Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by ausgumbie

  1. Ahem! Sorry about this but I seem to have jumped the gun a little. I've just now got an invite to upgrade to I've done it and I'm scanning with it. Again, sorry 'bout this. All good now. ? Cheers ausgumbie
  2. Hi all I have one of those Premium versions of Malwarebytes that is enduring. That is it never expires. My wife has a free version and recently upgraded to a newer version which I assume is My present version is and I haven't had any popups or notice on the app. about upgrading to the new version. What can I do? Cheers ausgumbie
  3. PS The reason for the removal of editing facilities is interesting! In Australia too, we seem to be needing to keep a certain "alertness" in that area. Pity! It doesn't seem a time where the internet is a place to "play nice". Cheers ausgumbie
  4. Hi Ron, Yes, I had seen it, but my thanks for posting this particular link, because it's another piece of info in the chain that may eventually reveal what's going on. I'll keep following. Cheers ausgumbie
  5. Change to General PC noted - many thanks. BTW - Is there a way to edit or delete posts ourselves? Cheers ausgumbie
  6. Gaah Prunes! Sorry all - I didn't read my OP. ?. Mods, would you mind deleting my second post as it's simply repeating the first. (That'll learn me!) Cheers ausgumbie
  7. Hi all I write from the Land Down Under, Queensland, Brisbane. I'm currently enjoying a large number of internet outages. For fellow Aussies, I'm with Telstra. Technology = NBN-HFC. Arris CM8200 modem, Sagemcom F@st 5355 router. Fellow Aussies would suggest the outages are caused by one or more of: NBN upgrades (possible - they've been flagged), Telstra (no further explanation needed), or F@st 5355 router (no further explanation needed). In the router log, I and others have noted a frequently-appearing Error Message, viz: "DNS name resolution failure (canonicalizer.ucsuri.tcs)" On a very few places online this connection is discussed, the connection between Windows 10 SmartScreen and canonicalizer.ucsuri.tcs is confirmed but no one is able to say more than that. canonicalizer.ucsuri.tcs is NOT a registered domain. So, I'm searching for info... A respondent to a Ten Forums thread (https://www.tenforums.com/antivirus-firewalls-system-security/118347-any-win10-smartscreen-canonical...) I started on this point directed me to a German article: (https://www.gameindustry.de/hints.php). The section on SmartScreen seems to read (my translation - I have some German - based on Google Translate and Collins Online): Microsoft SmartScreen: Behind the introduction of SmartScreen as a protective function in Windows against "potential threats" hides a [stupid]* telemetry service. Microsoft SmartScreen turns itself on during each installation of a program and asks the user if he/she really wants to install a program. In the background three addresses activate themselves for this purpose. 1. checkappexec.Microsoft.com 2. t.checkappexec.Microsoft.com 3. canonicalizer.ucsuri.TCS If something is installed from the Windows Store, the "licensing.mp.microsoft.com" activates itself in addition. While the "licensing" address does make sense in validating product keys, Smartscreen directly [passes on]* recorded data from the user's computer in relation to installation directories, installation time, language settings, what will be installed where, operating system / version, location, unique user ID, settings for created group policies and much more. These three addresses from Microsoft SmartScreen (besides the mentioned licensing) are also entered in the hosts file and thus prevent unnecessary disclosure of things. A win-win situation for both sides, because in addition to [the host’s] own privacy and Microsoft's server will also be protected. (Caption to pic) Microsoft Smartscreen Telemetry With SmartScreen, Microsoft not only gets a precise insight into folder structures, but can theoretically get an overview of any user interests. [It gets that gratis]* with each click on an exe file being installed. An excerpt prepared here as a screenshot. Contents vary little for these three addresses listed. *NOTES: [stupid]. The paragraphs don't seem derisive of Win 10/SmartScreen. So, I'd understand "stupid" here as "simple, unsophisticated"; i.e., the telemetry service is something of a blunt instrument. [passes on]. My interpretation of "SmartScreen gibt ... weiter". [the host's] own (privacy). My interpretation of "eigener (Privatsphäre)". [It gets that gratis]. My best understanding of "Das umsonst ..." Any additional info - guidance most appreciated. ausgumbie
  8. Hi again Porthos OK, compatibilities cleared, files and folders added to Norton's "Items to Exclude from Scans" and Clean and Reinstall done (and updated). I restarted the laptop and can report success. All real-time protections are enabled. I chose "Scan for rootkits" also in settings but have left "Enable self-protection module early start" as I'm not entirely sure what it does. If I remember rightly something I read, choosing this causes a one-time delay in self-protection but I'm not sure. If there's an advantage to enabling it, I'll do that. I've kept the Clean log. Would you like me to post it? I'll express my sincere gratitude at this point, because it's wonderful to be back in action again. The Windows 10 Fall Creator's Update has been giving me enough to moan about with the changing login picture and other silliness I note other users are also suffering. Cheers ausgumbie
