Jump to content

treed

Staff
  • Content Count

    1,308
  • Joined

  • Last visited

Everything posted by treed

  1. There's lots of malware that can install just fine without elevated privileges. There are certain kinds of things the malware can't do if it doesn't elevate, but for a lot of the basics (stealing your data, injecting ads or causing redirects through browser extensions, etc), that kind of access isn't needed.
  2. Yup, there's a lot of stuff these days that people think is malware that actually isn't... like these kinds of pop-ups in the browser. Pop-ups in the browser can be caused by malware or adware, but it all depends on the purpose. Pop-ups designed to trick the user into downloading and installing more adware are generally not caused by adware, because the adware creator doesn't want to have competition for the infected machine. I can't ever say that any technology is 100% enough. A good antivirus program should protect against all malware infections. Good web protection should prevent the machine from communicating with a bad site. An ad blocker should protect against all malvertising. But there's no such thing as 100%... if it were possible to create protection with a 100% guarantee, the game would be over, the black hats would have lost, and everyone could get on with their business without these threats. That said, running something like Malwarebytes alongside a good ad blocker or network filter should be pretty darn effective.
  3. I know the feeling... you don't want to deprive sites you use and respect of their source of income. Unfortunately, malvertising is so prevalent these days that it's more a matter of security now. Ads are no longer just a nuisance... they can be dangerous.
  4. I removed all links to pcrisk[.]com. That site is designed to use search engine optimization to funnel people in and convince them to download a junk app. We don't really want a link here to give them a higher position on Google (which tends to prioritize results based on how much they are linked to from external sites, among other things).
  5. This is actually unlikely to be caused by any kind of adware or malware installed on the system. The problem seems to be happening specifically when visiting eBay and Kijiji, which suggests that they probably have a malicious ad that has gotten into their advertising feed. This is actually quite a common problem that people frequently mistake for an infection. Most likely something about your particular browsing habits on those sites and/or other information (such as geolocation of your IP address) is causing you to see this ad more frequently. I would suggest to first try what has already been suggested here: install an ad blocker and see if that helps. If that doesn't help, then we'll need to investigate further.
  6. I see that you have some adware installed that Malwarebytes for Mac should remove, but you don't actually have Malwarebytes installed. I would recommend installing Malwarebytes, which will scan for and remove the adware for free. There are also a bunch of system configuration profiles installed that are causing a Chrome extension to continue to be installed. Those profiles will need to be removed manually, as Apple does not provide any way to manage those profiles that we're able to safely use to remove them for you. To do so, open System Preferences, click the Profiles icon, and then remove every item in the Device Profiles list. Because there are multiple nearly identical profiles, I suspect some of the adware you have installed is installing those profiles. Here's what I recommend doing: Install Malwarebytes (https://malwarebytes.com/mac-download) Scan for threats, and confirm that you want to remove them You will probably be asked to restart the computer, but don't do so yet Follow the directions above to remove all the configuration profiles Now restart the computer After restart, scan again with Malwarebytes and remove anything detected. If anything is detected that requires a reboot, do so. After you've done all that, run the script again to generate a new MWB_Info.zip file, and send me that new file. I'll take a look and make sure that everything is gone.
  7. That extension appears to be made by PCVARK, a company that makes copious numbers of PUPs (potentially unwanted programs), on both Mac and Windows. They even make something that we consider to be outright malware. For that reason, we blacklist everything they make.
  8. At some point we’ll likely add that, but to be completely honest, the capability to scan external drives is very low on the list of things we could do to protect Macs better. Malware on an external drive is almost never an actual threat vector in the real world.
  9. Sure! Just keep in mind, though, that a Safari extension has a lot of access to potentially sensitive data in web pages you visit, and we’re blocking some things that developer makes... just sayin’... 😁
  10. Alternately, if you’d prefer not to go through the support route, feel free to send the MWB_Info.zip file directly to me... I’ll probably end up looking at it either way. 😁 To send me a direct message, click on my name or avatar at left, then click the Message button.
  11. I suspect that “unknown” issue is more likely to be due to a bug in BlockBlock than due to anything truly malicious.
  12. That's not the right place. You need to be on the General tab in the Security & Privacy preferences. That's where the button in the app should take you, although we've seen some cases where System Preferences opens to the wrong place. Make sure to look at all the screenshots in the first link I gave you to be sure you're looking in the right spot.
