Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. No, it shouldn't have any impact on any third party software/AVs, only the built in Windows Defender because Microsoft made their AV to work this way.
  3. I logged on to Counter-Strike Source through Steam and tried to do a server search based off of a map. As the list of servers was populating, I received a Website Blocked pop-up from MalwareBytes. Just to note, I did not connect with any of the servers. Log info is: Also, I'm currently running a MalwareBytes full scan now and am going to do a McAfee scan once that is done. Is there anything else I need to check to ensure I'm not infected? The fact it's outbound has me concerned that something is sitting on my computer.
  4. Hello @nickarsenal Thanks for the FRST. Please know that in this sub-forum for malware help, we only work one to one. It is not a group style thing. I am going to split you off to a separate topic. I will let you know after that is done. For any others besides the Original Post creator Enkopa .....please create your own separate Topic. This topic here is only for Enkopa.
  5. Greetings, Unfortunately this feature is not available at this time, however I do know that the possibility of custom user created block lists for Web Protection have been discussed in the past but I don't know if anything ever came of it or if they intend to ever implement it. In the meantime if you use any sort of firewall solution that allows importing custom block lists then that would be the way to go, or perhaps using a custom HOSTS file on your endpoints to block access to custom sites.
  6. Hi. This is my 2nd reply for Monday. Please be sure that you have seen and acted on my preceding tips ( reply # 3 on this thread here ). I would like for you to also do what follows when you have a next opportunity. The intent here is to remove 4 rogue suspect drivers + also to try to find info about the ransomware. I noticed that a few other tools have been downloaded and saved. Note that hijackthis will be of very limited use since this O S is Windows 10. The Malwarebytes Adwcleaner only deals with adwares. I noticed a tool with the name starting with spy. Please do not use it. First, they force you to pay to do anything. Second it is of dubious benefit. Please just stick with me and also not do any self medication / or run tools without checking with me first. You should also note that Stopdecrypter cannot deal with this variant ransomware at this time. It perhaps might be able in the future. But not now. Note also: Since you said it was only the removable drive that got hit, I will guide you later on doing a Custom scan with Malwarebytes for the My Passport drive. . This custom script is for Chada only. Please Close and save any open work files before you start this next step. It will involve a Windows Restart at the end of it. I am sending a custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair. Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads folder The tool named FRST64.exe tool is already on the Downloads folder. Start the Windows Explorer and then, open the Downloads folder. Double click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF prompted by Windows to let this tool run, DO allow it to go forward. Reply YES to let it proceed. Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Let me know about the overall situation. Fixlist.txt
  7. Hello Maurice, I have the same problem and I have done steps mentioned by you. Here are my result files. Please Help me too. Thanks Addition.txt FRST.txt
  8. Problems with the website blocking can be addressed and usually fixed here on the forums. But it takes log gathering and patience communicating back and forth. It is probably other conflicting software or a possible infection that causes excessive web blocks.
  9. For any of these issues: Renewals Refunds (including double billing) Cancellations Update Billing Info Multiple Transactions Consumer Purchases Transaction Receipt Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help
  10. @LiquidTension Does turning on "Always Register" also disable Norton Security real-time protection? Thanks, Bill
  11. Today
  12. whoa thanks to this thread , i finally can remove this anomalies, apparently That SMADAV bertayed me, he was like a father to me....... but thanks for helping my problem too Thanks nasdaq very cool!
  13. My Cmore programming software got quarantined while in use as Malware.Ransom.Agent.Generic
  14. Hello, was this addressed? we don't appear to be having the issue any longer
  15. I have also tried with "Enable WMI" both on and off
  16. Hello @exile360 and @N33dful, thank you so much for taking the time to help! I tried these steps, as well as removing the firewall, and it did not work :/ Two points of change though: When pushing to non-windows 10 computer, there is no trouble at all (one is running windows 7 and the other is running windows 8). Also, after making the account on the windows computer a local account (instead of the default that is directly connected our microsoft account), the error message is "Access is Denied". I have confirmed that the account has administrator privileges. What else should I try, --Brandon
  17. Thanks for the report. We're investigating this further and will see if we can work directly with Kaspersky. Keep in mind that this can be skipped simply by removing the checkmark next to "Malwarebytes version 3.x". This will allow you to proceed with the Kaspersky installation whilst retaining your Malwarebytes installation. Afterwards, you can configure mutual exclusions in either product to reduce the likelihood of any conflicts occurring. For details on what exclusions to enter into Kaspersky, refer to the following article.
  18. Hi @shermank, A notification is still displayed when a scheduled scan completes. Were you at the computer when the scan was reported to have finished? Note the notification will self-dismiss itself, so if you were not at the computer you may have missed it. Also note that if the Malwarebytes user interface is in focus, the notification will not be displayed.
  19. Is there a way to create a custom website [BLOCKING] rule that will block certain websites so that they cannot be accessed. I know you have your default blocking that occurs based on the websites reputation, however what if we'd like to create a custom block. Thanks, tdoubleu
  20. I don't have time right now to do the experiments people are talking about, but I wanted to throw out a possible clue. I've just started getting this hitching this morning, and started wondering what might have changed to cause it. For what it's worth, yesterday I rebooted the computer after a 2-3 weeks, and it installed a Microsoft update. This morning, I opened Chrome (with about 25 tabs open) for the first time since the update. Chrome definitely seems to be a big problem here, although all those tabs were open before the update. Not sure if that helps.