  9. Hi Porthos, I haven't abandoned you or my request. I've been traveling and have a few things to keep me busy before I can settle back to wrestling with Norton. Meanwhile I was intrigued by your comment: I'd chosen Norton based on reading a number of online reviews (usually the same sources each year) which placed Norton 360, later Premium, in (if not always at the top of) the top 5 AVs. I've been a Norton customer for years on this basis, breaking off at one period when their reviews were bad. So, I'm not loyal to Norton - I'll be loyal to whatever gives me optimal protection. But I'd never thought of WD as a strong AV. I'd be curious to know what you see as "unattractive" about Norton and what you feel makes WD attractive. Norton costs, WD is free and you've always got to watch that you don't tell Norton to 'automatically renew' a subscription as happened to my wife several years ago. Also, I'd go WD + MBAM if it gave comparable protection and avoided the sort of conflict that seems to be plaguing me now. I also like MBAM's popups that tell you why a certain page wasn't loaded - can't get that without Realtime protection. And that often occurs on pages Norton throws up no objection to. I've also been increasingly unhappy (along with a number of others I gather) about the way Norton Account doesn't clearly show the number of seats you are using your product with (e.g. https://community.norton.com/en/forums/accounts-devices-missing-device#comment-7482141. and https://community.norton.com/en/forums/where-has-my-services-link-my-norton-account-gone.) Granted, that has noting to do with protection. The other thing I felt unhappy about was that now you have to be online to "comprehensively" scan with Norton. I'd like to scan my detachable hard-drives, but won't do so online. So, I'd certainly value opinions and arguments here. Please pm me if you feel uncomfortable about commenting on the thread. Cheers ausgumbie
  10. Hi Porthos, Need to break off here (family demands). I'll return later tonight or tomorrow. Just two questions. After the Clean install, I assume MBAM will still recognize a lifetime licence as being in my name? And, anywhere I can get help on adding exclusions to Norton Premium? Can't find, on brief explore of NP, how to do this. Till later, then. Many thanks ausgumbie
  11. Thanks Porthos Herewith the mb-check-results zip. A note. I downloaded the FRST and check exes to a usb on my second laptop (running Ubuntu 16.04), transferred them to the affected laptop and did the scans there. (Then, by usb back to the Ubuntu laptop to connect with you). FRST naturally reported it "could not update" as the affected laptop wasn't connected to the internet (see orig post for why I'm reluctant to conect as yet). So the FRST scan is done without the latest updates. If that causes issues, obviously let me know. cheers ausgumbie mb-check-results.zip
  12. Hi all I have a 1 lifetime Anti-Malware license for PC which I got back in the day. It's dutifully upgraded over the years, most recently 7 November, when I got version I'm runing Windows 10 Home (Build 16299) and Norton Premium. Today (Sat. 18 Nov) was a big day for updates. I got a Windows update, Adobe Reader 11 (and changed it for Acrobat DC), 100 MB of Norton - I think that's it. At one point my Outlook 2013 client (I was online at the time) got fed up with working and disappeared. (I mean its open windows did - its icon stayed on the taskbar and kept launching textboxes at me when I asked it to reopen saying no, it wouldn't). It was about then I noticed the orange popups in the lower right corner screaming there was no realtime protection. I had recently clicked accidentally on a link in an email I distrusted and, although nothing happened except the Microsoft "something's-happening" wheel rotated for a bit, I've paranoically worried since I've thereby downloaded spyware which will call back to mother next time I go online. I've done a compatability check, repeated scans in and out of Safe Mode. Found nothing - changed nothing. I'm only unable to turn real-time protection on. All other settings except Delay real time protection ... I've turned or left on. I'm writing this from another laptop. So, long story short, help??? ausgumbie
