Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. malwarebytes still quarantining ace.dll. Whats up?
  3. Here is my Malwarebytes Log, FRST and Additions Log: FRST.txt Addition.txt mbae-default.log
  4. Hi, Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The Computer will restart when the fix is completed. It will create a log (Fixlog.txt) please post it to your reply. === Please post the Fixlog.txt and let me know what problem persists. fixlist.txt
  5. Windows/System32/MailContactsCalendarSync/livedomainlists.txt (also the LiveDomainList.txt is in SysWow64 and WinSxS) The LiveDomainList.txt file has a bunch of malware sites listed inside. Do you happen to know what this folder and .txt file is doing on my Windows 10 machine? The LiveDomainList.txt is being used by: syncutil.dll which is not a signed file. Thank You
  6. Ron, the problems back as of 12:17 06/15/2019 ... FYI I only use Firefox browser. I reran fix cmd (FRST) against your fixlist file again. and attached fixlog here. can you give me an idea(in laymen terms) of what your seeing in the tools result files. Fixlog.txt
  7. Today
  8. Hi there, I'm new here and looking for some help (I'm not sure if this is the right place, so if it's not please point me where I need to go). The homepage on my Safari has suddenly changed to http://localhost/?"\ and I'm unable to change it back to Google. I'm running macOS High Sierra 10.13.6 on a 2016 MacBook Pro. I've removed WeKnow adware (infected via Chrome) from the same computer months ago but have no other symptoms other than the homepage issue now. I 've had Malwarebytes installed/updated for years now and it's returning zero threats. I only updated my OS three days ago so I'm not sure if it's just an update glitch, but the issue only began appearing today.
  9. I believe its working, I don't see the dot your talking about, but I do get lines and options to correct the misspelling, (in the example I misspelled on purpose) unless this is just the build in checking?.
  10. Thanks, the block will be removed.
  11. Hey it looks like the message of the attack doesn't appear anymore, looks like the FRST list fixed the issue. Thanks Advanced!
  12. hxxps://www.eurofins.de/ is being flagged by MalwareBytes as a trojan laden website when internal vulnerability tests to identify this are coming back negative. Can you please correct so that this false positive doesn't prevent our site from rendering on our mutual clients computers or let us know why this error is popping? Please let us know how best to proceed from here.
  13. OK, task completed with files attached, same result. The Malwarebytes froze when I clicked on the ""add exclusion" button and I had to use the task manager to close Malwarebytes. Once again, thanks for your efforts Ed FRST.txt Addition.txt
  14. Of course once it's bagged in plastic you could spray the bug killer of your choice in there and give it a day or so before opening again. It wouldn't always be needed, but it's only a small on cost that can be passed on to the customer.
  15. Hi guys, We are experiencing issues with the following website being detected by Malwarebytes as being a phishing site. Website: www.6pumpcourt.co.uk Can you please review this and mark this site as safe as this is a false positive. Thanks Mat
  16. Okay, I've have finished all of that and am attaching the scan logs. Thanks. scan 06_16_19.txt AdwCleaner[C04].txt Addition.txt FRST.txt
  17. ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes 3 Help forum. If you are having technical issues with our Windows product, please do the following: If you are having licensing issues, please do the following: Thanks in advance for your patience. -The Malwarebytes Forum Team
  18. Hello Just a test regarding Support Ticket 2631095
  19. Hey Maurice, just got off of work finally....I was reading your instructions to run a scan with Malwarebytes from the start menu. When I checked mine, Malwarebytes is not in the start menu. What do you suggest sir?
  20. Well the pop up isn't coming back on for now, gonna crash now and see if the error comes back up in the morning. Will update on status ASAP. AdwCleaner.txt FRST.txt Addition.txt Malwarebytes Log.txt
  21. What is SportMuze Search?The Malwarebytes research team has determined that SportMuze Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by SportMuze Search?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did SportMuze Search get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove SportMuze Search?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of SportMuze Search? No, Malwarebytes removes SportMuze Search completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the SportMuze Search hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxp://apps.searchalgo.com/search/?category=web&s=mpds&q={searchTerms} CHR DefaultSearchKeyword: Default -> Sport Reminder CHR DefaultSuggestURL: Default -> hxxp://sug.searchalgo.com/search/index_sg.php?q={searchTerms} CHR Extension: (Sport Reminder) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink [2019-06-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0 Adds the file background.js"="8/3/2016 10:15 AM, 4354 bytes, A Adds the file manifest.json"="6/17/2019 8:53 AM, 1808 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\_metadata Adds the file computed_hashes.json"="6/17/2019 8:53 AM, 340 bytes, A Adds the file verified_contents.json"="1/25/2017 2:44 PM, 1763 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\icons Adds the file icon128.png"="6/17/2019 8:53 AM, 7302 bytes, A Adds the file icon16.png"="6/17/2019 8:53 AM, 696 bytes, A Adds the file icon48.png"="8/3/2016 10:15 AM, 4104 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jkcgfdgkbambgbobgkceeoalcdefpink"="REG_SZ", "58F4C52DFF5FEEA4AA3F95B33B75E04FFE73288F93C38362E1BB2A0861201655" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/17/19 Scan Time: 9:00 AM Log File: 8e6ebdba-90cd-11e9-a3ed-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11090 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236157 Threats Detected: 16 Threats Quarantined: 16 Time Elapsed: 5 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchAlgo.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jkcgfdgkbambgbobgkceeoalcdefpink, Quarantined, [14769], [443230],1.0.11090 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\_metadata, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\icons, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JKCGFDGKBAMBGBOBGKCEEOALCDEFPINK, Quarantined, [14769], [443230],1.0.11090 File: 11 PUP.Optional.SearchAlgo.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JKCGFDGKBAMBGBOBGKCEEOALCDEFPINK\1.0.2_0\MANIFEST.JSON, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\icons\icon128.png, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\icons\icon16.png, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\icons\icon48.png, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\_metadata\computed_hashes.json, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\_metadata\verified_contents.json, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcgfdgkbambgbobgkceeoalcdefpink\1.0.2_0\background.js, Quarantined, [14769], [443230],1.0.11090 PUP.Optional.SearchAlgo, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [367], [454816],1.0.11090 PUP.Optional.SearchAlgo, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [367], [454816],1.0.11090 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  22. Yes, pretty late for me as well. Please go ahead and run the following follow-up scans to ensure the system is clean. I'll check back on you again tomorrow. Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron
  23. Here we go, I need to crash soon so I think I'll let my computer run for a bit more then see if the error pops up again. Fixlog.txt
  24. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks
  25. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks
  1. Load more activity
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.