Jump to content

Neph

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Everything posted by Neph

  1. Hi, the website film.at has been blocked for at least the last 6 months. I did a couple of scans with virustotal in the last couple of weeks and they all came back negative. Is this a false postive? Log: Category: Trojan Domain: www.film.at IP Address: 104.18.123.70 Port: 443 Type: Outbound Connection File: C:\Program Files\Mozilla Firefox\firefox.exe
  2. Virustotal result here: click. This lists 2 files that were communicating with the website in the past (last time: Feb. 2021), is that why Malwarebytes is blocking it now and why it should better stay blocked, even if there's no positive result atm?
  3. Thanks for checking! When I started my PC just now Malwarebytes did its daily scan and a new file was detected (see log below). Every time I start the Sky X app a new file with a different name is detected. If I disable Malwarebytes before I start the app, then it finds the file when it's doing its daily scan. I already contacted Sky support about it but the guy seemed very reluctant to even forward this problem to their proper tech support department and basically told me to just disable Malwarebytes if I want to watch Sky (which is an incredibly stupid response!). SkyXLog2.txt
  4. Here's one of the 3 logs.SkyXLog.txt
  5. Hello everyone, I just downloaded the official Sky app (SkyX, to be exact) for Win 10 from the official homepage ("Windows App" here) but when I install it, Malwarebytes goes off right at the end with a "Malware.Heuristic.1001" warning. So far I've tried to start the app 3 times but it failed every time because Malwarebytes moved a single file into quarantine: First attempt: C:\Users\myuser\AppData\Local\Temp\e69062cc-b867-4566-8c8d-927bdaa2170f.tmp.node Second attempt: C:\Users\myuser\AppData\Local\Temp\1edae6d7-7bbd-48d5-a794-8aff98c82444.tmp.node Third attempt: C:\Users\myuser\AppData\Local\Temp\6ce0d8bb-a498-4208-94d6-38e109ba256e.tmp.node I scanned the installer (SkyXInstaller.exe) on virustotal and it didn't find anything, it just happens when I try to run the "Sky X.exe" in "C:\Users\myuser\AppData\Roaming\Sky\Sky X". I can't even tell it to ignore these files because it's a new one every time. Is this a false positive? What should I do?
  6. Thanks for the prompt reply! May I ask if virustotal is how you check websites in this subforum or is it possible that there's still something that virustotal just didn't detect?
  7. For the last couple of weeks the website has been blocked because of "Trojan". I ran a scan on virustotal and it says that everything's okay with the website. Is it a false positive?
  8. The search bar in Firefox (the one to the right of the address bar) automatically uses google.com and googling something through there gave me multiple malware warnings: - ip.google.com - googleadservices - doubleclick - adservice.google.com I've got NoScript, so no idea why these ones were even loading. Now, 5 minutes later, googling the same thing doesn't display anything anymore.
  9. Sorry for the late reply. I ended up re-installing Malwarebytes, which completely fixed it. Unfortunately the problem's back, this time it's the web protection: It turns off on its own, about 30 seconds later Malwarebytes crashes and I have to restart it manually - I haven't waited long enough to see if it eventually restarts on its own yet. This has happened two times in the last 10 minutes already. I'm going to try the repair AdvancedSetup suggested now.
  10. It didn't crash for me yesterday but today it did 3 times already in less than 30 minutes. I guess I'll really have to reinstall it. Btw, the scans didn't come up with anything apart from the usual tracking cookies (in Spybot).
  11. I've got the same problem (Win 7 64bit, Malwarebytes 3.6.1): Yesterday, about 1 minute after starting up my PC, the "real time protection disabled" message popped up, then Malwarebytes crashed. I then had to restart it. Today the same thing happened about 5 minutes after starting my PC (I was already using it at that point): Message popped up, then it crashed but it restarted itself before I got the chance to do it. I'm currently running a scan (auto-scans every day are enabled and no problems lately with that!) and also a second one with Spybot just to be safe but neither has found anything yet.
  12. Do you still need the logs, even though the problem's fixed for me atm? Sorry but I don't want to post stuff like that publicly. Btw, I used an older version of the mbam-clean tool @Porthos mentioned to uninstall Malwarebytes.
  13. Before I shut off my PC 12 hours ago (Win 7 64bit, 3.3.1) everything was fine, after starting it again a little bit more than 2 hours ago I had the same problem: Web-protection would start for a second (and say "starting"), then shut itself off again and give me the message. Closing Malwarebytes, then restarting it as an admin and enabling "self-protection module early start" (mentioned here) didn't fix it and a scan only found an old .exe for VLC that's supposedly a bundle installer. After a couple of restarts I reinstalled Mbam and for now web-protection seems to be active again.
