coldone
-
Posts
52 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by coldone
-
-
Hi there,
so I am having that rather strange problem with my computer which is out of the blue the Remote access connection Manager service which is set to start manually was set to Automatically. The time it happened I could have sworn I have seen command windows popping up after the logon. I didn't directly think anything of it but sandboxie notified me about compatibility issues with the Remote access connection manager which is how I realized it was running in the first place and I just disabled it instantly.
Aside from basically twitch, youtube and well this site I don't surf without sandboxie and I don't use any pirated software so I am not sure what might happened there.
Thanks in advance for every assistance.
-
Thanks for the quick response wasn't an inconvenience I just got curious because it didn't happen an hour ago ,)
-
Hi,
malwarebytes started to detect a trojan.wauchos just now in the palemoon.exe and I think it might be a false positive since this comes up https://www.virustotal.com/#/file/801b43825a42523f7d56b26ed4ae3a01e6949c513cba49b48ce08b8996a14080/detection palemoon.txt. I restored the exe from the quarantine for now and added it as a file here. I'd be grateful if someone could take a look at it.
regards
-
-
Have the "trojan" as well and I would say it looks like false positive but better wait for one of the malwarebytes employees for confirmation I mean there was a vulnerability in part of the nvidia driver at the end of the day as far as I remember. This is the file https://www.virustotal.com/en/file/39e2df03737c3429fcb7c44055d2cede0f64d0e6ebbd1987a57242fd643a570e/analysis/1507335479/ it's referring to.
-
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0-Website Data-
Domain:
IP Address: 151.236.23.129
Port: [58351]
Type: Outbound
File: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exeStarted to happen yesterday evening after a reboot - ksde is part of KIS so I'd hope it's not actually compromised but I never used this program. https://www.virustotal.com/en/file/4d364b0bf012c335fa3b25bdf042d4af672d961b9b48cb7c5be34fcfd1d64979/analysis/1498356074/
-
I see it seems to be more of a broad issue considering how many threads about it popped up. I have same issue with 239.255.255.250 and also different ports.
-
Same issue here with no tabs open but the malwarebytes forum.
When I turned of chrome it started appearing from svchost as well.
-
I added the service logs. Is that fabar thingy save to use ? Looks a bit sketchy.
-
Oh now that you mention it - my office doesn't start either.
-
Sure thing.
Added the files - the issue happens every time I try to start firefox even on a fresh installation removing prior user data. Using windows 10 14393.479 and Kaspersky Internet Security 2016. Opera and Chrome don't cause any issues. Palemoon caused the same error first but after a fresh installation it stopped. Didn't have any issues with mbae.
-
Firefox triggers the exploit protection. Tried a fresh installation after removing all the remnants of the old installation and still can't get it to work. Threat's name is Malware.Exploit.Agent.Generic any idea what might be causing it ? The same installation worked fine using mbae previously.
-
That's unfortunate thanks for the info.
-
Yepp same thing here consider me surprised opening my browser with only a session of allianz.de and wikipedia open.
-
Hi there, is mbarw reported the lcore.exe as ransomeware and allegedly put it into quarantine where it never made it to the quarantine folder. Didn't ask for a reboot and the folder was empty and the lcore.exe seems to be still running fine after I did a reboot anyways. Not sure what to make of it all.
regards.
-
Sure totally forgot about that one
-
Hi there,
came back to my computer this morning and it stated it detected some ransomware - the quarantine folder is empty so I couldn't follow the steps there but it stated it was clicktorun from office and I tried a couple second opinion scans that didn't end up showing anything so I guess it's maybe a false positive.
regards
-
Oh the title of the linked thread is kinda misleading in that sense as the problem for the normal user is that there was some malicious code distributed to visitors of imgur and I was just curious if mbae could prevent that from happening.
-
So apparently imgur.com - the image host for mostly reddit I guess has been compromised as outlined here https://www.reddit.com/r/technology/comments/3lw2g6/imgur_is_being_used_to_create_a_botnet_and_ddos/ .
Is there any information yet if mbae could avoid that sort of exploit ?
regards
-
Sorry forgot that this site is probably not that established. It happened when I tried to visit kinguin.net
-
Sure thing
-
Went to the kinguin site and my malwarebytes lit up with a huge amount of malicious website protection events. I presume that's a false positive.
-
I don't know if that has any relevance but funnily enough I found out what is causing it on my system - it was the gog installation of witcher 3 and dead state.
-
Thanks I followed that suggestion.
Potential infection
in Resolved Malware Removal Logs
Posted
Hey thanks for the quick response this program comes with Kaspersky which I installed a while ago and I have never used it so I thought I might have caught a rat. On a quick test it also doesn't seem to require the service to work so I am not really sure what happened there.