  21. Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === We need more information to give you sound advice. Download the Farbar Recovery Scan Tool (FRST). Choose the 32 or 64 bit version for your system. and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file: In the Reply section in the bottom of the topic Select Click the Choose a File. Navigate to the location of the File. Click the file. It will appear in section. Click the Saving button. Please post the logs for my review. Wait for further instructions ====
  22. That's correct. Using the "Always register" setting will ultimately result in Windows Defender being disabled. You can still utilise the periodic scanning feature in Windows Defender, but it will not provide any form of real-time protection.
  23. Hi, Can you please run the Farbar program and post only the FRST.TXT log for my review. also, please let me see this log. --RogueKiller-- Download & SAVE to your Desktop Download RogueKiller Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or above, right-click the program file and select "Run as Administrator" Accept the user agreements. Execute the scan and wait until it has finished. If a Windows opens to explain what [PUM's] are, read about it. Click the RoguKiller icon on your taksbar to return to the report. Click open the Report Click Export TXT button Save the file as ReportRogue.txt Click the Remove button to delete the items in RED Click Finish and close the program. Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next. =======
  24. Hi, Chada. My name is Maurice. I will be helping and guiding you, going forward on this case. I regret to read that your system is the victim of this encrypting ransomware. Typically most ransomwares delete themselves once they have done their dirty deed. My first questions to you are: When was the first day that you started seeing the ransom notes ? or noticed the encrypted files ? and prior to that, think back to the day before that, Did you perhaps open a attachment from some Email ? Did you go get some sort of app, game, or utility program of any kind ? If that is so, please provide me as much detail as possible. I can help you to check this system for any malware. I can help you on removing the ransom notes. If you have previously saved Backups of this system, that is the best way to restore your damaged files. There is no known decrypter utility for this new ransomware variant. It looks like it is a new variant of the so-called STOP ransomware. I can also provide you some tips to try to manually look for and try to recover your files that had been deleted ( if any) in the ransomware's encryption steps. At this point, do not delete the files marked with .KVAG extension on the filenames. Keep those in place. There may be in the future a decrypter for this. As of now, there is no known decrypter. I also would like to get from this machine some additional files associated to this ransomware. This system is a Windows 10. Lets start by insuring that Windows 10 shows all folders, all hidden files or folders. What follows is a first step to have Windows 10 show all files and folder. Do not let this spook you out. There is a how-to at Tenforums. Use either option one or two or three https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] This pc does not have Malwarebytes for Windows. Lets get it installed and then do a scan with it. For download & setup see https://support.malwarebytes.com/docs/DOC-1141 Be sure you Save the setup file first. Then run that to begin the setup. [ 3 ] Let's do one special run with Malwarebytes for Windows. Start Malwarebytes. Click Settings. Click Protection tab Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON CLICK it to get it ON & also in Scan options. On the section "Potential Threat Protection" look down at the one "Potentially Unwanted Programs (PUPs)" look and make sure it is set to "Always detect PUPS ". and look down at the one "Potential Unwanted Modifications (PUM)" look and make sure it is set to "Always detect PUM ". and scroll all the way down to the section Automatic Quarantine On the line "Automatically quarantine detected malware" be sure it is ON Then once all set there, click on SCAN button Then insure Threat scan has a check mark. Then click Start scan. Review the results list. Then I would suggest you make sure all lines have a check mark To that end, if you click the very top left checkbox you can force all detected lines ( if any are detected) to be selected for removal. Be sure each line is checked. Then you can proceed to click on the blue button Quarantine selected. In Malwarebytes. Click the Reports button ( on the left ) Look for the "Scan Report" that has the most recent Date and time. When located, click the check box for it and click on View Report. Then click the Export button at the bottom left. Then select Text File (*.txt) Put in a name for that file and remember where the file is created. Then attach that file with your next reply Please stick with me here. There is more things to do after this. and as to some potential ways to try to recover your files, see my posting here https://forums.malwarebytes.com/topic/251629-all-the-files-in-hdd-extensions-changed-to-kvag/?do=findComment&comment=1335048 That is reply # 30 on that topic. For your benefit, and for that of other readers, if you do a generic web search for help on this, be aware that there are a number of lures out there that are hawking for pay solutions using dubious and ill-advised tools. Please just stick with me here. I will need to gather some additional info from this pc, as well as provide you more guidance. Sincerely, Maurice
  25. As I say though there does seem to be a bigger issue as the Windows settings will not show the available networks. It will show the one that your are connected to, which has to be in your known networks list, but clicking on 'Show available networks' results in no action whatsoever. I'll relocate later and see if it will pick up the network(s) there. I suspect that I'll have to do the 'forget' and 'add' trick again though. EDIT- nope I relocated and it picked up the network and connected automatically. Still can't see the other available networks though. I've tried updating the adapter driver with no joy. As long as I can connect OK then I'll leave it for MS to get around to fixing it properly.
  1. Load more activity
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.