Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. I rebuilt my PC a week or so ago and have also been asked to quarantine these files whenever I start my PC. If it's nonthreatening can you please remove the alert? If not, how can I prevent it occurring? Thanks
  3. oh right bro tell me if this ain't right and ill get on it ASAP albeit I believe it is reading it. domain 1.3.zip
  4. What is Free Streamz?The Malwarebytes research team has determined that Free Streamz is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This particular one is a search hijacker and uses a web push notifications service that is blocked by Malwarebytes for fraud.How do I know if my computer is affected by Free Streamz?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and these changed settings:How did Free Streamz get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Free Streamz?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Free Streamz? No, Malwarebytes removes Free Streamz completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Free Streamz hijacker. It would have blocked their notifications service, giving you a chance to stop before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://feed.free-streamz.com/?q={searchTerms}&publisher=free-streamz&barcodeid=547990000000000 CHR DefaultSearchKeyword: Default -> FreeStreamz CHR DefaultSuggestURL: Default -> hxxps://suggest.free-streamz.com/suggest/get?q={searchTerms} CHR Extension: (FreeStreamz) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme [2019-04-19] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0 Adds the file closer.js"="8/7/2018 11:31 AM, 15 bytes, A Adds the file manifest.json"="4/19/2019 8:52 AM, 2318 bytes, A Adds the file popup.html"="2/25/2019 12:17 PM, 1154 bytes, A Adds the file tab.html"="8/7/2018 11:31 AM, 165 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\_metadata Adds the file computed_hashes.json"="4/19/2019 8:52 AM, 2561 bytes, A Adds the file verified_contents.json"="2/25/2019 12:17 PM, 2947 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\images Adds the file how-1.png"="2/25/2019 12:17 PM, 2862 bytes, A Adds the file how-2.png"="2/25/2019 12:17 PM, 3247 bytes, A Adds the file logo-small.png"="2/25/2019 12:17 PM, 1173 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\images\icons Adds the file 128x128.png"="4/19/2019 8:52 AM, 12951 bytes, A Adds the file 16x16.png"="4/19/2019 8:52 AM, 699 bytes, A Adds the file 64x64.png"="4/19/2019 8:52 AM, 4984 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\scripts Adds the file background.js"="3/25/2019 4:50 PM, 31406 bytes, A Adds the file jquery-3.3.1.min.js"="2/25/2019 12:17 PM, 86927 bytes, A Adds the file popup.js"="2/25/2019 12:17 PM, 542 bytes, A Adds the file sitecontent.js"="2/25/2019 12:17 PM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\styles Adds the file popup.css"="2/25/2019 12:17 PM, 1270 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications Adds the file 000003.log"="4/19/2019 8:52 AM, 10226 bytes, A Adds the file CURRENT"="4/19/2019 8:50 AM, 16 bytes, A Adds the file LOCK"="4/19/2019 8:50 AM, 0 bytes, A Adds the file LOG"="4/19/2019 8:50 AM, 150 bytes, A Adds the file MANIFEST-000001"="4/19/2019 8:50 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_jbkobccpdeopgakipgbodjmondkcaeme Adds the file Free Streamz.ico"="4/19/2019 8:52 AM, 207603 bytes, A Adds the file Free Streamz.ico.md5"="4/19/2019 8:52 AM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jbkobccpdeopgakipgbodjmondkcaeme"="REG_SZ", "D1B9AD0E0B7110C1E4001BEA3651A180914DC60B03C7A9ED2017D4B6780690C6" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/19/19 Scan Time: 9:04 AM Log File: 6825d998-6271-11e9-ab0b-00ffdcc6fdfc.json -Software Information- Version: Components Version: 1.0.563 Update Package Version: 1.0.10236 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236636 Threats Detected: 29 Threats Quarantined: 29 Time Elapsed: 6 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.FreeStreamz, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jbkobccpdeopgakipgbodjmondkcaeme, Quarantined, [309], [663243],1.0.10236 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\images\icons, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\_metadata, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\scripts, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\images, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\styles, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JBKOBCCPDEOPGAKIPGBODJMONDKCAEME, Quarantined, [309], [663243],1.0.10236 File: 21 