Jump to content

Double

Honorary Members
  • Posts

    47
  • Joined

  • Last visited

Posts posted by Double

  1. I'm a regular at Tumblr and while browsing photos, I came across this Tumblr site; yasmimvaldez.tumblr.com. The site is Tumblr based (safe site), so why was an IP blocked? Is it safe that I visited this site five times to troubleshoot it? Is it safe to visit any link numerous times to troubleshoot?

     

  2. I'd like to know what it was, and how I re-caught it. The below also doesn't make sense, what is trying to make registry changes to my system? If you had this infection on your system, would anyone here have just left it alone?

     

    As for the scan that you got, well, I went looking in the registry, and it took me a while to see that your false key found is not HKCR\Drive\shell, which is a legitimate key, but insteadHKCR\Drive\shell| (note the | at the end of the word shell, making it look like 3 lowercase letter "L"s), which is most definitely not a legitimate key.

     

  3. Cannot figure out what this is or where it came from. I've reinstalled Windows over the find, and found it again after restoring to factory conditions. How is it reappearing? Is it a false alarm? I have no idea where it came from. I've been insisting that it could be related to the Chrome browser, but at this point I have no clue. Search engines barely pull up enough information on it.

     

    I've already removed the potential infection, but others have insisted I post over here for further investigation. mbam-log-2014-02-03 (00-29-45).txt.

  4. I am posting a log on the recent find. As mentioned I just barely reinstalled Windows over this. After downloading and installing Chrome again, it once again detected a settings change was made without my permission, but this has been happening to others users as well since January 31st. mbam-log-2014-02-03 (00-29-45).txt

     

    enabled Chrome extensions:

    Image Downloader

    Downloadr

    ScriptSafe

    Adblock

    Ghostery

    Web Of Trust

    KB SSL Enforcer

    Google Tasks

    Sexy Undo

    Lastpass

    Google Dictionary

     

    Windows apps

    Xplorer2

    Chrome

    Synctoy

    Irfanview

    Visipics

    Audacity

    VirtualDub

    7zip

    Dropbox

    Avast free

    MBAM Pro

     

  5. I just scanned my newly reinstalled system with MBAM once again in safemode, it found Hijack.Drives once again. I can confirm this is not related to the Photoshop key I found (it's not installed anymore since the wipe).

     

    I am beginning to think this is a false alarm of sorts, but I got to make sure. This has to be related to Chrome, it has to be. Does anyone have any relevant information as to what "Hijack.Drives" is??? Instead of referring me to different places, I'd like to understand what this so-called "infection" is before moving forward.

  6. I had no problem removing the "Hijack.Drives" infection w/MBAM, but I'm wanting to know what potential damage it did. The "hijacking" part doesn't sound like it was supposed to play nice. After removing the infection from within safemode, my MBAM icon returned to normal. That was really the only noticeable change this malware had.

     

    To be honest, I'm not really sure if Chrome had anything to do with this, i think the 'reset' message just coincided with something else.

     

    About a week ago I downloaded a 'Photoshop Creative Cloud' crack off of a shared Youtube link which consisted of a .zip file containing 2 .dll files which were to replace two other .dll files inside two separate Photoshop folders (one in the x64 bit folder and another in the x86 folder) which unlocks the program. I am beginning to think this may have been the cause of the malware, but I cannot say for sure. I do not condone my actions, but because the method looked so easy to unlock in the video, i thought it was way too good to pass up.

  7. Today, from out of the blue, my Chrome web browser notified me that: "Chrome detected that your browser settings may have been changed without your knowledge. Would you like to reset them to their original defaults?".... what just happened? I did some searching around, and found this news articlepublished within the last 8 hours.

     

    After reading suggestions by Google that I may have acquired malware of a sort, I decided to do a scan with Malwarebytes Pro in safemode. It found "hijack.drives" (attached), which it then prompted to quarantine. How the heck did this get on my system, and is it something I should be concerned about?? The name of the find itself doesn't sound very friendly, and the fact my browser settings was changed by some unknown entity has had me paranoid. I have no idea if this "hijack.drives" is linked to the Chrome problem above.

     

    A pinned listing posted today on the Google Chrome Forums state that the 'reset' message is related to Chrome extensions. I found another article posted today regarding cleanup written by the vice-president of engineering.

     

    Can someone help me make sense of all this? I don't quite know what to do. A lot of the extensions I use contain sensitive information, such as the Lastpass extension which contains all my passwords. I'm hoping that nothing else inside my browser was exploited except browser settings. I'm tempted to do a System Restore to reverse what has happened:

    post-119799-0-80092700-1391223419_thumb.

  8. Sounds promising.. I do believe the app may need a little time to mature though, I've read the reviews and the reception is somewhat mixed.

     

    The Avast! antivirus app also detects malware, and although I'm unsure as to how effective it is, it has had time to mature its databases. Another thing worth mentioning, running antivirus and MBAM side-by-side on Android is a bit overkill, and depending on the device, may be hard on system resources.

  9. What you've removed from the log is the important part. The rest of the log doesn't mean too much without it.

    If you think you may have an issue I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

    Thanks

    I've since reinstalled my system, but if I come across the tooltip again I will post the log. Is it better to attach or copy/paste? Is any data in the log sensitive?

  10. This must be common to every user of MBAM, because it happens to me occasionally. I have experienced IP blocks when browsing through Google Images, and I cannot figure out the why or source of it. The tooltip can appear in a couple different instances; search results, image upload search results, or after opening up a preview. Even more confusing, I am still on the Google's Images website when the tooltip appears, no potentially malicious websites of any sort have been accessed yet.

     

    I use a Google Chrome extension called ScriptSafe (very similar addon to NoScript for Firefox), which allows me to disable/enable certain Javascript. I've allowed Javascript all across the Google domain, but every other outside source is blocked. Regardless, I can still receive an MBAM tooltip regarding an 'IP block' of a malicious website, even though the javascript from the foreign domain is blocked entirely. I'm running Avast antivirus alongside MBAM, using Google Chrome.

     

    Here is a log from yesterday. I've replaced (potentially) sensitive areas with x's:

    2013/10/18 02:42:44 -0600 FONTAINE Double MESSAGE Executing scheduled update:  Daily
    2013/10/18 02:42:55 -0600 FONTAINE Double MESSAGE Scheduled update executed successfully:  database updated from version v2013.10.17.03 to version v2013.10.18.04
    2013/10/18 02:42:55 -0600 FONTAINE Double MESSAGE Starting database refresh
    2013/10/18 02:42:55 -0600 FONTAINE Double MESSAGE Stopping IP protection
    2013/10/18 02:42:55 -0600 FONTAINE Double MESSAGE IP Protection stopped successfully
    2013/10/18 02:42:58 -0600 FONTAINE Double MESSAGE Database refreshed successfully
    2013/10/18 02:42:58 -0600 FONTAINE Double MESSAGE Starting IP protection
    2013/10/18 02:43:01 -0600 FONTAINE Double MESSAGE IP Protection started successfully
    2013/10/18 12:12:34 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: chrome.exe)
    2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe)
    2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe)
    2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe)
    2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe)
    2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe)
    2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe)
     
    If you need more information, please let me know.
  11. I can't figure out why, but my MBAM logo suddenly disappeared completely out of the blue and has been replaced by the 'missing' icon. Why did this happen? It appears to only be an aesthetic problem because the program still seems to be responding, although it does seem to take time to bootup from a restart when looking at the logo from the system tray (it's gray for a few minutes before lighting back up again). Does anyone know how I might fix the missing logo? I'm beginning to wonder if my Windows Update has anything to do with it, it's always screwing things up.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.