Jump to content

Double

Honorary Members
  • Posts

    47
  • Joined

  • Last visited

Everything posted by Double

  1. Hi, I've been visiting this site for years, and woke up today to find it blocked.. had to have happened Feb 7. Could someone please look into this? hxxp://www.gamebanana.com/
  2. Hi, I've recently installed 3.0.5 and have been having troubles with my system. Many of my 'startup' applications no longer run after a reboot (e.g. and are missing from the toolbar). A couple of these programs refuse to stay running, shortly after opening them. The anti-exploit module is broken, and the MBAM system tray icon is missing. I've uninstalled MBAM, and while many of the startup applications are opening normally again, a couple of them have not.. which suggests that 3.0.5 did something that I have no way of knowing how to fix. I did performed 'sfc scannow' and it turned up normal, so maybe there is some hope is fixing this? In the meantime, is there a trusted source where I can download a previous version of Malwarebytes? Is there an archive somewhere? I'll take anything that's recent from 2.0 if possible.
  3. Okay, thanks for your help.. that was easy I'm kinda weary about the Anti-Exploit stuff that remained, still seemed to have its claws in the system
  4. I hit Ignore and it installed :] but umm.. what did i just do?
  5. I didn't click that, because it said it wasn't a recommended option.
  6. I'm on 3.0 and tried to manually update to the latest version, but I got the error message in the first screenshot while trying to install it. I then uninstalled Malwarebytes, and got the same message while trying to install it again. I read somewhere that I should delete the mbae64.sys file in C:\Windows\System32\drivers, then to try installing it again, but I can't (see 2nd screenshot). Apparently the file is being used by something, but I can't identify it in the Task Manager. I'm running as administrator and even restarted.. nothing helps. I looked inside the Program Files\Malwarebytes\Anti-Malware folder and there is this mbae.dll file inside (3rd screenshot). I had Anti-Exploit installed before 3.0, but after 3.0 I don't know why this file is still exists. My system has been acting wonky ever since this went down.. some programs will open, but won't stay running. Please help.
  7. You could at least try to hide your jealousy.
  8. Thanks arturt.. although the sticky says otherwise, i still appreciate your help. It may even help the staff
  9. Hi, I visit a certain forum occasionally, and usually when i do, i run across a blocked connection to 'yuq.me'. What is it, and is it a false positive? This (hxxp ://www. theisozone .com/forum/viewtopic.php?f=38&t=30007&p=241106&hilit=download+cloustores#p241106) prompted the website block. It links to a thread at The Iso Zone (www.theisozone.com), a friendly emulator community site/forum. By the way, have an adblocker ready just incase.
  10. Thanks Spud for sharing that link, it was really interesting. I do have a question though, if you've got a PC with 80,000 images on it, and Malwarebytes said everything was clean, is it considered safe? I use Visipics to separate duplicates, and of the dupes it occasionally finds, the differences i find in some of these images are only related to bytes (KB/MB), not dimension or filetype. I always keep the images with the larger byte size because i feel like I'm saving the original file, keeping in mind that they might have been saved as PNG and re-converted by some as a JPG.
  11. I'm confused.. isn't the IP address the same as the domain? OnCelebrity is just a celebrity picture site, i don't see how anybody can experience fraud there..
  12. Is this a false positive? MBAM seems to have blocked this IP multiple times in one visit attempt. Found at http://oncelebrity.com/ , doesn't seem like a bad site. Posted log below: Update, 6/4/2014 12:29:57 AM, SYSTEM, FONTAINE, Manual, Malware Database, 2014.6.4.1, 2014.6.4.2, Protection, 6/4/2014 12:29:59 AM, SYSTEM, FONTAINE, Protection, Refresh, Starting, Protection, 6/4/2014 12:29:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Stopping, Protection, 6/4/2014 12:29:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Stopped, Protection, 6/4/2014 12:30:27 AM, SYSTEM, FONTAINE, Protection, Refresh, Success, Protection, 6/4/2014 12:30:27 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Starting, Protection, 6/4/2014 12:30:27 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Started, Detection, 6/4/2014 12:47:56 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57685, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:56 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57686, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:57 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57685, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:57 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57687, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:57 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57688, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57689, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57690, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57691, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, (end)
