Jump to content

mailman

Members
  • Content Count

    14
  • Joined

  • Last visited

Community Reputation

0 Neutral

About mailman

  • Rank
    New Member
  1. NOTE: I am speculating. Perhaps this is the incident that led to Google pulling your site from its AdSense program. Have you contacted Google to find out? ========== I suspect your hosting provider that owns IP 64.191.53.56 (ref.) wants to avoid legal/financial action Jelsoft Enterprises Ltd. (producers of vBulletin) might pursue against them for knowingly allowing pirated software to be hosted (and USED) on servers under their control. I suspect Jelsoft has the means to aggressively pursue legal/financial action if necessary. I also suspect Jelsoft WILL pursue legal/financial action if
  2. Not only does www.pinnaclepoints.com resolve to 64.202.189.170, currently hpHosts indicates (clickable link) SEVERAL malicious host names also resolve to that identical IP. Also according to hpHosts,
  3. I looked more carefully through the hpHosts list of IPs in the same IP adddress block as www.gymjam.com and found a site with the IDENTICAL IP address as www.gymjam.com so you might be out of luck regarding removal of the 72.167.232.235 IP address from MBAM's IP Protection. # Hostname IP Added Class 23 supercleanpc.com 72.167.232.235 16/06/2009 FSAAccording to hpHosts, supercleanpc.com no longer resolves to 72.167.232.235 though so, who knows? I'm still trying to get my head around the hPHosts database and how IP addresses, pointers, hostnames, etc. all fit together. St
  4. According to hpHosts, However, also according to hpHosts, several IP addresses in the same IP address block (72.167.232.*) ARE classified as malicious. I suggest you post about the specific 72.167.232.235 IP in the False Positives forum. Perhaps MysteryFCM (the hpHosts DB administrator) will update MBAM to exclude that specific IP for www.gymjam.com from MBAM's IP Protection. Please follow the instructions in this link when creating your "New Topic" post. Good luck!
  5. I also am wondering. The hpHosts database says this about IP 88.214.226.32: I suggest you head over to the False Positives forum and follow the instructions in this link to report about that IP. For example, it would probably be helpful for them if you explain about your "seoquake.com legitimate add on to Firefox" (perhaps even with a link to the add on that apparently triggers the alert) so they can further verify its legitimacy and they can reporoduce your annoying situation.
  6. Hi, scarrlette. I was told the other day by one of the forum's "Trusted Advisors" that there is a policy in place such that edits are not allowed until one has made several posts and established oneself as a Malwarebytes forum member. Apparently, in the past, the "edit" feature was abused.
  7. Thanks! First, I would probably drive there, do some of my own scans, and copy logs to USB thumb drive (already Panda vaccinated) for my research after I get back home. Besides, there's a restaurant with YUMMY PRIME RIB nearby. Then, if it turned out her computer was likely compromised, I would direct her to seek expert help. It's a toss-up between here and Windows BBS though. I feel a pretty strong loyalty to Windows BBS and Broni has been VERY busy doing a darn good malware clean-up job over there as well. (BTW, Broni also often recommends Malwarebytes' Anti-Malware to people who want "the
  8. Exile and Lonny, THANK YOU for describing (in Posts #60, #61, and #64) the specific discrepancies you observed and corrected in eldo's registry. I GREATLY appreciate your taking time to fill us in on the details! I have not yet studied the malware removal thread similarities between eldo's logs and prompt's logs (because your fix apparently worked for both of them). That's my next step in my layperson's attempt to grasp a better understanding (of what I have a hunch is a fairly new development since Lonny stated the fix is slated to be incorporated into a ComboFix update). Thanks again for a
  9. Hi, TeMerc. LTNS. I already had the "free version" installed in my two computers. Last night I purchased my first MBAM license (and tonight I purchased my 2nd). Instead of downloading the "full version", I simply entered the ID code and key in my already-installed free version which unlocked the resident protection feature. When I checked the license.txt (ATTACHED to this message) in my MBAM program folder to try to determine if my 2nd license purchase was even necessary, I did not find ANY mention of the number of computers I may use a purchased license for. I suspect the "one license per
  10. NOTED: This fix apparently applies ONLY to Windows XP SP3. Using it for any other version/service pack of Windows could produce very disastrous consequences. I suppose it may even produce disastrous consequences for XP SP3 as well. Therefore, one should prepare for a worst-case scenario before applying the fix. (See my "standard disclaimer" at the end of this message.) ========================== OK, Lonny. I will keep that resistry merge to myself. I checked a few days ago and discovered Dave hadn't posted there since May. (I hope he's okay.) In fact I WAS thinking of sending him a PM r
  11. This is GREAT news! THANKS! Please pass my heartfelt thanks on to Lonny as well. I downloaded the FixServices_v2.zip so I can print and study it to figure out what you wizards did. May I post that file and/or its contents in our related Windows BBS thread? If I have your permission, then I will include my usual "use at your own risk" and "back up your registry" disclaimers and I will advise people (who may have a similar problem) to carefully review this thread at Malwarebytes before applying the fix.
  12. In case your current ideas do not pan out (and continuing with my original line of thought/research regarding eldo's specific CryptSvc "Error 1290: 0x50a" code), ... The Cryptographic Services service apparently depends on the Remote Procedure Call (RPC) service (at least in my XP Home SP3 machine). Therefore, perhaps eldo's RPC service SID type setting information differs from eldo's CryptSvc service SID type setting information.
  13. Ops, I was saying... My output has a line that is NOT in eldo's output: in the first section immediately below "Type REG_DWORD 0x20" and Eldo has another line that is not in my output: in the Parameters subkey. (I'm sorry. I would normally put this in an "edit" but I do not see such a feature with this BBS software.)
  14. In eldo's malware removal thread with AdvancedSetup, eldo mentioned, I Googled 1290: 0x50a and found a result stating, In Post #6 of THIS thread, eldo's Crypto registry key output includes the following lines. It seems to me that those particular lines contain "restricted service SID type" information that my Google search result refers to (though I am not an expert). I ran that batch file (from Post #5) in my Windows XP Home SP3 computer and found those lines do NOT exist in my computer and my computer functions normally (as far as I know). My output has a couple lines I wonder whether o
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.