Jump to content


  • Content Count

  • Joined

  • Last visited


About treed

  • Rank

Recent Profile Visitors

11,782 profile views
  1. I opened that document on a test machine with the latest version of Microsoft Word, and it gave an automation error. There were no malicious changes made to the disk. Looks like all is good... just be wary in the future. I honestly wish that Microsoft would kill VBA already... I'm sure there are legitimate uses, but I've never encountered a document with legitimate VBA macros.
  2. Are these texts getting flagged as spam? If so, you can either add to Contacts, or you can add to the allow list in the Malwarebytes app.
  3. Looking at the VBA code you posted, it doesn't look like there's any Mac-specific code, which is good. Also good is the fact that recent versions of Microsoft Word are sandboxed, meaning that the VBA code they contain should not be able to access files on the hard drive, as they would need to in order to install malware. There are some known sandbox escapes, but I don't see signs of that kind of thing either. I suspect this is targeting Windows specifically. I'll run it on a test machine later just to make absolutely sure, but I think it's likely that no harm was done. You should probably alert your friend to the problem. There are two possibilities for why you got the e-mail from him. One is that someone spoofed his address, without having access to his account. However, that seems unlikely, as this wouldn't allow that person to have knowledge of the connection between you and him. The other, and more likely, possibility is that his e-mail account has been hacked and used to send malware to all his contacts. Because of this, I'd tell him to change his e-mail account password ASAP. Then, he should also change the password on any online accounts using the same password, as well as any accounts using a different password but associated with that e-mail address. (Such accounts could have their passwords reset with access to the e-mail account.) If he's not using different password on every account, and keeping track of them with a password manager, he should start doing that.
  4. The backend receives the reported numbers, and then if the number appears to be something that definitely should get blocked (for which number of reports is a factor), then it gets blocked globally. Yup, that's the problem. Honestly, I like the method involving "sharing" the number from the phone app described here better: https://support.malwarebytes.com/docs/DOC-2485 That allows us to add the number to your local block list, so you don't have to do this extra step for numbers that may not ultimately get added to the global block list. However, this method is a little more hidden, so it's unlikely people will find it without referring to the documentation. I'd be curious what you think, if you can try both.
  5. The file oodblefojaocanejnikhhjcglbaelpbp is a Chrome browser adware extension called Search Encrypt. It may be getting synced back onto your device after each removal by Chrome Sync. Try removing it from Chrome manually, which should update Google Sync to prevent this from happening. To do so: open Chrome choose Extensions from the Window menu find the Search Encrypt extension and click its Remove button If that doesn't work, or if Chrome doesn't allow you to remove it, post back here for further troubleshooting.
  6. If Malwarebytes for Mac is not able to make network connections, you probably have some kind of third-party software blocking the network connection. Examples include Little Snitch, Lulu, Intego NetBarrier, and other antivirus software with network blocking capabilities. If you are using such software, make sure that Malwarebytes for Mac is able to connect to the servers listed on page two of the user guide, under External Access Requirements. https://support.malwarebytes.com/docs/DOC-1883
  7. Try this: 1) Do a scan with Malwarebytes and remove anything that was found 2) Go to the Quarantine tab in the Malwarebytes app and clear the quarantine 3) Restart the computer If that doesn't fix it, please send me a direct message. I'll want to gather more information about that to identify what's being blocked by App Block and not detected by the normal scan engine.
  8. Just to clarify what has already been said, that kind of pop-up in the browser is not malware. It is a scam webpage trying to convince you that you have malware, in the hopes that you'll either install a scam product to "remove the malware," or that you'll call a scam number listed in the message and pay the scammers to "remove the malware." (When there's no actual malware.) Do not follow any of the instructions in that message. Close that browser window/tab, and if it repeats, avoid the site you were visiting at the time. It can also be helpful to install an ad blocker, as many of these pop-ups are caused by malvertising (malicious advertising). Malwarebytes actually has a browser extension in beta - so it's currently free - that blocks ads, trackers, clickbait, scams, and known malware sites. It's available for Chrome and Firefox, but not yet for Safari.
  9. We would need more information about what you're seeing. There isn't any malware named "mogobiggy," so we'd need to know exactly where you're seeing that name. Be aware that if you have adware installed, the name of the adware is not related to the name of sites that it may redirect to. Also, there are many popups and ads that are not due to malware or adware on the system.
  10. If you install macOS 10.14.5 beta 2, you should expect to have a problem with your Malwarebytes software. Due to unannounced changed Apple has made to this beta, most kernel extensions will become inoperable until they can be updated. The real-time protection features in Malwarebytes for Mac rely on a kernel extension, and the current version of the software includes a kernel extension that is not compatible with the 10.14.5 beta. This means that if you have Malwarebytes for Mac 3.7 installed, or try to install or upgrade to it, on macOS 10.14.5 beta 2, you will see the following alert: You will be unable to allow the extension to load, and your real-time protection features will be disabled. There is no way around this at present. We are investigating, but frankly, did not think that the change that caused this would be an issue until this fall, with the release of macOS 10.15. Apple did not notify developers of this significant change until today, and you should expect to have similar difficulties with other software that uses kernel extensions, such as virtual machine software (such as VMWare Fusion), other security software, hardware drivers, etc. We will update this as soon as we have a solution. There may be temporary solutions involving starting up in recovery mode and whitelisting the kernel extension, but we have not tested this, and it's not something we would recommend trying at this time unless you know what you're doing.
  11. This is definitely an extreme procedure that I wouldn't recommend doing. If you're running a beta of macOS, that's technically not supported, so there may be issues. With 10.14.5 beta 2, there are definitely issues. In that case, these instructions may help get real-time protection activated again, but these instructions are not officially endorsed by Malwarebytes, so follow them at your own risk.
  12. It sounds like you may have encountered some adware on your Mac, but it would be difficult to know for sure now that the drive has been erased and the system reinstalled. It also sounds like there may have been some network issues affecting multiple devices. In such a case, my primary suspicions would be either that your network hardware (your wireless router or cable/DSL modem, for example) has been hacked or infected, or that one or more of your online accounts have been compromised. Neither of these would be related to malware on your computer. Most of what you're describing, though, does not sound like malware. It sounds like you may be misinterpreting some normal things as malicious.
  13. I'd just like to add that you really shouldn't be using these kinds of "cleaning" apps anyway. The thing they purport to do is not a thing that needs doing. Although a corrupt cache can result in a "cleaning" app showing positive benefits, I've never actually seen cache corruption in person, because it doesn't happen often on modern systems. If it does happen, that's a symptom of some other problem that needs to be solved, rather than just sweeping it under the rug by deleting the caches. On a normal system, "cleaning" will actually have a negative effect, essentially deleting a bunch of files the system maintains to help improve performance.
  14. Yup, your help has been very useful! For those interested, this was a minor new variant of the Geneio adware. We've got the database updated to detect it now.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.