  13. Still, couldn't MBAM do a better job of differentiating a change made by the user, and one made by malware? I'm glad that it is at least labeled as a 'PUM', but this only appears on MBAM 2.0, and isn't as helpful to the less savvy. For the longest time, I had been lead to believe that I was infected with a malware that was extremely conniving and hard to kill, 'jumping' from new installation to new installation, when the real cause was actually customizing the interface every time i setup one these 'new installations'. If i could have been given that answer a lot sooner, i would not have reinstalled my system as many times as i have.
  14. I unhid 'Computer' from the start menu, then unquantined what MBAM found, then restarted. On bootup, 'Computer' was hidden again (the way it had been before MBAM quarantined it), this confirms that the user hiding 'Computer' from the start menu is certainly a false positive. I can also see how malware might want to fool around with it.
  15. I asked the question and posted my log over at the Xplorer2 forums, and discovered by a user named Kilmatead that the PUMs were actually related to hiding 'Computer' from the start menu. The question I have now is, what should i do with the quarantined item? I've already hid 'Computer' twice now.. wouldn't MBAM find this PUM again?
  16. I am beginning to think the same thing, but how do i know that it's okay to release back into the wild? I've been using the product and it seems to run fine as it is, but I'm wondering if the PUM has since been reapplied. I may do another scan to check. I attached the MBAM log and a screenshot indicating that the 'Windows Explorer replacement' feature is currently enabled. No idea if this PUM would have appeared if i had not asked it to replace Windows Explorer during the install. log.txt
  17. Hi, i recently reinstalled my system to refresh some things, i do this occasionally. Before I reinstalled I did a scan with MBAM, everything came up clean. After reinstalling all my programs on the new installation, i received a notification from MBAM that it had found 'PUM.Hijack.StartMenu' during a routine scan. The programs I installed were from their official sites, others using Ninite (https://ninite.com/). I then decided to download a paid app called Xplorer2 (http://www.zabkat.com/) which I have abandoned in the past, because i thought it was the cause for a "Hijack.Drives" i caught long ago. For those unaware, Xplorer2 is basically a Windows Explorer replacement. I am beginning to think Xplorer2 is the same reason for the 'PUM.Hijack.StartMenu' i just caught. There is a setting inside Xplorer2 which allows you to make Xplorer2 the 'default' explorer, which does have to make necessary changes to the registry in order for the app to trigger in place of Windows Explorer. I'll attach an image of this feature and the MBAM log in the coming hours. What do you guys think? Is this a legitimate find, or should i un-quarantine it from MBAM if it's needed for Xplorer2? 'Hijack.Drives' is likely to similar to 'PUM.Hijack.Startmenu', just sounds slightly different because of the new MBAM 2.0 interface.. but i could be wrong. I found this little bit from Malwaretips.com:
  18. Sorry i think I've misunderstood this part, what you are trying to say here? source code? how to search with the jpg extension? real time? Thanks, I'll keep that advice in mind.. but it's hard to believe it was designed to be run that way only. Ever since I got caught up in the Internet Security 2010 malware years ago, it sorta conditioned myself to enter safemode by default. I laugh at the infection now, but it was scary back then. I should also mention that in the past, I have found additional infections in safemode that otherwise would not have been found in normal Windows.
  19. Google recently made changes to Gmail, they now host content sent from every email. It's probably impossible for them to host every image on Google Images, considering how expansive the World Wide Web is. Another thing worth noting, pictures of all kinds can trigger these IP blocks, but you've got to know where to look, and it helps to be specific (e.g. 'Siberian Husky' instead of 'Husky'). Using the sites' Reverse Image technique on a local image on your computer can reveal sites that trigger IP blocks too.
  20. re-wording this.. adult content/women/etchard-to-find, raritieshigh resolution (usually up in the 2000x1500px range and higher)
  21. Searching for adult content related to sexy women or those hard-to-find images, or even high resolution images are the biggest triggers. I'm not infected, a full scan in safemode normally says I'm clean. Aside from a couple random webpages, the IP blocks I receive have only ever happened inside Google Images, I hardly get them anywhere else, and I'm generally a safe surfer--only sticking to sites I know can be trusted using Web Of Trust (WOT). Will post a log, but I'm gonna wait until I come across another IP block, I'm trying to avoid them.
  22. I'm trying to figure out why Malwarebytes blocks so many IPs when browsing through Google Images, it's a hotbed for IP blocks. I understand the pics all lead to different sites, but why does Malwarebytes block an IP address if the website hasn't even been visited yet??? I haven't tried Bing or Yahoo's images search engines, but I'd imagine they act the same. If you go to http://www.google.com/imghp, search for something and open up a preview on some photo, you've literally got a 25-50% chance of receiving an IP block. It's that ridiculous.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.