Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. That's not entirely true. If you can see an image, it is an image file, and MBAM stops there. However the file can be manipulated such as a PE binary appended to the graphic or mathematically added ( Example: XOR ) or can be a case of steganography. I recently looked at a Chinese data stealing trojan that downloaded assistive modules, from BAIDU, that were supposedly a JPEG ( identified by the string JFIF in the binary header ) but further into the binary was appended a PE executable. It was that Chinese data stealing trojan that would strip off the JPEG from the PE contents. Thus allowing the add-on malware modules to "hide in plain sight". MBAM will only look at the first two characters and see if it is marked by 'MZ' and if it isn't, it will pass scrutiny even if at a given Offset there is an appended PE binary. Off course in that state the modified graphic is safe and will not "self execute" and will require a secondary program or script to extract the PE binary.
  3. Can't get connected to the internet.. Ethernet driver has been installed along with a new USB driver. See below FRST logs. I have cleaned with Toolset and removed. I don't think i see anything else but need some help to assure removal is done and get internet back. Addition.txt FRST.txt
  4. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/20/19 Scan Time: 2:53 AM Log File: 9b94ceb2-c2dc-11e9-bec7-e0d55e13580d.json -Software Information- Version: Components Version: 1.0.613 Update Package Version: 1.0.12089 License: Trial -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 231180 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 1 min, 49 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 Trojan.Agent.VBS.Generic, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\1BF6515FF7FF4220A003D542B6D57157, Quarantined, [3752], [721982],1.0.12089 File: 1 Trojan.Agent.VBS.Generic, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\1BF6515FF7FF4220A003D542B6D57157\2FAB15AB4DA04D1898DEFA453E89ED05.vbe, Quarantined, [3752], [721982],1.0.12089 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  5. This is true, however it will check to verify that it is an actual image/non-executable file which is quite useful for checking attachments and the like to ensure they aren't Trojans posing as other file types. That said, the Exploit Protection and other real-time protection features in the Premium version are significantly more useful for dealing with non-executable malware (such as an image or document file that uses malicious scripting/exploits to infect the system/drop malware on the system; something the scan engine is incapable of detecting).
  6. Yesterday
  7. Be aware the file you appear to be scanning looks like a picture. MB does not scan pictures.
  8. Like many others I have seen here I am getting the powershell app on start-up. I have tried a few things like disabling the process in the task panel as well as turning off powershell 2.0 in Windows Features. I need help please...
  9. Sorry if I wasn’t clear. It’s not at all unusual for adware to make subtle changes to their installation, while continuing to use the same display dialogs in an attempt to convince the user to panic. Changing the name of a file or it’s location on the computer is usually enough to defeat MWB scans. It would also be easy to reuse these displays/dialogs by other adware developers using a different approach. That assumes what we are observing is actual adware. There is still a chance this is malvertising. MWB generally cannot stop that.
  10. Hello: I installed 7Zip, which appears to have installed Bandoo PUP. Malwarebytes advised me of this, and I quarantined the files, but I'm afraid that Bandoo may have left files. I understand Bandoo can actually install a rootkit. Can you help me remove it? I have done a complete scan with Malwarebytes, and it didn't find anything, but just want to be sure. Thanks!
  11. Was trying to "trigger" it so did some eBay and Kijiji surfing and got it to happen again. I don't honestly know if it is tied to eBay or Kijiji at all or perhaps is triggered by searching or clicking any links. I'll know more going forward as I'll pay more attention to it than I did over the weekend lol. Anyway, it took me to one of the same domains as before and presented the fake Flash install.
  12. I know what it’s an ad for and don’t advocate using it whatsoever. The fact that they are using a screenshot of the exact same thing op posted tells me that this sham place knew about it in May so my question now is why doesn’t MB know about it AND why hasn’t a staff member popped into this thread yet
  13. Ah, you're correct. I was distracted by the "PC Risk" logo. It's actually an ad for Combo Cleaner Anti Virus for Mac, which is mostly a sham. Still doesn't mean this isn't a new variant of whatever that was.
  14. But that's a Windows infection, so we can't really know that this isn't a new Mac variant using the same dialogs.
  15. The screenshot link I posted is from May , so it's not new whatever it is
  16. Not if it's new or a new variant. Normally, Malwarebytes and BitDefender become aware of such things and update their databases around the same time.
