Jump to content

nitrousable

Honorary Members
  • Posts

    97
  • Joined

  • Last visited

Everything posted by nitrousable

  1. I didn't quite know the rules and I already apologized for it. As for the second time I posted it - I thought it was not needed to obfuscate the link in a special forum area dedicated specifically to such threats...
  2. I didn't want to click on it. I wanted to click on another link but accidentally clicked on this one because the chat was moving so fast.
  3. Sniped me on the VT analysis. Looks like it's safe after all. I'll still post it to the sub forum to have it checked just in case Thanks
  4. Hi. Looks like someone already broke the link. Should have munged it in the first place, sorry for that. I just wanna know if the link is dangerous or not
  5. I do not advise you to follow the link in unsandboxed environment hxxp://www.geeksday.tk/2016/05/blog-post.html It links to a fake looking youtube player window which is in fact just a picture. If it' s not a virus it seems rather pointless. Can someone knowledgeable confirm whether this is safe or not? I want know if I could have been infected or not
  6. Yes, that is correct although I didn't reboot. And the scan finished 30 minutes before that driver was created. Thanks for clarifying!
  7. Not sure why it didn't attach the file in my previous post. Here it is mbvc.zip
  8. Attached the file below
  9. RogueKiller has detected this file upon the most recent scan. It was created on 5th March in drivers folder. If you look at the digital signature it links to malware bytes however upon running a google search on mbvc.sys I didn't find any evidence that this driver actually belongs to MBAM. Can someone verify please? Some screenshots of the file properties http://puu.sh/nyBRM/0d2fcf8bb3.png http://puu.sh/nyBSv/18600e6404.png http://puu.sh/nyBSI/276f1f1831.png
  10. It's literally bombarding me with these pop ups when I use chrome...
  11. Why is it blocking these IPs when I am using chrome?
  12. The tool ran fine so I guess we're good... I ought to tell you that Garena died since yesterday, it didn't autorun as it was supposed to. Even the entry in control panel program list is gone so I had to uninstall it manually through uninstaller. It's probably nothing, the fixing tool probably affected it in a way but thought I'd inform you about every detail just in case.. So I guess my PC is clean afterall thanks to you Kevin. I would have donated but I bought a new GPU 2 days and kinda broke. Thanks again
  13. No issues except for my ever-present paranoia which is the biggest issue of them all haha Online Scanner showed nothing. Rogue Service could be a possibility, that would explain why MBAM showed no process with the block. But no Antivirus Software seem to be able to detect it. It's the very first time something like this happens to me, I had outbound blocks before made by svchost.exe when I had P2P programs running but never a "processless" block. Is there something else we could do or it's as far as we can go? Thank you
  14. It's all good, thank you. The scan is currently at 16%. Pretty slow so should be done in few hours time. I only visited that gamebomb site once, I had to download a game patch from there. I haven't ever used it since. I actually already removed the exclusion. But I still don't see how it would relate to that chinese IP block. Anyway, gonna report the results tomorrow. Thank you for you help so far
  15. Also, that chinese folder is from GTA 5 installation, I googled it and everyone who has GTA 5 installed seem to have it.
  16. Are you saying you're getting these outbound blocks as well? Sorry I didn't quite get it. I'll let the Online Scanner run, will report the results tomorrow morning. Thank you
  17. These exclusions are legit, I set them myself. Okay so I did the fixing thing and when the process began I got a UAC prompt. rundll.exe wanted to do something with Garena.exe. I assumed it was a part of the fixing process so I pressed yes. After restart all my Chrome settings including extensions got reset and I had to relogin on every website again. I also had to re enable rootkit scans in MBAM although I remember having them on. Not sure when rootkitscan got disabled .All the logs are provided below. Regarding RogueKiller detection: I use this program to record Skype. JRT.txt AdwCleanerS1.txt Fixlog.txt log.txt RKreport_SCN_05242015_225646.log
  18. Thank you for the follow up. You may be quite right but I still don't understand why no process was listed making it not quite right... It's the first time I'm seeing this, makes me think it was some kind of a hidden process or something but AVs detect nothing.
  19. daledoc1 advised to create a thread here and I'm doing just that. I was playing a multiplayer game (Dota 2) and then a warning from mbam popped up informing me about blocking 114.80.100.205 IP address through 137th port but no process was attached to this event. I checked the logs and there is nothing in there just the timestamp, IP and port. I don't understand what is happening, I ran scans with ESET Smart Security, MBAM, RogueKiller and nothing suspicious was found. I could really use some expert advice in this situation. Thanks log.txt Addition.txt FRST.txt CheckResults.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.