Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. ***This is an automated reply*** Hi, Thanks for posting in the AdwCleaner Help forum. In order to help us assist you to resolve your issue, please post or attach your latest AdwCleaner log files with your post. https://support.malwarebytes.com/hc/en-us/articles/360039021593 Someone will reply shortly, but in the meantime here are a few resources which may help resolve your issue: Malwarebytes AdwCleaner guide A malicious element isn't being detected? Submit the sample here! Need help with another Malwarebytes product or malware removal? Click here for home support Click here for business support Click here for malware removal help Thanks in advance for your patience. -The Malwarebytes Forum Team
  3. I recently downloaded a safe portable program by Cheathappens called Cosmos that I put in my Portable folder for which I then created a desktop shortcut that I named Cosmos. Unfortunately Adwcleaner has detected the .lnk file as PUP.Optional.CosmosSystemCare which it isn't connected to. Obviously the PUP software Cosmos System Care creates a shortcut named Cosmos also, hence the detection. Now, I know I can simply add the legitimate .lnk file to exclusions, but I'm wondering if this would then prevent Adwcleaner from detecting a genuine Cosmos System Care shortcut if it ever happened to infect my PC in the future. So, in short, does adding a file to an exclusion just prevent that one file from being detected or does it block all files that happen to be named Cosmos? Thanks.
  4. So, I take it, that overall, this pc is doing better with this latest release version & component. vers / component 1.0.972 I can state from my own usage and testing ( with several web browsers) that I have not encountered any browser stall, or browser freeze, or browser status-bar message about "rresolving host". I have had the Component 1.0.972 ever since it came out in the Beta on Monday June 29, 2020
  5. Hi, Do you have a scan log?
  6. This is the main executable for the HDFury Vertex, homepage https://www.hdfury.com. There is a newer driver but I would like to confirm that this is a false positive. Thanks you. VERTEX-GUI-1.34.zip
  7. Hi, Can you zip and upload this folder as ZIP archive in your next reply? C:\ProgramData\Malwarebytes\MBAMService\ScanResults
  8. I just upgraded IOBit Uninstaller to v9.6. During the installation I kept getting a Malware.Generic false positive for the setup.exe that was unpacked to a temporary directory. Turning off Malwarebytes I got the program installed, but now it is flagging the automatic updater program, "AUpdate.exe" in IOBit Uninstaller's installation folder, as also being Malware.Generic. None of these detections occurred with the prior version of IOBit Uninstaller
  9. I apologize, it's been doing it randomly and is not consistent url: htxxp://irishost.xyz/
  10. Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === By refreshing Chrome as suggested the items/entries causing this were removed. No other action is necessary. Keep the removal instructions in the event that in the future you encounter the same problem. If however the fix does not solve the issue it's possible that something else causing it Then start a new topic and follow these directives. Download the Farbar Recovery Scan Tool (FRST). Choose the 32 or 64 bit version for your system. and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please Attach it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file: In the Reply section in the bottom of the topic Select Click the Choose a File. Navigate to the location of the File. Click the file. It will appear in section. Click the Saving button. Please attach the logs and helper will peruse them and advise. Wait for further instructions ====
  11. Today
  12. Just FYI, it is my understanding that AVZ was replaced by Kaspersky's own portable scanner, AVPTool and that AVZ hasn't been updated in several years. I don't even think it was in development at all since Windows Vista or even XP. If anyone knows better please feel free to correct me.
  13. Hi, I couldn't reproduce the detection. Can you fetch this report please? C:\ProgramData\Malwarebytes\MBAMService\ScanResults\27f130ce-bcd0-11ea-8bc2-f8cab826195b.json
  14. Hi, Malwarebytes flags NordVPN install as false positive, please whitelist it. Setup file and log attached. Thank you. NordVPNSetup.exe.zip nordvpn update malware warning 03-07-2020.txt
  15. It sounds as though the business version doesn't register with the Security Center by default, though you can check the settings in Malwarebytes to see. In the consumer version there is an option to control whether Malwarebytes registers with the Windows Security Center located under the General tab in settings and if the business version has the ability to register with the Windows Security Center there is likely an option for it somewhere in the UI and/or policy (if using the managed version).