PUP.Optional.FreeStreamz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JBKOBCCPDEOPGAKIPGBODJMONDKCAEME\1.0.1_0\MANIFEST.JSON, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\images\icons\128x128.png, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\images\icons\16x16.png, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\images\icons\64x64.png, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\images\how-1.png, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\images\how-2.png, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\images\logo-small.png, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\scripts\background.js, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\scripts\jquery-3.3.1.min.js, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\scripts\popup.js, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\scripts\sitecontent.js, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\styles\popup.css, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\_metadata\computed_hashes.json, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\_metadata\verified_contents.json, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\closer.js, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\popup.html, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkobccpdeopgakipgbodjmondkcaeme\1.0.1_0\tab.html, Quarantined, [309], [663243],1.0.10236 PUP.Optional.FreeStreamz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [309], [655944],1.0.10236 PUP.Optional.FreeStreamz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [309], [655944],1.0.10236 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. Today
  6. Greetings, The Malwarebytes browser extension beta should work on mobile operating systems as long as the browser is compatible. You can learn more about it and find download links in the topics listed below: Chrome Firefox Also, specifically with regards to mobile operating systems, Malwarebytes does currently offer a version of its flagship product, Malwarebytes, both for Android and iOS depending on which operating system/type of smart phone you have. You can learn more about each version here and here and just like with the Windows version, aside from malware, Malwarebytes for mobile also specializes in targeting and preventing PUPs (adware, spyware and similar junk) much like ADWCleaner does. I hope that helps clarify things and if there is anything else we might assist you with please don't hesitate to let us know. Thanks
  7. Hello, I live in Spain and the apple store tells me your app is not disponible in my country do you have an alternative?
  8. Greetings, While that definitely sounds odd, it could just be a matter of one of the default Windows behaviors occurring whenever a new storage device (like the card reader built into the printer) is plugged into the computer. I believe by default that Windows Media Player is configured for several autoplay functions related to removable media/devices like looking for and importing automatically any music and video files that might be present on those storage devices, so Windows may simply be monitoring and calling for that function in Windows Media player whenever those devices are added to or removed from the PC which causes the Windows Media Player process to execute in memory, thus causing Malwarebytes to display this message since Windows Media Player is one of the default shielded applications that it will inject its anti-exploit DLL into for the purpose of monitoring for malicious exploit activity and behaviors. In fact, I bet if you monitored Task Manager when attaching/removing your printer, that you'd see one of Windows Media Player's processes enter memory briefly each time that occurs (it will most likely start with wmp if you sort the list of processes by name). I hope that answers your question, but if not please let us know, and if there's anything else we might assist you with please don't hesitate to post again. Thanks
  9. ***This is an automated reply*** Hi, Thanks for posting in the AdwCleaner Help forum. Someone will reply shortly, but in the meantime here are a few resources which may help resolve your issue: AdwCleaner user guide A malicious element isn't being detected? Submit the sample here! Need help with another Malwarebytes product or malware removal? Click here for home support Click here for business support Click here for malware removal help Thanks in advance for your patience. -The Malwarebytes Forum Team
  10. I am very new with (a smart) cell phone. I take it from the link that was provided from staff at the start of this forum that drives one to the full promotion for adwcleaner that it was not started with mobile in mind and there is nothing that refers to cell phones. Now, with my first, new smart phone, I am plagued....just plagued with crap getting in my way as I struggle up the learning curve, which just confuses me in my effort to get where I want and when there, sometimes have unwanted in the way. I actually had d/l adwcleaner just a short while ago and then choose an app to go find it. I clicked on adwcleaner and had multiple choices to open it. I choose GooglePlay not knowing which was best. It could not open it. IT WAS THEN that I woke up with the thought adwcleaner is not going to facilitate the execution and probably none will. That is when I recalled the link that staff provided .... FAQ.... which is where I found no reference to cell phones. QUESTION: Doe the malwarebites browser extension calculate to be the best possible for the phone, or is it not mobile available ? Thank you in advance for your suggestions !
