Jump to content

SixtyNine

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

1 Neutral

Recent Profile Visitors

802 profile views
  1. Hello, Thank you for responding. The check seemed to occur when the application was first initialised each day. Since then I have negotiated with the supplier of the application to provide me with an alternative offline check (keyfile) so although the issue itself was not resolved it no longer affects me.
  2. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/14/23 Protection Event Time: 10:16 AM Log File: 61d9edd2-52df-11ee-91eb-20cf3064b32a.json -Software Information- Version: 4.6.1.280 Components Version: 1.0.2117 Update Package Version: 1.0.75283 License: Premium -System Information- OS: Windows 10 (Build 19045.3448) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Exploit.PayloadProcessBlock, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command echo (Get-WmiObject Win32_ComputerSystemProduct | Select-Object -ExpandProperty UUID), Blocked, 701, 392684, 0.0.0, , -Exploit Data- Affected Application: cmd Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command echo (Get-WmiObject Win32_ComputerSystemProduct | Select-Object -ExpandProperty UUID) URL: (end)
  3. Hello, I am the owner of this website hosted via Godaddy. I also have Malwarebytes premium which performs regular scheduled scans. I checked my site on Virustotal and it indicated clean. Please assist. Thanks Tony Lacy Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/25/21 Protection Event Time: 2:33 PM Log File: 15c7d9ca-8d77-11eb-9c3f-20cf3064b32a.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1217 Update Package Version: 1.0.38679 License: Premium -System Information- OS: Windows 10 (Build 19041.804) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: nu-ware.com IP Address: 107.180.26.179 Port: 80 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end)
  4. I have Win 10 with MB Premium and after an update this morning I checked with Regedit and found the correct entry so assume MB added it. Good job, thanks ! But still no auto update of KB4056892 from Ms after 3 hours. I'll try installing it manually.
  5. Yeah, I dived in without reading it. Gonna keep out of here now...let them get on with fixing it.
  6. Getting above message, web protection is turned off. If I attempt to turn it on it stays on for less that 1 second and then turns off again. Attempting a scan gives a short scan of < 1 second with all zero results, so not scanning. mbClean and reinstall of MB 3.1.2 did not fix problems. Files attached as required. Thanks mb-check-results.zip FRST.txt Addition.txt
  7. False + ? Been on my system for 10+years. zip retrieved from quarantine, uploaded. psp6Scan3 is from scheduled threat scan, reporting Ransom.FileCryptor.Generic. psp6Scan4 is from a custom scan, reporting no threats Thanks Paint Shop Pro 6.zip psp6SCan3.txt psp6SCan4.txt
  8. I'm sure this is a false positive. It is a .dll used by Paintshop Pro V6, an old XP paint program and the file has been on my system for many years. A check on VirusTotal gave 1/54 positives, the positive being from Malwarebytes. Jpeglib.zip Scanlog.txt
  9. Of course, that is fine. As I said, there is no urgency. Thank you for your help so far.
  10. Hello, I've attached 2 gif files. One is a Process Explorer screenshot of Private Bytes when I it increased after a brief spike of CPU activity. I then set up Microsoft Perfmon.exe to monitor mbamservice Private Bytes useage over a more extended period of nearly 2 hours. PerfMon1.gif is the result. Note the increase from 361,472 K at the start to 373,584 K at the end of the period. Note that after a short spike the Private Bytes value does not always return to its starting value. Some memory is never returned and these memory leaks are cumulative until reboot or Windows gives memory errors. This problem does not occur on the 2 Win 8.1 laptops here. Now I am aware of the problem I can work around it by rebooting every few days. A solution is not urgent for me and I will continue to work with you if you wish.
  11. Hello. This morning I observed mbamservice.exe Private Bytes increase from 479,740 K to 501,478 K while viewing properties in Process Explorer. I have a screen dump of CPU useage, Private Bytes and I/O activity for the service as it happened. I can post the image here if you wish...please let me know your preferred format. Event context: Up from overnight sleep. mbamservice.exe Private Bytes was 326,024 K Ran Firefox web browser. Exited Browser. Ran Second Life viewer (Firestorm.exe). Exited viewer. Ran Reaper (A Digital Audio Workshop that uses dll plugins to emulate musical instruments). Exited Reaper. mbamservice.exe Private Bytes was 479,740 K Put PC to sleep for 10 seconds mbamservice.exe Private Bytes was 479,740 K on startup from short sleep Opened mbamservice.exe properties in Process Explorer and viewed Performance Graph for a few minutes. While watching I saw the Private Value bytes change after a while and I obtained a screen dump. mbamservice.exe Private Bytes was now 501,428 At this time I had no applications running except PaintshopPro opened to save the screendump after the event. I repeated the sleep/startup procedure again and noticed a second smaller increment from 501,428 to 502,600 a few minutes after startup. I also captured this as a screen dump I repeated this sleep/wake procedure several more times while running and exiting applications in between. No further increments occured. As I was typing this the value rose from 501,428 K to 502,920 K. I did not notice this happening. As you can see, it is difficult to replicate this reliably. FYI... in Process Explorer I see I/O activity of 3.4 K from mbamservice.exe at 60 second intervals.
  12. Apart from the memory problem I've not noticed anything unusual about this PC. At the last reboot about 24 hours ago mbamservice.exe Private Bytes was 326,024 K. This morning it is 478,900 K after coming up from overnight sleep.
  13. Windows System C: Check Disk Wininit contents attached. Wininit1.txt
  14. Thanks TwinHeadedEagle, As this does not look like a malware problem I guess you are finished now. I'll look for solutions for the controller error, maybe the driver ? Not sure at this stage. Your beer is waiting :-)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.