StephenK
-
Posts
19 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by StephenK
-
-
50 minutes ago, thisisu said:
I realize this is a long shot, but just out of curiosity, do you have a program installed called "finPOWER Connect" by Intersoft Systems? It's a file I see that communicates with that domain according to this.
No, I don't have that program.
Given that StickyPassword was trying to access an outbound connection that wasn't expected, perhaps it was actually correct for MalwareBytes to block it as a phishing attempt?
-
3 hours ago, StephenK said:
Just to clarify, what exactly is that domain? It's not harmful?
I guess I'm also trying to understand why I would be redirected to www.equifax.com.au via Sticky Password at all? It's not a site I've ever accessed, and do not have it in Sticky Password. It didn't really make sense to me, which is why I thought that the alert from MalwareBytes could well be a valid block of a phishing attempt?
-
33 minutes ago, Dashke said:
Thank you StephenK for reporting this domain, the block will be removed.
Just to clarify, what exactly is that domain? It's not harmful?
-
1 minute ago, Porthos said:
For now, We will wait for researchers check the site.
Thanks for your help.
-
8 minutes ago, Porthos said:
Have you used the site and saved it in sticky password?
No I haven't
-
5 minutes ago, Porthos said:
Were you trying to access equifax.com.au?
No, not intentionally.
-
Hi there
Malwarebytes keeps blocking an outbound connection when using StickyPassword. MB isn't picking up any infections in my daily scans.
Not sure exactly what is going on here and what to do so would appreciate advice.
Thanks
-
1
-
-
23 minutes ago, aquarius62 said:
Did you find a fix for your issue or did you just turn off the scheduled scan?
I've turned it off until there's a fix. Not ideal, but it was driving me crazy.
-
21 hours ago, aquarius62 said:
I've been dealing with the same issue, finally pinpointed it down to a custom scheduled scan. It seems like after the scan is done running, I can't open any sites and get the dreaded "resolving host" or "waiting" as I try to load a page.
6 hours ago, aquarius62 said:Thanks for the suggestions. I'd also like to add that it affects all browsers on the machine and goes away after a restart. When I do the custom scheduled scan, it's just of the drive the OS is on. Not sure why a scan would interfere with my internet connection like this but it does.
I have had exactly the same issue. I used to have a scan scheduled for early in the morning so it would always run on start-up and always had caused the resolving host issue and slow internet. After reset, speeds are fine again.
-
Thanks very much for your help Kevin - it's very much appreciated.
-
Hi Kevin
I deleted the file last night and it doesn't seem to have any impact.
I think all is good at my end now.
Any thoughts on how I should beef up my security to avoid anything in future?
Thanks
Stephen
-
Hi Kevin
Ran AdwCleaner and have attached report.
One final concern I have is when I do a Rootkit scan with Spybot (report attached).
I suspect the majority of the files are harmless, but I'm I'm not sure about the hidden file mentioned first in the log (file details in capture attached).
Any thoughts?
Thanks
Stephen
-
Hi Kevin
I've uploaded 3 of the files you asked for, but I'm having some issues running the Screen317 program.
There seems to be some issue with the file path when I run it from the desktop, so I'm not sure that it is actually scanning, despite the fact it produces a blank report at the end.
In regards to the ESET finding, am I correct in assuming that these are not significant issues, since they represent a potential issue only if the software is installed - currently they are just downloaded files sitting in my directory. Should I simply delete them, or do they need specialist removal?
Not quite sure where to go from here with Screen317.
Thanks for your help
Stephen
-
Thanks.
Will continue as you suggested and see how it goes.
-
Will do - thanks for your help.
Out of interest, do you think I have a serious problem based on what you've seen?
I'd certainly consider reinstalling the OS if you thought that was the case.
-
Aplogies, missed one of the files
-
Thanks for your help.
I've also attached a list of the quarantined files from ComboFix
-
Hi there
Had a virus warning in Avast this afternoon: Threat: Rootkit: Hidden file (in C:\Windows\SoftwareDistribution\Dowload folder), which I accidentally deleted with Avast before having a proper chance to evaluate.
I am not getting any further virus messages in either Avast or MalwareBytes Pro, or MalwareBytes Anti-Root kit, but when I first run the latter I get a message "Registry value "AppInit_Dlls" has been found ....". Note that I have no problem proceeding to run the tool.
Could you please assist me to:
1) Understand if the "AppInit_Dlls" message is an issue I should be concerned with; and
2) How I can double-check to ensure my system is no longer infected (or perhaps the initial threat was just a false positive?)
Thanks for your help.
Stephen
Trojan:Script/Wacatac.B!ml
in Resolved Malware Removal Logs
Posted
Hi there
I had 2 detections of this and removals by Windows Defender today.
I've since done Malwarebytes scans, Windows Defender, Microsoft Security, Eset Online Scanner and nothing further has been detected.
Just wondering what this could have been and how I can double check that there are no residual issues.
Appreciate your help.