  17. Actually, that's just part of the information collected. The tool will include much more about what's currently installed and configured on your computer. So I believe it's time to submit a system report created with the help of below article (please don't post the zip file here) https://support.malwarebytes.com/docs/DOC-3235 Instead, log a support ticket with help of below link and attach the file with the email https://support.malwarebytes.com/community/contactsupport/pages/home-support
  18. It does. Though that screenshot has only happened once (the latest). All the other times it was a cheesy looking Flash install screen. As an addition, that link mentions looking in LaunchAgents for suspicious items. I did that as well as in LaunchDaemons and didn't find anything. It talks about "PUA" (potentially unwanted apps) and I haven't installed anything recently. Other than a few apps from the the Mac Store all I have installed is Calibre E-Books, GIMP, Google Earth Pro, MacLoggerDX, Mailplane, NetBeans, SkookumLogger, Transmit and World of Tanks. No browser extensions, no Flash etc. The last program to be installed was World of Tanks. Though I would think that if the Mac version of this game was installing a click-jacker the Mac sub-forum on WOT would be full of people complaining. Then again you never know.
  19. I'm very surprised Bitdefender hasn't picked up on any of that
  20. This looks exactly like you're screenshot https://www.pcrisk.com/removal-guides/14849-your-mac-is-infected-with-4-viruses-pop-up-scam-mac
  21. Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Select the Windows key and X key together, from the winx menu select "Command Prompt (Admin)" At the prompt type or copy/paste :- DISM /Online /Cleanup-Image /CheckHealth then hit the enter key. What results do you get..? Thanks, Kevin.. fixlist.txt
  22. As stated in the op, no profiles exist to delete in the first place, and everything else WeKnow doesn't apply (including extensions, I don't have any) as it doesn't exist. I've been down that road already which is why I posted here in the first place. There is nothing to submit to customer support yet because Malwarebytes isn't finding anything so there is nothing in the app log. All I have at this point is "something" is clickjacking in Safari and it isn't WeKnow. I will compile a collection of URLs it sends me to along with screenshots of the fake macOS screens. Then at least I'll have something to submit.
  23. Hi, My name is Maurice. Bleepingcomputer is a trusted source & a store-house of information about ransomwares. Please see https://www.bleepingcomputer.com/news/security/decryptor-for-megalocker-and-nampohyu-virus-ransomware-released/ Malwarebytes has no decrypter for any variant of ransomware. Please know that ransomwares delete themselves after doing their deed. They also would have deleted all System Restore points and disabled the Windows System Restore service. Ditto for the Volume Shadow copy service. Note: You can upload a copy of the ransom note file to https://id-ransomware.malwarehunterteam.com/ for a analysis of the variant of ransomware. That site can help in identifying the variant.
  24. Hi, @Brillopad My name is Maurice. I will be helping and guiding you, going forward on this case. Please let me know, Did you run a scan with Malwarebytes for windows ? Did you run a scan with the antivirus program application installed on this PC? [ 1 ] Run a threst scan with Malwarebytes for Windows. https://support.malwarebytes.com/docs/DOC-1549 [ 2 ] I would suggest to download, Save, and then run Malwarebytes ADWCLEANER. Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan. Version 7.4 of Adwcleaner detects factory Preinstalled applications too! I encourage you to take a look at the announcement blogpost to learn more this new detection category: https://blog.malwarebytes.com/malwarebytes-news/2019/07/your-device,-your-choice:-adwcleaner-now-detects-preinstalled-software/. Please download Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner Be sure to Save the file first, to your system. Saving to the Downloads folder should be the default on your system. Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. At the prompt for license agreement, review and then click on I agree. You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner). Then click on Dashboard button. Click the blue button "Scan Now". allow it a few minutes to finish the Scan. Let it remove what it finds. NOTE: When it comes to the section " Pre-installed applications You can skip that. Please find and send the Adwcleaner "C" clean report. In Adwcleaner, click the "Reports" button. Look at the list of reports for the latest date & type "Clean". Double Click that line & it will open in Notepad. Save the file to your system and then Attach that with your reply. Thanks. Keep me advised.
  1. Load more activity
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.