Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. After a few tentatives, I managed to "restore" optane app from the "programs and features" tab of the control panel, so I don't need to uninstall it, nor do I need to run the Fixlist anymore
  3. Hello! We just released AdwCleaner 8.0.5. This is mostly a maintenance release, focused on modernization for dependencies: ## v8.0.5 [25/05/2020] ### Changes * Update Qt to 5.14.1 * Update OpenSSL to 1.1.1g * Update UPX to 3.96 * Update definitions to 2020.05.13.1 The next release will be focused on actual new (and exciting) features. Stay tuned! As usual, you can download the 8.0.5 from the product page: https://malwarebytes.com/adwcleaner
  4. Hello Leila_Organa, Com Surrogate process is a necessary part of your operating system, it is not unusual to see more than one entry in Task Manager. Have a read at the following link: https://www.howtogeek.com/326462/what-is-com-surrogate-dllhost.exe-and-why-is-it-running-on-my-pc/ Regards, Kevin..
  5. Today
  6. Hello CJustin and welcome to malwarebytes.... Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ or, https://downloads.malwarebytes.com/file/mb4_offline Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "security tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Single click on the target sight above scanner window. In the new window select Report Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Export to Txt" then attach the log to your reply... Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....
  7. PFT

    False-Positive

    This is a false-positive, as per https://sitecheck.sucuri.net/results/pitlochryfestivaltheatre.com. Please kindly de-list it. Thanks..
  8. I have the same issue as well. But I don't have a GPU. Only CPU is present. And one blank task takes up about a 3rd of the CPU. Is there a way I can remove the nuisance from my system. I have enabled the scan Archives option and scan Rootkits as well.
  9. Hello Loot and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ or, https://downloads.malwarebytes.com/file/mb4_offline Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "security tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Single click on the target sight above scanner window. In the new window select Report Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Export to Txt" then attach the log to your reply... Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....
  10. Thanks, the block will be reviewed.
  11. Greetings, I have no idea if archiving/restoring the data folder that way would work or not, but you are certainly welcome to try it and see. If you do, please let us know how it turns out in case any other members find the information useful and wish to do the same. Thanks
  12. What is Sealoid?The Malwarebytes research team has determined that Sealoid is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by Sealoid?You may see this entry in your list of installed Chrome extensions:this icon in the Chrome menu-bar:this changed setting:You may have noticed these warnings during install:How did Sealoid get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Sealoid?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Sealoid? No, Malwarebytes removes Sealoid completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Sealoid hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://feed.sealoid.com/?q={searchTerms}&publisher=sealoid&barcodeid=571460000000000 CHR DefaultSearchKeyword: Default -> Sealoid CHR DefaultSuggestURL: Default -> hxxps://api.sealoid.com/suggest/get?q={searchTerms} CHR Extension: (Sealoid) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipicdjgcbnamkkpmhakmcmgfkkfkebmp [2020-05-25] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipicdjgcbnamkkpmhakmcmgfkkfkebmp\1.1.0_0 Adds the file manifest.json"="5/25/2020 8:37 AM, 2024 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipicdjgcbnamkkpmhakmcmgfkkfkebmp\1.1.0_0\_metadata Adds the file computed_hashes.json"="5/25/2020 8:37 AM, 11801 bytes, A Adds the file verified_contents.json"="3/31/2020 2:36 PM, 2049 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipicdjgcbnamkkpmhakmcmgfkkfkebmp\1.1.0_0\images Adds the file logo-white-text.png"="3/31/2020 2:36 PM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipicdjgcbnamkkpmhakmcmgfkkfkebmp\1.1.0_0\images\icons Adds the file 128x128.png"="5/25/2020 8:37 AM, 4281 bytes, A Adds the file 16x16.png"="5/25/2020 