Jump to content

travail

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I'm sorry, I failed to mention that we see 'severity' logged only in the XML file ...
  2. Recently MAB nailed and logged a couple of attempts, by some software I was running, to attach to some external websites - great! I'm wondering, though what the internal log notation 'severity = "debug" ' means. In fact, all entires, normal or not, list the 'severity' as "debug". Is this because the 'severity' classification is not yet implemented? I don't see that it matters as far as MAB's operation goes...
  3. Darn, I didn't even see that in the settings! About having control of the popup time ...I'll change that right now. BY THE WAY, I did go back to the time that I remembered seeing the popups and SURE ENOUGH, the software that I started running at that time was the guilty party! The logs certainly do have the website info and the name of the software attempting the attachment! Love it! The company selling that software absolutely denies any possibility of what I saw. I suppose they'll say the PROOF is bogus, too. Obviously, behind the scenes, they'll be happy to get this info, but it'll be interesting to see their response. Thanks again! travail
  4. Thanks! I see! I did notice a brief popup about two days ago, so I should go back further and I should find the entry from that one. Guess I can take it from here ...I sure feel better knowing those aren't repeating attach attempts! AND that the website info will be saved in the logs ...the popup goes so fast that I can't react with my screen capture fast enough ... Best Regards, travail
  5. Thanks for the reply daledoc1 ... until I get a chance to download and run the diagnostic stuff and get the output up on here, I can attach a copy of the Protection log form the last 24 hours, which clearly shows my interest, entries such as this: "Protection, 7/5/2015 2:30 AM, SYSTEM, PC764, Protection, Malicious Website Protection, Stopped," which tell me something was blocked, I suppose, but not the intended IP or website name. Thanks, AEL-MB-log.txt
  6. I know we see the Website address or IP in the pop-up, realtime, if Malwarebytes blocks an attempt by my PC to attach. But it sure would be great to have this info in the logs, too! From looking at my Protection logs, I can see that from time to time, there is an attemt to connect, which Maywarebytes blocks and logs, obviously, but there's no info as to WHICH site has been blocked! Or is there, really, and I just don't know where to look? I'm trying to figure out if the re-occuring blocks are to the same site or is something else going on. Scans by Malwarebytes and another piece of software don't show any anomalies, so SOMETHING just lays in wait and attempts to connect, on some unknown schedule. I do see that my taskbar menu for Malwarebytes is asking if I should add "www rubyroyalads com" to my Exclusion List, so I'm thinking this must be one of the guilty parties, but I don't see that name in any logs. Does Malwarebytes in fact log IP's or site addresses, or can I enable it somewhere, if not? Malwarebytes Home Premium 2.1.8.1057 database version 2015.7.5.4 Windows 7-64 Home Premium SP 1 Intel Core i5-3570K 3.4GHz 16GB RAM
  7. Within the last couple of weeks, I have seen a recurrence of the threatware "Security Center 2012" and the only way I could get rid of it was to replace my entire C: partition. It had been recurring sporadically and I could not determine the circumstances until I decided to turn on Website Blocking via my copy of MalwareBytes. Sure enough, within a couple of errors, MalwareBytes popped up a message that it had blocked an outgoing attempt to 91.196.216.64 ...something in the Russian Federation. As long as I left the blocking on, the "Security Center 2012" has not returned. HOWEVER, I noticed that the blocking message comes up whenever I log into ANY of my WordPress installations' admin areas on JustHost. ALL (10) of my sites cause this. I can use either IE8 or FireFox and still get the message. Not only that, but I can log into them from my wife's computer (behind the same home router, of course) and STILL see the problem. I DO NOT see the problem if I log into the admin area of Wordpress installations I have on other hosts. If I turn off blocking, NOTHING appears to happen, but soon after, the "Security Center 2012" is back. The support people at JustHost have scanned my account and see nothing wrong. I have downloaded the installed code and scanned it with MalwareBytes plus 4 other antivirus/spyware software, but found nothing. The same for my local computer. This sure looks like something on JustHost servers that's causing the problem. Any suggestion how to prove this one way or the other and get them off their behinds?
  8. MalwareBytes is blocking outgoing attempts. These happen just after midnight, three attempts a couple of seconds apart. I'm trying to figure out the source of the outgoing attempts (to Russian site 91.196.216.64). Scan doesn't seem to see anything unusual. DDS.txt Attach.txt Microsoft Security Essentials, with latest update, found 5 Exploits. The details screen for each is attached. I allowed MSSE to quarantine these files:
  9. I've had a few incidents of the "Microsoft Security Center 2012" intrusion software and removed them by copying my entire partition from a backup - it seems to be the only way I can stop this garbage once it starts. But, it returns every few days. I finally decided to turn on the realtime protection in my Malwarebytes Pro and, sure enough, the very first night it nailed an attempt by something on my computer to attempt to access a site somewhere in the good ol' USSR. Three attempts at 00:30hrs, five minutes apart. My Malwarebytes (updated) scan doesn't see anything suspicious on my computer. How do I find the source of the attempted communications?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.