Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. Be aware the file you appear to be scanning looks like a picture. MB does not scan pictures.
  3. Like many others I have seen here I am getting the powershell app on start-up. I have tried a few things like disabling the process in the task panel as well as turning off powershell 2.0 in Windows Features. I need help please...
  4. Sorry if I wasn’t clear. It’s not at all unusual for adware to make subtle changes to their installation, while continuing to use the same display dialogs in an attempt to convince the user to panic. Changing the name of a file or it’s location on the computer is usually enough to defeat MWB scans. It would also be easy to reuse these displays/dialogs by other adware developers using a different approach. That assumes what we are observing is actual adware. There is still a chance this is malvertising. MWB generally cannot stop that.
  5. Hello: I installed 7Zip, which appears to have installed Bandoo PUP. Malwarebytes advised me of this, and I quarantined the files, but I'm afraid that Bandoo may have left files. I understand Bandoo can actually install a rootkit. Can you help me remove it? I have done a complete scan with Malwarebytes, and it didn't find anything, but just want to be sure. Thanks!
  6. Was trying to "trigger" it so did some eBay and Kijiji surfing and got it to happen again. I don't honestly know if it is tied to eBay or Kijiji at all or perhaps is triggered by searching or clicking any links. I'll know more going forward as I'll pay more attention to it than I did over the weekend lol. Anyway, it took me to one of the same domains as before and presented the fake Flash install.
  7. I know what it’s an ad for and don’t advocate using it whatsoever. The fact that they are using a screenshot of the exact same thing op posted tells me that this sham place knew about it in May so my question now is why doesn’t MB know about it AND why hasn’t a staff member popped into this thread yet
  8. Ah, you're correct. I was distracted by the "PC Risk" logo. It's actually an ad for Combo Cleaner Anti Virus for Mac, which is mostly a sham. Still doesn't mean this isn't a new variant of whatever that was.
  9. But that's a Windows infection, so we can't really know that this isn't a new Mac variant using the same dialogs.
  10. The screenshot link I posted is from May , so it's not new whatever it is
  11. Not if it's new or a new variant. Normally, Malwarebytes and BitDefender become aware of such things and update their databases around the same time.
  12. Actually, that's just part of the information collected. The tool will include much more about what's currently installed and configured on your computer. So I believe it's time to submit a system report created with the help of below article (please don't post the zip file here) https://support.malwarebytes.com/docs/DOC-3235 Instead, log a support ticket with help of below link and attach the file with the email https://support.malwarebytes.com/community/contactsupport/pages/home-support
  13. It does. Though that screenshot has only happened once (the latest). All the other times it was a cheesy looking Flash install screen. As an addition, that link mentions looking in LaunchAgents for suspicious items. I did that as well as in LaunchDaemons and didn't find anything. It talks about "PUA" (potentially unwanted apps) and I haven't installed anything recently. Other than a few apps from the the Mac Store all I have installed is Calibre E-Books, GIMP, Google Earth Pro, MacLoggerDX, Mailplane, NetBeans, SkookumLogger, Transmit and World of Tanks. No browser extensions, no Flash etc. The last program to be installed was World of Tanks. Though I would think that if the Mac version of this game was installing a click-jacker the Mac sub-forum on WOT would be full of people complaining. Then again you never know.
  14. I'm very surprised Bitdefender hasn't picked up on any of that
  15. This looks exactly like you're screenshot https://www.pcrisk.com/removal-guides/14849-your-mac-is-infected-with-4-viruses-pop-up-scam-mac
  16. Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Select the Windows key and X key together, from the winx menu select "Command Prompt (Admin)" At the prompt type or copy/paste :- DISM /Online /Cleanup-Image /CheckHealth then hit the enter key. What results do you get..? Thanks, Kevin.. fixlist.txt
  17. As stated in the op, no profiles exist to delete in the first place, and everything else WeKnow doesn't apply (including extensions, I don't have any) as it doesn't exist. I've been down that road already which is why I posted here in the first place. There is nothing to submit to customer support yet because Malwarebytes isn't finding anything so there is nothing in the app log. All I have at this point is "something" is clickjacking in Safari and it isn't WeKnow. I will compile a collection of URLs it sends me to along with screenshots of the fake macOS screens. Then at least I'll have something to submit.
  18. Hi, My name is Maurice. Bleepingcomputer is a trusted source & a store-house of information about ransomwares. Please see https://www.bleepingcomputer.com/news/security/decryptor-for-megalocker-and-nampohyu-virus-ransomware-released/ Malwarebytes has no decrypter for any variant of ransomware. Please know that ransomwares delete themselves after doing their deed. They also would have deleted all System Restore points and disabled the Windows System Restore service. Ditto for the Volume Shadow copy service. Note: You can upload a copy of the ransom note file to https://id-ransomware.malwarehunterteam.com/ for a analysis of the variant of ransomware. That site can help in identifying the variant.