8:37 AM, 566 bytes, A Adds the file 64x64.png"="5/25/2020 8:37 AM, 2100 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipicdjgcbnamkkpmhakmcmgfkkfkebmp\1.1.0_0\scripts Adds the file background.js"="3/31/2020 2:36 PM, 998710 bytes, A Adds the file sitecontent.js"="3/31/2020 2:36 PM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ipicdjgcbnamkkpmhakmcmgfkkfkebmp Adds the file 000003.log"="5/25/2020 8:40 AM, 786 bytes, A Adds the file CURRENT"="5/25/2020 8:37 AM, 16 bytes, A Adds the file LOCK"="5/25/2020 8:37 AM, 0 bytes, A Adds the file LOG"="5/25/2020 8:40 AM, 184 bytes, A Adds the file MANIFEST-000001"="5/25/2020 8:37 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ipicdjgcbnamkkpmhakmcmgfkkfkebmp Adds the file Sealoid.ico"="5/25/2020 8:37 AM, 180445 bytes, A Adds the file Sealoid.ico.md5"="5/25/2020 8:37 AM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ipicdjgcbnamkkpmhakmcmgfkkfkebmp"="REG_SZ", "19CB838E148C5EC1E0712E431ABC869C6E4087578FC029F7D996B45CB143C68F" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/25/20 Scan Time: 8:58 AM Log File: 2ad565b0-9e55-11ea-8507-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.24404 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232611 Threats Detected: 14 Threats Quarantined: 14 Time Elapsed: 7 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ipicdjgcbnamkkpmhakmcmgfkkfkebmp, Quarantined, 15166, 799722, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\ipicdjgcbnamkkpmhakmcmgfkkfkebmp, Quarantined, 15166, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IPICDJGCBNAMKKPMHAKMCMGFKKFKEBMP, Quarantined, 15166, 799722, 1.0.24404, , ame, File: 11 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15166, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15166, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ipicdjgcbnamkkpmhakmcmgfkkfkebmp\000003.log, Quarantined, 15166, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ipicdjgcbnamkkpmhakmcmgfkkfkebmp\CURRENT, Quarantined, 15166, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ipicdjgcbnamkkpmhakmcmgfkkfkebmp\LOCK, Quarantined, 15166, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ipicdjgcbnamkkpmhakmcmgfkkfkebmp\LOG, Quarantined, 15166, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ipicdjgcbnamkkpmhakmcmgfkkfkebmp\LOG.old, Quarantined, 15166, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ipicdjgcbnamkkpmhakmcmgfkkfkebmp\MANIFEST-000001, Quarantined, 15166, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IPICDJGCBNAMKKPMHAKMCMGFKKFKEBMP\1.1.0_0\MANIFEST.JSON, Quarantined, 15166, 799722, 1.0.24404, , ame, PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 203, 813369, 1.0.24404, , ame, PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 203, 813369, 1.0.24404, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  13. How about this: I occasionally restore my system to an earlier state via actual images, not system restore. Before re-connecting to the internet, I like to update all my software, including anti-malware programs, manually, by keeping those definitions and program updates on a separate hard drive. C:\ProgramData\Malwarebytes\MBAMService [in Windows 8.1] appears to be where all the relevant files are stored. Can I save that folder on an external drive, archiving it, say, monthly, so it's never too far out-of-date, then, after restoring my system to some earlier date, I would just overwrite the old folder with the new, or else simply replace the "important" files in that folder--whichever ones those are--after first running the most recent program installer itself to update the program proper? The files that were changed by updating the program just now include AMECIs, clean.mbdb, dbmanifest2.dat, dbupdate.log, DDSCIs, dynconfig.dat, exclusions.txt, HubbleCache, mbdigsig2.dat, rdefs.mbdb, rules.mbdb, scan.mbdb, and tids.mbdb. A number of others have changed between that moment and when I last restored a system image. I'm tempted to save just the rdefs.mbdb and rules.mbdb alone, and plop those two into that folder the next time I restore a system image. Would that be unreasonable to do? Yes, there are only a few moments between when I re-connect to the internet and when I update MBAM--along with SuperAntiSpyware and Norton, all of which seem to have coexited peacefully on my system for years--but I don't want anything untoward to happen even in those few moments. (I'm a belt-and-suspenders kind of person.)
