Jump to content

ronzie009

Honorary Members
  • Posts

    30
  • Joined

  • Last visited

Everything posted by ronzie009

  1. Blocking msedge and chrome from accessing *.google.com, no problem with firefox or thunderbird so far. MBAM 4.5.14.210 Update package 1.0.60359 component package 1.0.1767 Edge Version 105.0.1343.42 (Official build) (64-bit) Chrome Version 105.0.5195.127 (Official Build) (64-bit) Windows 10 Home Version 21H2 Build 19044.2006 Windows Feature Experience Pack 120.2212.4180.0 edit 2: Also blocking Tweetz v2022.2, a desktop Twitter app
  2. There's no domain because MBAM isn't logging it, it just reports the ip address it blocked. Here's an example: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 4/26/21 Protection Event Time: 1:41 PM Log File: b352b1ee-a6b6-11eb-a3ff-001e37255085.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1273 Update Package Version: 1.0.39819 License: Premium -System Information- OS: Windows 10 (Build 19042.928) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Private Internet Access\pia-service.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: IP Address: 191.101.31.36 Port: 0 (No malicious items detected) Type: Outbound File: C:\Program Files\Private Internet Access\pia-service.exe (end) I've attached a screenshot of the MBAM Detection History Screen, taken a few minutes ago. Unless there's some way to automatically aggregate all of the blocked connection attempts that's all you're getting, because I've got better things to do than sit here for umpteen hours clicking the "export" button to generate a list of the blocked ip addresses.
  3. Same thing here. The service apparently "pings" or otherwise establishes contact with a large number of ip addresses in order to route vpn connections as efficiently as possible, and does so even when you don't actually have a vpn connection active. There are too many addresses being blocked by MBAM to make it practical for me to post them all, or to add exclusions for them. The folks at PIA claim they have no idea why MBAM is flagging these addresses, and suggested adding the whole "C:\Program Files\Private Internet Access\" folder to MBAM's exclusions, as well as various sub-folders and executables individually, but this doesn't seem to have any effect on MBAM's website blocking process, it just doesn't bother scanning those folders or files for malware anymore. It's REALLY bad today, and the only way I can get MBAM to stop is to shutdown the pia service or turn off website blocking.
  4. Requested file attached. Dxdiag run as administrator in RDP session on server machine. MBAM 4.04 installed and running. 2019-11-12_DxDiag.zip
  5. I was also using RDP and have an AMD card. When I access the pc directly with a monitor/keyboard/mouse connected to it MBAM 4 works fine.
  6. Requested files attached. Note; I have downgraded MBAM to v 3.7.1.2839 so that I can still have protection while connecting to the internet. 2019-11-07_001_MBAM_Troubleshooting.zip
  7. Running FRST.exe produced this error box: "AutoIt Error: Line 10191 (File "C:\Users\ron\Desktop\FRST.exe"): Error: Variable used without being declared." FRST.txt attached, there was no Addition.txt The interface opened in safe mode, the only error was about not being able to contact the license server. FRST.txt
  8. After installing MBAM V 4, a box appeared that said "loadlibrary failed with error 87 the parameter is incorrect". I right clicked on the MBAM icon in the tray and selected "open Malwarebytes" and the same error box popped up. I rebooted, tried again to open MBAM, and got the same error. I downloaded and ran the MBAM troubleshooter, had it clean uninstall MBAM and reinstall, but I still get the error. Files generated by MBAM troubleshooter attached, except for the license key. mbst-clean-results.txt mbst-grab-results.zip
  9. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/30/19 Protection Event Time: 7:56 PM Log File: a50cae72-b325-11e9-af20-001e37255085.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11788 License: Premium -System Information- OS: Windows 10 (Build 18362.267) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Malware Domain: www.googletagmanager.com IP Address: 172.217.26.8 Port: [7068] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)
  10. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/30/19 Protection Event Time: 7:33 PM Log File: 7e3a5270-b322-11e9-910c-0026228a0caa.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11788 License: Trial -System Information- OS: Windows 10 (Build 18362.239) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Malware Domain: settings-win.data.microsoft.com IP Address: 20.36.218.63 Port: [58792] Type: Outbound File: (end)