  11. Hello @Nazim and Please try to run the following and post back the logs. Thank you Ron
  12. Recently I installed MBAE on my Vista 32bit. I could say , it worked well until now. But whenever I power on my printer, it says "Windows Media Player is now protected". Same notification also appears when I power it off. It's a Brother printer with built-in card readers. Is that a correct behaviour?
  13. This morning Malwarebytes ran automatically on start up and found 5 threats. Quarantine resulted in only 1 file being removed, 4 failed. Log attached. Malwarebytes Report Scan 4 items not removed.txt
  14. Then not much I can do at this point except wait for justice to find them, and hope the unlock keys are done, then.
  15. Glad you solved part of the mystery. I'd advise you to wait for the staff to come to work in a few hours as they will undoubtedly want to try and figure out why you are seeing these anomaly’s. I suspect they will want you download and run a diagnostic program and submit the results outside of this discussion as it is likely to contain information best not publicly posted.
  16. The folders also say there are zero bytes
  17. This can be understood by only white hack hacker and those who have good knowledge in scanning, itunes error 0xe80000a helped me to get all the possible solution to prevent these issues.
  18. I found ApplePushService and com.apple.TCC which say I don't have permission to access even though I am the admin
  19. There are three Library folders. Are you sure you looked in the correct one. There is /System/Library, but it's heavily protected, so unlikely to be there. There is /Library which requires an admin password to modify, so possible, but relatively low probability. Then there is /Users/<YourUserName>/Library which is sometimes invisible. Best way to get there is to click on the Go menu in Finder and select Library.
  20. Thanks. You can go ahead and run Autoruns again and re-enable those two items by checking the checkbox next each one and they'll load normally the next time your start your system. As for the continuing issue with Malwarebytes not activating, I'm not certain but I suspect either something is blocking the connection or it may be a problem with it not validating its security certificate correctly. Either way I'll request that a member of the Support team take a look and assist. @AdvancedSetup or @LiquidTension could one of you please take a look and assist? Thanks One of the Malwarebytes Support team members should be along soon to assist and hopefully get this issue resolved. Thank you for your continued patience. Hopefully resolving this issue won't take long.
  21. I disabled the two Bonjour entries in Autoruns, restarted the computer, and confirmed the entries were still disabled. I installed the newest version of Malwarebytes and attempted to activate my license. Unfortunately, I got the same two error messages.
  22. App Block runner on top righthand top of screen only disappeared for a day and now every time I start up it comes back. Ran scan and no quarantine shows up, report says app is in Library, looked not there. I can close it for a second to access the new window tab or other tab. What can I do to stop this? Is it a feature? When I click on learn more it does not tell me what to do. The report said it is in the library on April 15, it doesn't give me that info now. Do I uninstall and reinstall Malwarebytes or what, I have version 3.7. It is really annoying, is this a feature, infection, what?!
  23. I did a scan and everything was clean. There were no quarantines. When I restarted twice it finally went away. But the App Block needs working on.
  24. Thanks. The only item I see that might be causing it would be the entries for Bonjour: mdnsNSP Bonjour Namespace Provider (Verified) Apple Inc. c:\program files (x86)\bonjour\mdnsnsp.dll 8/31/2011 12:44 AM 0/67 mdnsNSP Bonjour Namespace Provider (Verified) Apple Inc. c:\program files\bonjour\mdnsnsp.dll 8/31/2011 12:53 AM 0/65 Please run Autoruns again and navigate to the Winsock Providers tab and uncheck the box next to each of those items and restart your system then check to see if Malwarebytes is able to update and activate properly and let us know how it goes. Thanks
  1. Load more activity
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.