  16. What is Serp App? The Malwarebytes research team has determined that Serp App is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Serp App? You may see this entry in your list of installed Chrome extensions: and you may have noticed these warnings during install: and this new search page: Note the extra o in the address How did Serp App get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Serp App? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Serp App? No, Malwarebytes removes Serp App completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Serp App hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Serp App) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao [2020-07-03] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0 Adds the file background.js"="6/19/2020 4:37 AM, 4614 bytes, A Adds the file manifest.json"="7/3/2020 9:00 AM, 1223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\_metadata Adds the file computed_hashes.json"="7/3/2020 9:00 AM, 183 bytes, A Adds the file verified_contents.json"="6/19/2020 4:39 AM, 2237 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\assets\icons\app_icons Adds the file icon128.png"="7/3/2020 9:00 AM, 12346 bytes, A Adds the file icon16.png"="7/3/2020 9:00 AM, 520 bytes, A Adds the file icon48.png"="7/3/2020 9:00 AM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\assets\icons\ba_icons Adds the file icon128.png"="7/3/2020 9:00 AM, 1228 bytes, A Adds the file icon16.png"="7/3/2020 9:00 AM, 167 bytes, A Adds the file icon48.png"="7/3/2020 9:00 AM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao Adds the file 000003.log"="7/3/2020 9:00 AM, 51 bytes, A Adds the file CURRENT"="7/3/2020 9:00 AM, 16 bytes, A Adds the file LOCK"="7/3/2020 9:00 AM, 0 bytes, A Adds the file LOG"="7/3/2020 9:15 AM, 184 bytes, A Adds the file MANIFEST-000001"="7/3/2020 9:00 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "fmdaigicalbbnbafdmlnolgjoebkhgao"="REG_SZ", "F8DE46E2DC7E985223575406B2F0297596E3BD73C6F6CD2C683A2C651D89C295" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/3/20 Scan Time: 9:21 AM Log File: d2781aa8-bcfd-11ea-8321-00ffdcc6fdfc.json -Software Information- Version: Components Version: 1.0.972 Update Package Version: 1.0.26337 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232259 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 5 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fmdaigicalbbnbafdmlnolgjoebkhgao, Quarantined, 15214, 832194, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMDAIGICALBBNBAFDMLNOLGJOEBKHGAO, Quarantined, 15214, 832194, 1.0.26337, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\000003.log, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\CURRENT, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\LOCK, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\LOG, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\MANIFEST-000001, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMDAIGICALBBNBAFDMLNOLGJOEBKHGAO\1.4_0\MANIFEST.JSON, Quarantined, 15214, 832194, 1.0.26337, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  17. @Porthos Here is the zip file. mbst-grab-results.zip
  18. Hey so I followed this guide here https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/ It seemed to solve the issue but what im asking is basically. Does the method in that forum post I linked actually delete the malware? Or does it just block Malwarebytes from detecting it. If its malware I want to get rid of it. I have a txt file from saving the results of the scan if youd like me to send it. Im just not sure if theres private information inside of it about my desktop.
  19. I meant anti-malware protection and self defense were successfully started on every boot according to UI. Firefox was taking very long time to resolve host.
  20. HI Exhile - thanks for your reply. This is the business version, and Defender seems unaware of MWBytes?
  21. Malwarebytes flags plex. I don't download from non legal sites, so I don't know what is happening. I don't recall ever going on the internet archive for any reason. I do download album covers from the web to update my media with. Could one of those pictures of album covers be causing this? Log Details- Protection Event Date: 7/3/20 Protection Event Time: 3:21 AM Log File: d8b48f14-bcfd-11ea-a281-3417ebb098fd.json -Software Information- Version: Components Version: 1.0.972 Update Package Version: 1.0.26335 License: Premium -System Information- OS: Windows 10 (Build 19041.329) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Phishing Domain: ia902800.us.archive.org IP Address: Port: 443 Type: Outbound File: C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
  22. Hiya JDOGG, Thanks for those logs, continue please: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system.... https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply, also let me know if there are any remaining issues or concerns... Thank you, Kevin.. fixlist.txt
  23. Hello. I got a false negative videoprojectslauncher.exe, but for some reason I cannot restore the file. It says access is denied. Someone from staff told me that he foun some errors in my logs. Is this virus related? I'm also running AVG "Not sure why is that happening but I've spotted some failures in your logs. " mbst-grab-results.zip
  24. You can open a topic here if you would like to check if your system is infected. https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/ I gave you all instructions so I'll close this topic as there's no point discussing anymore. False positive you had is fixed now and being unable to unquarantine is some system or MalwareBytes issue. Or even a hardware problem.
  1. Load more activity
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.