  13. Hi all Just came across the thread below (Not sure if what's now displaying was meant to happen - I just pasted the url and ... ). Anyhow, thought I'd start a new thread rather than tag onto the previous. My experience seems similar to the other thread's OP. I was researching an apparently innocuous topic (ancient Greek roads in Attica). I started exploring links from a page (A GIS-BASED STUDY OF ATTICA) on the bordersofattica.org website. The further pages I tried to access, I assume, were all in that website. MBAM threw up a number of Malicious Website Blocked alerts. I checked these and found only one IP address* referenced (* although there were a number of blocks. I checked that address (on Central Ops net). That didn't enlighten me. Then, possibly like thais, I googled the address. This produced many links, one of which was "The Anti Hacker Alliance fights against". I clicked on this link, and first came to (I've left off the http bit deliberately) "//anti-hacker-alliance.com/index.php?ip=". That page seemed to load successfully, but then it suddenly 'flipped' to a page "//www.validome.org/lang/en/get/". At this point I think MBAM again threw up a couple of popups announcing further blockages. (On VirusTotal, Yandex Safebrowsing called the "Anti Hacker Alliance" a Malware site. The "Validome" url had no bad reports). The flip to the "Validome" page worried me as further googling didn't seem to establish a connection between "The Anti Hacker Alliance" and "Validome" so I don't know if this was a valid redirection. I'll attach a (composite) screenshot of the "Validome" page below. I gather MBAM thought loading the "Validome" page was an attempt to access the malicious site. I looked at the protection log again (an MBAM threat scan had been running at the time) and noted there were 3 "outbounds". There had been 2 when I first checked after noting the alert popups, but I subsaequently re-launched the "Validome" page from Firefox memory to get the screenshots. I've kept the Threatlog and Protection Log if they're needed. Help appreciated ausgumbie
  14. Hi all This has been pointed up in other places but it probably doesn't hurt in the retelling for any upgrading to Windows 10. I received this from staysmartonline (Aust. Govt.) to which I subscribe: "Fake Windows 10 update leading to ransomware attack: Alert Priority High Ransomware disguised as an installer of the new Microsoft Windows 10 operating system is encrypting Australian user and business computers. The ransomware resides in an email that claims to be from Microsoft which offers a free upgrade to Windows 10. The email contains a zip file attachment, which contains a program labelled as the Windows 10 installer. However, if you run this program, it will encrypt any important files, including Word documents and photos on your computer. If you receive an email offering a free upgrade to Windows 10, we advise that you delete the email and do not open it or any attachments. Windows users interested in upgrading their computer can register via Microsoft’s official website. Windows 10 updates will then be facilitated by a program on your computer, not via an email offer." And so on. The word is certainly out there although some (like me) twig to it a bit slower than others. This post is for them. See, e.g.: https://www.google.com.au/?gws_rd=ssl#q=windows+10+ransomware+alert Cheers ausgumbie
  15. Thanks William Good to be back. Cheers ausgumbie
  16. I just thought I’d post the following anecdote in case others are having similar experiences. The effective procedure in my case was to go away and have another go later. I had received Marcin Kleczynski's email (in November) about the need to force a change of forum members’ passwords due to a hack. I went online to check that this email had been bona-fide (and, of course, found I wasn't the only one doing this). However, I didn't change my own password at that point. (I maybe should have!). But, all this was promptly forgotten among the distractions of Christmas. So, when I tried to log in to the Forums Dec. 30, about midday, local* (*Brisbane, Aust.) time, I found I couldn't. After a few attempts and getting the message that my account would be ‘locked for 12 minutes’, the penny finally dropped. I then went through the ‘forgot my password’ routine, first using my email address, and again a little later using my login. On neither try did an email come instantly (as the automatic message had suggested was ‘usual’) or within the 10 minute timeframe likewise suggested. I wasn’t sure whether this is an issue of 'communication delayed' (by whatever) or just no communication at all. The time of year had to be some sort of factor and there was no need to imagine anything more sinister. As to what was (presumably) out there yelling: ‘Aaaaagh, I can’t do this!!!’ my imagination was spoiled for choice: the Forums’ software, the internet, my IP, Hotmail, Outlook, Firefox ...? So, nothing else coming to mind, I made an online submission [Dec. 30, 06:43 PM Brisbane, Australia] via a ‘Consumer Support Form’ on malwarebytes.org, explaining my situation and asking if my message could be passed on somehow to a moderator in the forums area. Today, about 09:30 AM Brisbane time, and feeling lucky, I gave the ‘forgot password’ routine yet another go. I made ‘captcha’ do its audio thing this time and, after successfully submitting and a few minutes’ wait, hit Outlook’s ‘Send-Receive All Folders’. To my relief, the hoped-for email appeared this time and I was able to change my password painlessly, and – self-evidently – I’m able to access the Forums again. Cheers and Happy New Year, ausgumbie.
