Jump to content

Fatdcuk

Staff
  • Content Count

    20,723
  • Joined

Posts posted by Fatdcuk


  1. Hello Alpha32,

    You really do need to update all your applications including Adobe as it looks like that has been evoked by yet another exploit.Having known holes in your security is like a human playing Russian roulette, You might get lucky a few times but ultimatley you will catch a bullet sooner later!

    Hotmail webpage does display rotating 3rd party banner ads. Hotmail might be secure but unfortunetly from time to time those banner ads are serving up exploit code :(

    AcroRd32.exe is only legitimatly evoked when attempting to view a PDF document via your browser. No online PDF document usage in the same session as seeing that process in memory = Not legitimate usage(immediate cause for concern).

    Have just checked in our database to see the signature producing that detection but it was based soley at targeting a packer string so the file could be a number of things.

    The fact we detect the file when sniffing it on a fullscan means automatically that if it had attempted to load into memory or was already memory resident either our realtimer Protection Module would have blocked or our quick scan would have picked it up.

    In the absense of either detection i would say that the file has been written to disk probaly downloaded by one your exploits but it failed to be loaded into memory where it would have been able to carry out it operations.

    That said it would be prudent to have your computer looked over just to make sure that nothing else has sneeked past us, It does happen occaisionally as no blacklisting software will know all malicious code that is created.

    Since your are a paid up customer here are several options where you get a quick checkover for your PC.Please make use of one and in your initial contact please give a link back to this post so whoever helps you has a point of reference as to how best best assist you.

    Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here.

    One of the expert helpers there will give you one on one assistance when one becomes available.

    Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

    If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

    *If you would prefer to be assisted via email isntead you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

    **If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.


  2. There must be at least 30 window updates which I hasn't installed (stupid I know lol), Adobe Reader, Quicktime, Safari, Internet Explorer, WMP, Adobe Flash Player and Java.

    The problem with Java is I was told I couldn't update or install a fresh verison as I was infected with fake AV (System Tools) back early last year and as I couldn't run Malwarebyte's or Avast to remove it (kept blocking it from running) I was told to patch my version of Java on the site above but was told I couldn't update Java as it may bring back the fake AV via a new exploit. I don't know how true this is as when it comes to viruses I know nothing :/

    Hi,

    I have never heard of such an updating vulnerability with Java so most conclude you have received some incorrect advice with regards to this.

    Best security practice would be to uninstall all older versions and update to most recent ones.Also apply all windows security updates as more often then not they are patchs to close newly exposed holes in their operating system or products.

    Best to close up all those security holes so you dont have to rely on whether your current security blacklisting covers the next attack that would be exploiting them.

    Shutting those open doors would greatly increase your level of security by giving malicious code less easy targets to gain entry onto your computer.

    Reverse security logic is the more holes you have in your computer security then the greater the probability your computer will be sucessfully attacked :(

    Time to get busy updating, safe surfing :)


  3. Hello Alpha32,

    I have just visited and crawled all over the site and could not find any malicious code hosted at the site :)

    However I found that my Java application was not evoked on my test machine so this is an immediate indicator that something is not quite right.

    If the webpage was still rendering(viewable)whilst Java was launched on your computer and then the MBAM IP blocker alerted you to outbound connecting to bad IP then this would strongly suggest that you almost collected a "drive-by" infection most probaly c/o a compromised 3rd party ad-server displaying ads on their page.

    The mechanism would most probaly have been a java exploit(since java was evoked) which then attempted to download a payload(This is the point where our IP blocker would have made the block\save for you).

    I would suggest running the following excellent free tool just to see if all your current applications are up todate.

    http://secunia.com/vulnerability_scanning/personal/

    Most exploits target known holes in older versions as a way of penetrating peoples computers.In the case of your Java then you probaly may have older version(s) installed on your computer.

    It is considered best practice to always have the most current version and uninstall any older versions that have known security holes.This shuts the door on the vast majority of known java exploit code circulated in the wild.

    Safe surfing :)


  4. Hello,

    MBAM is not malware nor does it contain any malware.

    We regret any concern this maybe causing our users but it is entirely beyond our control to fix the PrevX detections.

    I would suggest anybody still concerned that you contact PrevX support and request answers from them as to why they are making these incorrect detections and why it is taking them so long to remove/remediate them.

    Thanks for your patience and understanding on this :)


  5. then tried uninstalling and re-installing with the same result.

    Just for sake of clarity/troubleshooting.

    Did you use the MBAM clean.exe tool and did you restart the computer after uninstalling had finished before attempting to reinstall again ?

    The reason being is the MBAM cleanup tool is fixing a high percentage of corrupted installs on XP and some other incomplete uninstalls/installs can be attributed to a computer not being restarted when it needs to be.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.