  11. Does this mean that this file installed malware on my pc when I ran it five years ago? Malware that neither Windows Defender or MBAM can find?
  12. After a regular scheduled quick scan today, 21 installation files in my Downloads folder were flagged by MBAM as either PUPs or Malware. These files have been there for various lengths of time and never been flagged bad before. They were all originally downloaded while MBAM real time protection was running and not flagged, and I scanned every one of them with MBAM after downloading them and they were not flagged then, so I think it is extremely unlikely that they are dangerous now. I have attached the report, but due to the large number of files involved I have not attached them. 2018-10-06FalsePositives.txt
  13. Same thing here when trying to let VLC update itself. I downloaded the VLC install program from the VLC website, scanned it with MBAM which said it was OK, and manually upgraded with no problems. I think MBAM is somehow seeing the automatic upgrade process as an exploit. Here's the log from the exploit action: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/1/18 Protection Event Time: 6:38 AM Log File: 1e47ec42-add3-11e8-a0fd-001e37255085.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.421 Update Package Version: 1.0.6595 License: Premium -System Information- OS: Windows 10 (Build 17134.228) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: VLC Player Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: D:\tmp\vlc-3.0.4-win64.exe URL: (end)
  14. Wow, just found this article about it: https://arstechnica.com/information-technology/2018/02/salon-to-ad-blockers-can-we-use-your-browser-to-mine-cryptocurrency/ They never gave me the option to turn off my adblocker, though, as the linked article above claimed they would. MBAM just started blocking it in the last day or so, as far as I can tell, but I don't go there regularly so I can't say for sure when it started. Thanks for the swift reply!
  15. MBAM blocking salon.com for riskware, program claims to be up to date, results from MBAM support tool attached. mbst-grab-results.zip
  16. VirusTotal shows MBAM as the only positive (1/67) on this file. I don't know exactly when this file was installed because the latest Windows 10 update caused the add/remove programs control panel to now show the date of the update as the install date for all applications installed at that time. Windows 10 Home version 1803 OS build 17134.1 2018-05-04_scan_report.txt rpcapd.rar
  17. My copy of MBAM claims it's current, yet I'm still seeing these blocks. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/17/17 Protection Event Time: 9:32 AM Log File: 307405b6-cba4-11e7-8ceb-001e37255085.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3282 License: Premium -System Information- OS: Windows 10 (Build 16299.19) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: gn.symcd.com IP Address: 23.50.75.27 Port: [15502] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/17/17 Protection Event Time: 9:32 AM Log File: 30882a3c-cba4-11e7-ac33-001e37255085.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3282 License: Premium -System Information- OS: Windows 10 (Build 16299.19) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: gn.symcd.com IP Address: 23.50.75.27 Port: [15502] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/17/17 Protection Event Time: 9:37 AM Log File: dc32fab0-cba4-11e7-93f2-001e37255085.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3282 License: Premium -System Information- OS: Windows 10 (Build 16299.19) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: ss.symcd.com IP Address: 23.54.187.27 Port: [15631] Type: Outbound File: C:\Program Files (x86)\Internet Explorer\iexplore.exe (end)
  18. I have chrome.exe running in the background all the time because I use some chrome apps, like gmail notifier and hangouts. I wonder why mbam started blocking this today? Is there some way to see the update history and the current definitions version number? DOH! Just found update number on "About" tab! 1.0.1403
  19. The data should be in a viewable report, it is on mine, although the extra steps just to get the ip address are annoying, they should have a way for you to copy it to the clipboard from the popup.
  20. Well that explains why reverse DNS lookups are failing!
  21. When I right-click on a folder and choose "Scan With Malwarebytes Anti-malware", the results window that appears at the end of the scan says "Items Scanned: 0", even though there are files in that folder. MBAM Premium 2.2.1.1043 Windows 10 Home Version 1607 Build 14393.447 Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz 2.34GHz Installed RAM 8.00 GB System Type 64-bit operating system, x64-based processor
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.