  14. Another one opened while I was playing a game, it was using almost all of my gpu.
  15. Hello, The old Fixlist.txt file actually disappeared right after I performed the fix, is this weird? I used the FRST tool I had named "gazork.exe" for the first fix, and I am going to do the same for this next one
  16. All these are routine logs. (may_25.txt is a Malwarebytes log.) Also experiencing an interesting thing about Malwarebytes apparently detecting malware upon its periodical scan (happens at each laptop bootup), then the result chart doesn't specify the type of detection nor included no file name. I checked the log and found nothing either. Other than that, nothing new. But the false positive on Lenovo is still there. (Image 1) I'm also sending AdwCleaner's quarantine list (Image 2) for a more detailed report, since I didn't notice these from my Malwarebyte quarantine (the Trojan Agent's full registry name is "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SysHelper") may_25.txt AdwCleaner[S04].txt FRST.txt Addition.txt
  17. Okay, turns out it did turn on Windows update, fortunately I remembered how to stop it in time.
  18. I apologize but I have to make a further addition. I noticed that in the taskmanager there was also another COM Surrogate process, also the one connected to dllhost.exe. I thought there was a conflict between the two processes so I gave the taskmanager to stop the apparently blocked one. Now the problem seems solved however I would like it to be resolved definitively while I know that it is not the first time that it presents itself and the solution just adopted is only the cure for the symptom. How to eliminate the root problem?
  19. Hi Dashke, I'm one of the devs of BitDownloader. We've never displayed any push notifications. However, we did have popup ads up until a month ago but they've been removed ever since. I'm not sure why our website is still flagged as PUP and I believe this to be a false positive. Please take a look into this matter again. As far as this is concerned, there are no push notifications, popup, or malicious ads on the website. Thanks for your consideration.
  20. I found the process is connected to dllhost.exe, and this is normal, i think... But why does that process now use all that energy?
  21. I see another problem with my computer, a problem o f over heating. In the task manager i see the process COM Surrogate that uses 17% of the CPU, and a high electrical consumption and a high tendency to high electrical consumption. From a search on the internet I have ascertained that viruses can hide behind this name so as not to be detected by the system, nor by antivirus software, moreover I have ascertained that it would normally be a process that uses few resources. Scans of Malwarebytes and Windows Defender have not found anything but my laptop always has the fan on and continuously dissipates heat. How can I solve this problem?
  22. You also have the option of reverting to an earlier component package version, which will allow you to keep Web Protection enabled. You can download this from here: https://malwarebytes.box.com/s/z6cravnwptrzx5tyjw36jq6zt6c7apsx Once installed, you will need to disable the two update options found in Settings -> General -> Application updates to prevent the product from updating back to the affected version. I suggest using the following clean install guide. Please do the following Uninstall and reinstall using the Malwarebytes Support Tool Please have lots of patience with the tool. The first phase is a cleanup and does require a Windows Restart. After the Restart, it may take 2 - 3 - 4 minutes till the Support tool screen shows up. Please be patient and have faith. Wait for it, whatever it takes. The 2nd phase is where it offers to do a new Install. Say no and use the download from my above link and install the old version and disable the update before you do anything else. Let me know if that clears up the issue or not.
  23. I've been having the same problem. As Spekledegg mentioned, turning off web protection stops the stuttering/lockups. I really don't want to run Malwarebytes without the web protection, it's one of the main reasons I purchased a subscription. Is there any resolution to this?
  24. Aside from having to relog into all my accounts in firefox (which I kinda expected) things seem to be working fine, unfortunately so far the two issues that made me decide to check with you don't seem to have been fixed (ie, the supposedly corrupted fonts and the Streamlabs OBS freezing,) but this just mostly confirms for me that they weren't virus related. After running KVRT, I checked the About tab in the Windows 10 settings screen and all the entries had green checks. I think I saw Windows complain that Antivirus hadn't been activated but I think it was just that MWB was a little slow to fire up on reboot. I replaced Avira with Panda Antivirus as a back up to Malwarebytes (I'd gotten a little concerned that Aveira had installed like 5 unwanted applications along with it's antivirus package) and after confirming that SL OBS still freezes, which forced me to powercycle/reboot, I noticed the "device performance and Health" check had become a gray dot. Would that be related to the fact that I'd installed Panda antivirus? or the reboot? Or maybe it was slow in picking up on my deferred windows update settings? I had intentionally stopped it since much of microsoft's forced feature patching in recent months had become almost as dangerous as viruses. Thank you sincerly for helping me thoroughly cleanse my system. Hopefully this means there's nothing else left to distract me from focusing on trying to fix my fonts which I need for work. As for the other issue, I'm dumping Streamlabs OBS for Regular OBS studio, far less resource usage and no freezing.
  25. So far, so good. No reoccurrence of the offending Trojan. I’ll go ahead and run the other scans. Would it be safe to resync my phone Chrome to my laptops?
  1. Load more activity
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.