  17. No issues with the computer in general and I'll start on the cleanup below. However, over the last two days, I've noticed that it takes an inordinately long time to connect with the Malwarebytes forum, and of course this thread. (Obviously, this page has loaded now). I've also been trying to get into the message area and it just isn't loading. (i.e., the loading circle on the Firefox tab has going round and round for ages but no page.) This isn't happening with other internet connections - or the main Malwarebytes site - just the Forum site and any pages connected with it. What I'll do, unless this rings bells with you and you want to look at it here, is keep going with the cleanup as above for the issue we've been dealing with here, and maybe start a new thread with the issue of Forum "slow-loading" in case others are experiencing it. Cheers Howard / ausgumbie
  18. Hi Ron I gather you don't need me to do another "FRST scan log" with the DeQuarantine having worked? If not, then everything seems fine otherwise at my end. I'd just again add my sincere thanks for your help with this. Aside from fixing a problem, it's taught me a heck of a lot and so I do indeed value the time you've spent with me here! All the best, Howard
  19. Hi Ron I responded to your post above before reading your P.M., but fingers crossed, I've done things right this time. I dragged the CFScript.txt over Combofix (this time offline) and Combofix ran only for a very short time and produced the report below. I've checked the locations referred to in the report and the three files are, yep, now back in the "C:\Program Files (x86)\SecureW2" location with the "SecureW2\Uninstall.lnk" likewise on the "Start" programs. If this is OK so far, will I now move on to the process in your P.M.? Thanks Howard DeQuarantine.txt
  20. Quick addition (image) - "files still in quarantine" - cheers, H.
  21. Hi Ron Many thanks. Have just run Combofix with CFScript.txt. Just a couple of things: (1) I dragged-and dropped the script file onto Combofix and ran Combofix; BUT (2) Combofix then asked "did I want a more recent version" which I allowed (not being confident to deny it) and just let the scan proceed. I mention this as I don't know whether the update might have overwritten your script wholly or partly. I haven't repeated the drag-and-drop and re-run Combofix so the log file I attach is from the one scan. Hope I've done right cheers Howard ComboFix.txt
  22. Thanks Ron Attached (I hope) C:\Qoobox\ComboFix-quarantined-files.txt. Cheers Howard / augumbie ComboFix-quarantined-files.txt
  23. Hi again Well, eduroam works too. I suppose the only two ways I can find out if they need to be restored is (a) research online or (b) ask the uni IT helpdesk. The second option may not be as profitable as you might think. I've no idea as to the credentials of the staff there many of whom could be students earning a bit of pocket money for all I know. But they're two options. My immediate suspicion is, from the names of a couple, that one or two at least - maybe all - have to do with uninstalling eduroam, a function I'd certainly not want to remove. So - keep or remove? Would you mind if I checked this a bit further and then decided? One thing I'd ask you is, could they be false positives? Or from your experience, does ComboFix usually tend to zero in on malicious files? Cheers Howard / ausgumbie
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.