  14. Ah, I found a bunch of ".json" files in "ScanResults", thanks. Are there no .txt files anymore or do I have to enable a setting for that? I didn't find "Don't export log information" (MB3) and there's only a separate "Export" button when I open the log through MB. I've never had a virus/trojan/... on this PC (at least none that I noticed or got detected), so that's really weird. Thanks for the infos, I hope that with MB's self protection setting enabled Norton won't be able to create any more files like that (must have happened a while ago because of the 32bit version). I just found a bunch of files (a ".data" and a ".quar" for each name) that were create between 2014 and January 2017 in "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine", I guess they are leftovers of another old MB version (possibly simply MB2). Can I delete those too or is there a way to import them in MB3, so I can look at what files they were?
  15. The other 2 files had been created earlier too and only got detected on April 4th, while the third and last file (00015723.tmp) wasn't detected until yesterday. Do you think that it could have been an actual trojan after all (didn't get any symptoms or noticed anything weird and Malwarebytes never found anything until April 4th)? In what folder do the logs get saved (no "logs" folder in "Roaming" and "Program Files" and the latest logs are missing in "ProgramData")? Is it possible to have Malwarebytes store them longer than just one month?
  16. Update: I didn't completely delete the last .tmp file (forgot to empty the bin) and today Malwarebytes detected it as another Trojan.Agent.ENM (sorry, not "EMN"), even though it hadn't before.
  17. Thanks and thanks again for the good news!
  18. Pew, glad to hear that! I wonder why Norton hasn't fixed this and why both programs even detect these files as nasty stuff. There's still one more .tmp file left in the folder, should I delete it anyway?
  19. Hi, after Malwarebytes (Premium, latest version) detected a PuP today, I started a full scan of my C: drive during which two files were found: 00015723.tmp 00023946.tmp Both were classed as Trojan.Agent.EMN and they were in my old "Program Files(x86)\Malwarebytes" folder - currently Malwarebytes is installed in the 64bit "Program Files" folder. A couple of minutes later, while the original scan was still running, a Norton window (yes, I use both because they each detect different kinds of nasty stuff) suddenly popped up, saying that it was working on removing a Trojan.Cryptolocker. Yes, that almost gave me a heart attack! When it was done, I got really surprised by what the actual file was: 00023946.tmp So the same file Malwarebytes had already found, only with a different classification. I already read about Norton sometimes saving tmp files in Malwarebyte's folder, please tell me this is what I am/was experiencing here! Btw, there's still a single .tmp file left and I let both Malwarebytes and Norton run a scan but neither found anything wrong with it. Should I delete it and the folder (it's empty otherwise) while I'm at it just to be safe?
  20. This post was originally an answer to this thread by Sreyness but I can't edit the post anymore. Could you please move it to the "Website Blocking" subforum? Thanks!
  21. I'm experiencing the same problem: Whenever I try to visit uploaded.net, it blocks 81.171.123.200. This problem started occuring just a couple of days ago. I've been using uploaded for years to share files with friends (haven't got a premium account at the moment, so can't write their support, sorry) and I've never had any problems with it, so to me it looks like the situation with wikipedia not too long ago.
  22. Are you possibly using Firefox and the tiles for quickly accessing websites through the "New Tab" tab? If so, that's the "problem". As long as there is a "New Tab" tab open and you move your mouse cursor over Wikipedia tile, the message will pop up (only on the first try though) - I guess that's because of the preview image. For me it even does it sometimes while I'm currently browing a different website in the same Firefox window but move the cursor over where my Wikipedia tile would be. If you're using a different browser, it's still possible that any of the "quick access"/bookmark buttons (I know that they exist in IE and Chrome) cause the message to pop up too.
  23. That's the way it usually ended for me with different companies. If it's different with your support, I apologize of course. I just opened a ticket with the title in this thread as the issue-explanation and I'm now waiting for the e-mail.
  24. I know how long it usually takes the support to answer tickets (and that they usually end up giving the advice to reinstall everything, even Windows, over and over) and I want the damn thing solved rather sooner than later. Deleting the cookies didn't help, now I'll just reinstall Firefox and then I can still open a ticket. Would it be okay to send the remaining 2 logs to AdvancedSetup or Firefox via pm? This way they would be able to help me without everyone else downloading the files. I'll tell my relative to check out the site.
  25. Firefox.exe is just my Firefox browser and according to the explorer the file hasn't been changed since the last update at the end of December. Clearing the Cache didn't work but it looks like most of the time it only happens if I activly surf in the internet. Yesterday Firefox was open with only a single tab (leo.org) while I was playing a game and there were no popups for a few hours. Is there anything conspicuous in the CheckResults.txt? I'll first try deleting the cookies and later reinstall Firefox but if that doesn't help I'll create a ticket (must have overlooked that, thanks).
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.