  19. Hi, @Brillopad My name is Maurice. I will be helping and guiding you, going forward on this case. Please let me know, Did you run a scan with Malwarebytes for windows ? Did you run a scan with the antivirus program application installed on this PC? [ 1 ] Run a threst scan with Malwarebytes for Windows. https://support.malwarebytes.com/docs/DOC-1549 [ 2 ] I would suggest to download, Save, and then run Malwarebytes ADWCLEANER. Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan. Version 7.4 of Adwcleaner detects factory Preinstalled applications too! I encourage you to take a look at the announcement blogpost to learn more this new detection category: https://blog.malwarebytes.com/malwarebytes-news/2019/07/your-device,-your-choice:-adwcleaner-now-detects-preinstalled-software/. Please download Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner Be sure to Save the file first, to your system. Saving to the Downloads folder should be the default on your system. Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. At the prompt for license agreement, review and then click on I agree. You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner). Then click on Dashboard button. Click the blue button "Scan Now". allow it a few minutes to finish the Scan. Let it remove what it finds. NOTE: When it comes to the section " Pre-installed applications You can skip that. Please find and send the Adwcleaner "C" clean report. In Adwcleaner, click the "Reports" button. Look at the list of reports for the latest date & type "Clean". Double Click that line & it will open in Notepad. Save the file to your system and then Attach that with your reply. Thanks. Keep me advised.
  20. Hi, @jaweston My name is Maurice. I will be helping and guiding you, going forward on this case. The screen you relayed is a kind of malvertisement and does not come from your PC. It emanates from the Internet and exists as Browser based alert and not something from some thing on your computer. Malwarebytes won't "catch it" for that reason. Browser lockers reside in the browser cache only, it does not involve actual malware on your computer. This is a fake, made-up “warning page” designed to lure you into a scam. Please keep in mind that the computer mouse and the keyboard can still be used to get rid ( close out) the screen. Cleaning the browser history removes the pop-up. ( tips below ). Tech support scammers use fake warnings and lie about the state of your computer to frighten you into calling them & then flim-flam you into a so called cleanup or perhaps, some maintenance scam. Getting rid of bogus screen (s) Look at the very topmost right corner of the browser itself. I mean the one for Chrome or Firefox or Edge browser itself ( or matter of fact any browser). Move the mouse pointer over the X at the very far right-top corner and click that. That will close the browser and its display and the audio too ( if any). You could also use Alt-key + F then click on Exit. . Other ways available, if the one above is not a success. You can easily use keyboard key-press shortcuts to get rid of the false pages displayed. ( see below). And if there is any video with this, it will stop when the page is closed. When this fake is in the foreground and in a web browser, there are many ways to get it off the screen. I would suggest to do a few keyboard presses to get rid of the windows on-screen. press and hold CTRL key on keyboard and then tap W key. CTRL + W That should close the Tab page of the web browser in the foreground. You can repeat as needed. Every web browser will recognize the CTRL+W key-presses as a "close this window" command. . . Other ways to get rid of screen: Press and hold ALT-key on keyboard and then tap the F4 function key a to get the foreground windows closed and done away with. ( repeat use of ALT + F4 sequence). ALT + F4 is especially helpful against the smaller window ( if any) that is up in front. If your machine is a notebook or laptop, you should depress and hold the ALT + FN (function key) + F4 keys. ALT + HOME key on the keyboard will put your browser page back onto your prior choice for Home page. That easily deals with the bigger full page displayed. Then while still in the web browser, press and hold SHIFT + CTRL + DELete keys to start the process to delete all browser cache & history. Other ways to get rid of the bogus display are listed below: There is always the ability to end the web-browser program thru using Windows' Task Manager applet. Click the Start button and type: taskmgr.exe and then press Enter. ( or you can press and hold CTRL-key on keyboard + ALT-key +DELETE key to get Task Manager option). In the processes tab, find the process for whichever browser you are running: _iexplore.exe, firefox.exe, chrome.exe, MicrosoftEdge.exe, MicrosoftEdgeCP.exe_ and then click _End Process_ or _Terminate_. Look at the following Malwarebytes Blog article and scroll down to the section marked *Clear your browser's cache* and do that for each of your web browser programs. https://blog.malwarebytes.com/puppum/2017/04/adware-the-series-part-1/ Contrary to what one may have thought, the scare ware does not "lock" the machine. You can still press the Windows-key on keyboard to get the Windows menu. You can use a variety of Windows Keyboard shortcuts to get around to other choices for remedy. NOTE: While it may look as if your machine seems locked, I can assure you it is not. Task Manager can be used. Other Windows keyboard shortcut commands can be used. The Windows RUN option as well is also available.
  21. Two of my clients running Malwarebytes on a Windows 10 computer have reported the same potential malware that is paralyzing their computers. I don't have the details, but it involves calling (877) 371-5303. Also showing a window from Windows Security| Microsoft Edge noting: The server catabolic.mi is asking for your user name and password. One client ran Malwarebytes, which didn't find any issues. Does anyone know anything about this?
  22. Not big news though, as many mainstream sites have been and probably still are serving malvertisements they get from third party sources. Have you checked to see if there are any browser extensions/add-ons that you don't recognize? Any profiles in System Preferences->Profiles? Have you followed the steps in the pinned article at the top of this forum yet? The next step will be to submit some troubleshooting data from you computer to Customer Support, not here. I'll direct you after you accomplish the above items.
  23. @BrianWH, just to be clear, it was the "ITL Web Safe" extension that appears to be from PCVARK, not "Dark Mode" from Denk Alexandru.
  1. Load more activity
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.