed turned out to be a virus I removed the bulk of it, but this safe finder thing wouldn't leave so I did a factory reset, but now whenever I sign into my google account on chrome and sync everything it comes back so I have to delete ithe google folder in local appdata and when I sign in it happens again and thus the cycle continues. My question is how to remove it from my account all together? The names of the files are C:\Users\samij\AppData\Local\Google\Chrome\User Data\Default\Web data C:\Users\samij\AppData\Local\Google\Chrome\User Data\Default\sync data\Syncdata.sqlite3 C:\Users\samij\AppData\Local\Google\Chrome\User Data\Default\web data C:\Users\samij\AppData\Local\Google\Chrome\User Data\Default\secure preferences
  14. Your account on this forum and your access to the iOS beta are completely unrelated. There's no connection between the two. There's nothing you could do here on the forum that would affect your access to the beta.
  15. Thank you very much. I would change it from the configuration panel of my profile here on the forum but I wouldn't want to lose access to the Malwarebytes beta for iOS.
  16. I also have the problem, but I don't have any exclusions that are visible in the program. I did have a directory excluded but had a series of BSOD on my windows 10 box and uninstalled the (legit) program that they were pointing to. the exclusions in MBAM seemed to disappear. now I have the "you don't have active protection turned on" it's only the ransomware and I can't turn it on. Here's my logs. Thanks in advance. mbst-grab-results.zip
  17. I removed the screenshot. I don't have the ability to change your e-mail address - or, if I do, I don't know how - but @AdvancedSetup should be able to help.
  18. I have iOS 12.3.1 but I think it's a problem with the specific email address. Therefore I ask you @treed if I can change the address on the forum leaving the one in the Malwarebytes beta for iOS unchanged? I also ask you @treed if you can remove this image from this my post for privacy. Thank you. I had already asked it to @AdvancedSetup but I would have some urgency to disappear What I would use is an iCloud alias of my AppleID that in the past worked correctly. Let me know. Thank you
  19. Hello Maurice Thanks for your help I have traied to install Roguekiller, Avast, HitmanPro, BitDefender because I thought that virus has taken over my pc, but non of the programs above was able to install itself. And it is my first time that I getting help from a forum about this issue. After the fix I still have no internet connection, it show to me "unrecognized network" and I can't use the windows search. Fixlog.txt
  20. I'm not seeing the same problem here. The e-mails look normal in Mail on my iPhone (see below), and this is with loading of images turned off. What version of iOS are you using?
  21. The system is running fine thank you... No signs of infection. I'll check to verify that the OEM has the latest network driver. I found the files quarantined in C:\ FRST\Quarantine\C \ProgramFiles(x86)\DriverToolkit Questions: Do you recommended (deleting) the quarantined files? Can this entire path directory be safely deleted?
  22. Hello, Welcome to BleepingComputer. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === All files quarantined by Malwarebytes are saved in the Quarantine folder. https://www.malwarebytes.com/support/guides/mbam-legacy/History_Q.html These are are not active and can be deleted. ==== Lets check your system. Download the Farbar Recovery Scan Tool (FRST). Choose the 32 or 64 bit version for your system. and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions ====
  1. Load more activity
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.