Jump to content

OliPicard

Honorary Members
  • Posts

    38
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

1,968 profile views
  1. Confirming that I am also getting this detection. Backdoor.NanoCore, C:\USERS\USER\DOWNLOADS\RAZERSYNAPSEINSTALLER_DT_V1.0.67.89.EXE
  2. Dear Malwarebytes, This extention c9users.io hosts a multiude of user code and websites. The company that operates this site is C9.io recently acquired by Amazon Web Services. Any attempt to visit this site is automatically blocked. I am unsure why this is the case but it would be great to lift this ban so customers can visit there sites and pages. The IP address is 23.251.133.229 Many Thanks
  3. No. gstatic is for static content. (pages and scripts deployed by Google's content delivery network.) They are not "spying" on us and it's a perfectly normal url.
  4. any ETA on when this update will be pushed out?
  5. Malwarebytes should issue an update later today. Might be in a couple of hours. Until then you can add the site to an exception list to prevent the pop-ups.
  6. I believe Malwarebytes may have accidently blocked gstatic.com (Google's static CDN for webpages and services.) as such you may have difficulty getting access to the site.
  7. Realtime protection is blocking ssl.gstatic.com and www.gstatic.com. Logs Domain: ssl.gstatic.com IP: 172.217.18.3 Port: 64161 Domain: www.gstatic.com IP: 172.217.18.163 Port: 64160
  8. Just to confirm what I've mentioned above, I have just tested Malwarebytes on a Automated Virtual Machine running windows 10. I can confirm that after getting the install setup running, mbam setup creates two start-up icons instead of just a single shortcut. Both lead to the same software. This should be able to provide you with a good grounds of being able to recreate the bug in the lab.
  9. I should of mentioned that when you run the malwarebytes installer. It creates two shortcuts in the start menu. 1. Malwarebytes Anti-Malware Notifications 2. Malwarebytes Anti-Malware Both point to the same program and as such the 1st shortcut is not needed. In addition search Prioritizes Notifications over Anti-Malware which then results in the shortcut displaying what could be seen as a different program. Ideally I would advise removing the Notifications shortcut and keeping the old Malwarebytes Anti-Malware shortcut. This is something the end user can do if you don't have MBAM internal protection disabled, If you do then you will have to disable internal protection before removing the secondry shortcut file. As mentioned before the shortcut path and destination is the exact same as the normal Anti-Malware shortcut so deleting the 2nd one won't do any damage to your system.
  10. Dear Malwarebytes, I am running a Windows 10 machine, I have upgraded to Malwarebytes without issues in the past however today I have noticed that the shortcut name has changed from Malwarebytes Anti-Malware to Malwarebytes Anti-Malware Notifications. Upon looking at each shortcut I can see the path is the exact same. If I delete the shortcut Malwarebytes Anti-malware notifications shortcut the Malwarebytes Anti-Malware shortcut displays correctly. Please note I have done the following. 1) Run mbam-clean.exe 2) Ensured that the Operating System is reset (which has been done 4 times with the same end result being a bad shortcut.) OS type: 64 Bit OS Version: Windows 10 I believe that this new shortcut was created in-error by Malwarebytes. Just wanted to provide a quick bug report to hopefully get this fixed in newer versions :-)
  11. I can also confirm this bug is present in the latest build of malwarebytes, Malwarebytes opens up when the update schedule is triggered on boot, I've noticed other applications also having the same effect (Adobe Creative Cloud). I'm wondering if it's a new API implimented on MBAM and CC or a windows update that has broken the task scheduler's old tasks.
  12. Hey pbust, Many thanks for clarifying, It seems like GOG is bundling in the PDF reader without user concent. MAE is detecting the request as an expliot attempt. I have asked along with a couple of other users to get them to change the reader to an opt-in mode. For now i'll let MAE contiune to block the PDF reader as I have no use for it. Thanks again Oliver
  13. Hey pbust, sorry about that. I'm attaching the logs now. mbae-config.zip
  14. Hi Malwarebytes, Just wanted to give a quick heads up, I'm currently using a client from gog.com, The client bundles in foxit reader and upon installation of the game, the temp file foxitreader.tmp is blocked by MAE. Once a game has been downloaded using the client, the foxitreader.tmp file is executed however MAE blocks the file believing that it's malware. {WinDrive}:\Users\{user}\AppData\Local\temp\is-7O2RL.tmp\Foxitreader.tmp {WinDrive}:\Users\{user}\AppData\Local\temp\is-BHS5U.tmp\Foxitreader.tmp {WinDrive}:\Users\{user}\AppData\Local\temp\is-IRBBV.tmp\Foxitreader.tmp "Foxitreader.tmp has been blocked from executing though foxit reader." Just to say that this isn't malware and hopefully can be sorted out in the next update? Thanks Oliver
  15. Greetings Malwarebytes, I have noticed that the Battlelog Plugin has been flagged as a back door by Malwarebytes. Location: Backdoor.Bot.ED, Battlelog Web Plugins\helper.exe battlelog-web-plugins_2.6.2_157.exe (executable that i downloaded from the battlefield website.) Database Versions: Malware Database: v2015.02.19.07 Rootkit Database: v2015.02.03.01 battelog-web-plugins_2.6.2_157.exe has been scanned over at Virus Total: https://www.virustotal.com/en/file/825d7d5867c21bd23f8df180256ca5e60076c5f5e00c3069f6befff14e79c62d/analysis/1424368822/ helper.exe has also been scanned over at Virus Total: https://www.virustotal.com/en/file/8b60506b61d55beaa664c29e914ecf3e5fa4ffef25d211f937f61e4336fbb510/analysis/1424369136/ Note that these plugins belong to Battlefield's default plugins that allow players to connect to servers from Battlefield 3, 4 and Battlefield Hardline. The original name of the program was ESN Sonar however the studio has been aquired by Eletronic Arts and is now known as uprise.se
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.