Jump to content

MrJBK

Members
  • Content Count

    19
  • Joined

  • Last visited

Community Reputation

0 Neutral

About MrJBK

  • Rank
    New Member

Recent Profile Visitors

394 profile views
  1. Pretty sure it was on default settings to begin with. The only way it works is if I disable the VBA7 exploit, which is what I indicated in my very first post.
  2. Hi Exile, exploit block txt file and support tool .zip files attached. MBAM vba7 exploit history log item 20200921.txt mbst-grab-results.zip
  3. I have a number of .xls files that have macros. Two of them are loaded at excel start-up. Both were able to load with no complaints. Today, MBAM did an update, and now both are being flagged, and it shuts down Excel immediately. I was able to get past the problem on the first xls file that loads (this is in my Xlstart folder), by adding it to the "Allow" list. The first file (macros1opener.xls) opens macros1.xls. Although I also added macros1.xls to the Allow list, it still triggered the "Exploit Office VBA Abuse" block. I have managed to override this by disabling Office VB
  4. Hi Maurice, Thanks so much for the confirmation and guidance, and your forbearance through this case. I think you've given me enough ammunition so that I can defend against the attacks. For the moment, I'll use the following strategy: 1. Until I need to have Remote Desktop running, I'm turning it off. 2. I have pulled all of the IP addresses from the 524 .json files in [C:\ProgramData\Malwarebytes\MBAMService\MwacDetections] and used VBA in Excel to create a manageable list to use for blocking... I was going to add them to the block list, but since there are almost 1
  5. Hi Geoff, Thanks for your input. I just read this article: https://tweaks.com/windows/50743/change-remote-desktop-rdp-port/ which kind of explains why there might be so many inbound attacks being flagged by MBAM. It also has a more thorough explanation of how to change the port in Win 10 (there is no setting... it has to be done through the registry). It also describes what needs to be done if I'm trying to connect to remote desktop from the RDP client... which is essential. What's really odd about this problem is that I have another Win10 computer with MBAM which is not sh
  6. Hi Maurice, I re-enabled Remote Desktop, and sure enough, I started getting MBAM alerts : I also did some searching and found this post: which sure sounds exactly like what I'm getting. I've disabled Remote Desktop again, and, of course, the alerts stopped. So this problem has everything to do with Remote Desktop being enabled. I'm guessing that something changed in MBAM, since the post above seems to have started around the same time I saw the same problem. I use Remote Desktop from time to time, especially when I'm travelling (which I haven't been l
  7. the block events ended ... but I think it's because I disabled Remote Desktop... I've completed the TrendMicro scan. It only found 1 threat... which I think is in the recycle bin... I'd like to re-enable Remote Desktop and see if the events re-appear. I'll try that now after rebooting, and let you know what happens tomorrow. Thanks again!
  8. Attached is the MBAM scan results. Again, nothing found. MBAM Scanner report 20200510.txt
  9. Hi Maurice, OK... Attached is the scan result from the Microsoft Safety Scanner. I ran it only on my C drive (500G SSD). My D drive is big (1TB), (nothing from D is ever loaded into memory). Scanning D takes a long time. Other than this forum, I'm not doing anything with the web today. msert.log
  10. Oh... I forgot to mention... one of the things I did last night was to disable Remote Desktop, with the thought that maybe some bad actors were trying to come in through that door, which may have been causing the MBAM warnings. I will re-enable it later today after I do the scans that you're suggesting and let you know if the warnings come back. I guess I shouldn't have done 2 things at once. Makes it difficult to determine which one was the root cause.
  11. Hi Maurice, Ran ESET overnight. Attached is the log of what it found. The files on the D drive are old installers and I think many are false positives. In any event, they are never run. I re-enabled notifications in MBAM, and I'm not seeing the pop-ups anymore. After sending this post I'll reboot and see if things are still well-behaved as the day progresses. I truly appreciate the time and energy you've put into this! ESET scan log.txt
  12. I already did a full offline scan today. It came up with nothing.
  13. I've had the notice show up even when my browser is closed.. wasn't playing online games. All my messaging apps were closed. I had already set MBAM to hide notifications when Chrome is full screen. I have now set the "Show notifications in the Windows notification area" to off. Still don't know why it's detecting all of these events, though. It's a little worrisome. It makes me think that there's some kind of malware that's inviting attacks. One of the things I will try is to disable remote desktop hosting and see if it stops. If you have any other ideas... I'm o
  14. Hi Maurice, Thanks so much for the fast response. Attached is the mbst-grab-results.zip file mbst-grab-results.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.