  13. John, There are step-by-step instructions to walk you through this here: https://support.malwarebytes.com/docs/DOC-2634 If those aren't clear enough for you, you can try the walkthrough here: https://zingtree.com/deploy/tree.php?z=embed&tree_id=375421543&style=buttons&persist_names=Restart&persist_node_ids=1 If neither of those helps, support is available. You can find your support options here: https://support.malwarebytes.com/community/contactsupport/pages/home-support
  14. That was an error - sort of. We did blacklist a couple junk antivirus/cleaning apps from that developer, but did not mean to block everything. This has been fixed.
  15. Thanks, 1PW! I'll pass that along to the dev team!
  16. The build is now ready to share more widely, as it seems to solve the problem for everyone affected that we have shared it with. For now, you can get it through the following Box link: https://malwarebytes.box.com/shared/static/otu4m6ln8kbs1hfjor6zhq7qqwdzrt5x.pkg We will be releasing this through the official channels tomorrow, so it will be available for download or via in-app updates then. As for what happened... it turns out to have been a kind of race condition between our daemon and our kernel extension. They could end up in a situation where each was waiting for the other. This did not happen unless the machine in question had some performance issues. Normally, initialization would happen quickly enough that the problem would not occur, but on a slower machine - such as an older machine or one that is experiencing other problems causing performance issues - that initialization process could take long enough that the race condition got triggered. This was a very tricky bug to find, and I apologize that it took so long. I'd like to thank those who were able and willing to help us find the source of the problem!
  17. I would suggest that, unless you're a very atypical case, you have apps that do have background processes running, but you simply aren't aware of it because they're not showing menu bar icons or other such indicators. Many apps have processes that run periodically in the background to check for updates (like Malwarebytes' background process does) or do other kinds of tasks. I'm running many of them right now. Some examples: 1Password Carbon Copy Cloner Steam Microsoft Office Dropbox, Box, Google Drive, etc any Google software (including Chrome) any Adobe software any printer drivers VPN software This is far from an exhaustive list. Even App Store apps have the capability these days to run processes automatically in the background at login. I would ask again: what specifically is the problem you're having that you believe quitting any Malwarebytes background processes will solve? Are you seeing performance issues, and if so have you traced those issues to such a process? If so, I'd like to have more information.
  18. We're still not sure what the cause is... it seems to be affecting machines of all ages, and with systems from Sierra (10.12) through Mojave (10.14). It's affecting a small enough number of machines that it has been difficult to guess what they might all have in common, and we haven't actually been able to reproduce it here. But I think we're getting close to finding a solution, thanks to an individual with an affected Mac who has generously volunteered his time to work closely with our developers.
  19. How hard is it to find a bug in three months worth of code changes, when we can't actually reproduce the problem on any machines here, and when the bug is actually affecting a very small number of Macs so it's hard to figure out what they all have in common? Pretty hard, actually. 😐 I didn't want to post further here - especially while traveling! - until I had more concrete information. However, at this point, it seems necessary. We don't have a fix yet, but I believe we are close, thanks to one individual who has graciously given his time by working closely with our developers - even allowing remote access to the affected Mac! (I will be personally making sure that that individual is rewarded for his assistance.) Once I have some more concrete information, I will provide it here.
  20. We've located a Malwarebytes employee who is able to reproduce the problem. The devs are going to work with him today to run a bunch of tests and figure out what's going on.
  21. Cleverbridge does handle some of our purchases and renewals, so that would not be unexpected. However, if you're suspicious of the e-mail, which is a legitimate concern these days, I'd recommend logging in to your account here to verify the status of your account: https://my.malwarebytes.com You can also contact support directly with questions: https://support.malwarebytes.com/community/contactsupport/pages/home-support
  22. It seems like you must have some software from Smart Panel still installed. What that is, I don't know, but if you respond to adas with the requested information, we'll be able to learn more. I kind of wish you hadn't obscured the part of the path between "ext" and "def". Without that folder name, we can only say that the data you've found is associated with two Chrome extensions. We can't say what Chrome extensions. If the extensions in question are still installed, we'll be able to get more information from the data adas requested.
  23. Malwarebytes for iOS cannot be activated with a license key, due to Apple restrictions. For more information, see: https://support.malwarebytes.com/docs/DOC-2455
  24. We're still investigating this issue... so far, the folks on this topic are the only ones we're aware of seeing the problem, and we're not able to reproduce it here. We have a theory that it may be related to older hardware, but have tried on a variety of older Macs here and don't see these issues. If you're able, please cooperate with any requests from adas so we can figure this out.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.