Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Okay, I've have finished all of that and am attaching the scan logs. Thanks. scan 06_16_19.txt AdwCleaner[C04].txt Addition.txt FRST.txt
  3. Today
  4. ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes 3 Help forum. If you are having technical issues with our Windows product, please do the following: If you are having licensing issues, please do the following: Thanks in advance for your patience. -The Malwarebytes Forum Team
  5. Hello Just a test regarding Support Ticket 2631095
  6. Hey Maurice, just got off of work finally....I was reading your instructions to run a scan with Malwarebytes from the start menu. When I checked mine, Malwarebytes is not in the start menu. What do you suggest sir?
  7. Well the pop up isn't coming back on for now, gonna crash now and see if the error comes back up in the morning. Will update on status ASAP. AdwCleaner.txt FRST.txt Addition.txt Malwarebytes Log.txt
  8. What is SportMuze Search?The Malwarebytes research team has determined that SportMuze Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by SportMuze Search?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did SportMuze Search get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove SportMuze Search?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of SportMuze Search? No, Malwarebytes removes SportMuze Search completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the SportMuze Search hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxp://apps.searchalgo.com/search/?category=web&s=mpds&q={searchTerms} CHR DefaultSearchKeyword: Default -> Sport Reminder CHR DefaultSuggestURL: Default -> hxxp://sug.searchalgo.com/search/index_sg.php?q={searchTerms} CHR Extension: (Sport Reminder) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink [2019-06-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0 Adds the file background.js"="8/3/2016 10:15 AM, 4354 bytes, A Adds the file manifest.json"="6/17/2019 8:53 AM, 1808 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\_metadata Adds the file computed_hashes.json"="6/17/2019 8:53 AM, 340 bytes, A Adds the file verified_contents.json"="1/25/2017 2:44 PM, 1763 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\icons Adds the file icon128.png"="6/17/2019 8:53 AM, 7302 bytes, A Adds the file icon16.png"="6/17/2019 8:53 AM, 696 bytes, A Adds the file icon48.png"="8/3/2016 10:15 AM, 4104 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jkcgfdgkbambgbobgkceeoalcdefpink"="REG_SZ", "58F4C52DFF5FEEA4AA3F95B33B75E04FFE73288F93C38362E1BB2A0861201655" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/17/19 Scan Time: 9:00 AM Log File: 8e6ebdba-90cd-11e9-a3ed-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11090 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236157 Threats Detected: 16 Threats Quarantined: 16 Time Elapsed: 5 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchAlgo.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jkcgfdgkbambgbobgkceeoalcdefpink, Quarantined, [14769], [443230],1.0.11090 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\_metadata, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\icons, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JKCGFDGKBAMBGBOBGKCEEOALCDEFPINK, Quarantined, [14769], [443230],1.0.11090 File: 11 PUP.Optional.SearchAlgo.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JKCGFDGKBAMBGBOBGKCEEOALCDEFPINK\1.0.2_0\MANIFEST.JSON, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\icons\icon128.png, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\icons\icon16.png, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\icons\icon48.png, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\_metadata\computed_hashes.json, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\_metadata\verified_contents.json, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\background.js, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [367], [454816],1.0.11090 PUP.Optional.SearchAlgo, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [367], [454816],1.0.11090 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  9. Yes, pretty late for me as well. Please go ahead and run the following follow-up scans to ensure the system is clean. I'll check back on you again tomorrow. Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron
  10. Here we go, I need to crash soon so I think I'll let my computer run for a bit more then see if the error pops up again. Fixlog.txt
  11. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks
  12. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks
  13. Hello @infectedkev Just following up. Did you need any further assistance or is everything okay now? Thanks Ron
  14. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks
  15. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks
  16. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks
  17. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks
  18. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks
  19. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks
  20. Hello @NeonBlaze and Please temporarily disable your Norton protection and run the following fix. Once completed make sure to re-enable your Norton protection. Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Thanks Ron
  21. Hello @coleoptero and Please temporarily disable your Norton antivirus and run the following for me. Once completed make sure you re-enable your Norton protection. Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron
  22. You're running old compromised versions of Java. Please go to Control Panel, Programs, Add/Remove and uninstall all versions of Java. If you really have to have Java then make sure you're always using the latest version and remove older versions. https://java.com Are you still using the Citrix ICA Client? Let me have you run the following which will run the Window scan again for Operating System file issues. Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Ron
  23. The block will be removed on the next update
  24. I would highly suggest you uninstall the following application App Explorer (HKU\S-1-5-21-2442438489-1436764340-1798239245-1001\...\Host App Service) (Version: 0.273.3.484 - SweetLabs) <==== ATTENTION App Explorer (HKU\S-1-5-21-2442438489-1436764340-1798239245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06162019091752420\...\Host App Service) (Version: 0.273.3.484 - SweetLabs) <==== ATTENTION App Explorer (HKU\S-1-5-21-2442438489-1436764340-1798239245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06162019091755092\...\Host App Service) (Version: 0.273.3.484 - SweetLabs) <==== ATTENTION Please also follow the directions from the following topic to clean up Google Chrome Thank you Ron
  25. Great, glad to hear all seems to be working well again @RSidwell I will go ahead and leave you with the following information to help you keep the computer clean going forward. Let's get real. If you're not backing up your data and you're still using Google Chrome then you're just not serious about Privacy, Safety, and protecting your data. Malwarebytes is a fantastic program but you still need to back up your data and you still need to block scripts and Ads in your browser. If you're still using Google Chrome I would highly suggest you consider using Firefox instead. For more advanced users you might consider installing NoScript as well (it does have a higher learning curve though) Help Secure your browsers Please install uBlock Origin for your browsers to better protect your system FireFox, Chrome, Opera , Safari, Microsoft Edge AdBlock for Internet Explorer How to use uBlock Origin to protect your online privacy and security | uBlock Origin tutorial 2018 This video tutorial above explains how to use uBlock Origin in advanced user mode and all the advanced settings to protect your online privacy and help prevent unwanted sites from changing your browser settings Follow-up Reading Everything you need to know about cybercrime 10 easy ways to prevent malware infection Keep your data backed up Thank you for choosing Malwarebytes and tell your friends and family too. We're here to help. Ron
  26. Hello @Fab4 Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Once that is completed please run the following steps for me. Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron
  27. Hi Malwarebytes Team, One of the user have notified us that our website is blocked by your Anti-Malware software. Website: hxxps://www.orbel.com/ IP Address: 192.185.97.195 We have scanned our website on "Google Safe Browsing tool" and "virustotal .com" (suggested by your team - https://forums.malwarebytes.com/topic/248284-telegraph-domine-detected-as-phishing/) and both tools gives clean results. Could you please investigate this and let us know what is the problem as this could impact our business? Please have a look on attached report and tool results as well for your reference. 1/ Anti-Malware Report (orbel.txt) 2/ Google Safe Browsing Tool - https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fwww.orbel.com%2F&hl=en 3/ VirusTotal Tool - https://www.virustotal.com/gui/url/0b78702526feadb9a783874bfdee8a7718604790cb00b9a595cffae135a34a1f/detection Please let us know if you have any questions. Thanks, Bhupendra orbel.txt
  1. Load more activity
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.