Jump to content

Utomo

Members
  • Content Count

    65
  • Joined

  • Last visited

About Utomo

  • Rank
    Regular Member

Recent Profile Visitors

807 profile views
  1. Thank you Exile360 I will wait for tomorrow.
  2. Can you explain more what is the warning ? I think it is good if Malwarebytes can have browser extension to improve the security. example : when we open https://businessguideoffer .com and others sometime we got some attack example from website above is coinhive we need to stop this kind of malware before infect our computer
  3. I want to use new dupeguru from https://dupeguru.voltaicideas.net/ After original author stop developing it. when I check using Virus total I got this But when I check the files using Malwarebytes premium I did not get anything This is the files I test it (Windows 64 bit) https://download.hardcoded.net/dupeguru_win64_4.0.3.exe Please check, is this real ? Thank you
  4. +1 for custome block list I think it can be safer for us. as many hacker try to trick us using more and more advanced technique also better if we can consider block IP Range too
  5. Utomo

    Is Malwarebytes enough? Or do I need AV

    Not enough. until now Malwarebytes can not catch all. some are catch by the antivirus I use both
  6. Utomo

    Shortcut malware ?

    Thanks. But I am afraid if it spread to my computer and I found some security risk which is not detected by malwarebytes as I report above I hope Malwarebytes can improve it
  7. Utomo

    Shortcut malware ?

    Here is the result of roguekiller. Malwarebytes say it is clean RogueKiller V12.11.26.0 (x64) [Nov 27 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.16299) 64 bits version Started in : Normal mode User : Utomo [Administrator] Started from : C:\Users\Utomo\Desktop\1 Malware\RogueKiller_portable64.exe Mode : Scan -- Date : 12/01/2017 08:45:10 (Duration : 00:52:28) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 19 ¤¤¤ [PUP.Gen1] (X64) HKEY_USERS\RK_Utomo_ON_D_150B\Software\Free Media Player -> Found [PUP.Gen1] (X64) HKEY_USERS\RK_Utomo_ON_D_150B\Software\Zugo -> Found [PUP.Gen1] (X86) HKEY_USERS\RK_Utomo_ON_D_150B\Software\Free Media Player -> Found [PUP.Gen1] (X86) HKEY_USERS\RK_Utomo_ON_D_150B\Software\Zugo -> Found [PUM.HomePage] (X64) HKEY_USERS\RK_Utomo_ON_D_150B\Software\Microsoft\Internet Explorer\Main | Start Page : http://wyzo.wyzostart.com/?cfg=2-47-0-0&engine_id=2&provider_id=2&product_id=47&country=ID -> Found [PUM.HomePage] (X86) HKEY_USERS\RK_Utomo_ON_D_150B\Software\Microsoft\Internet Explorer\Main | Start Page : http://wyzo.wyzostart.com/?cfg=2-47-0-0&engine_id=2&provider_id=2&product_id=47&country=ID -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 118.136.64.4 202.73.99.4 202.73.99.2 ([Indonesia][-][-]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_70AC\ControlSet001\Services\Tcpip\Parameters\Interfaces\{06C64660-CB6C-4561-AC78-C6B0BC4E9F48} | DhcpNameServer : 10.20.20.1 8.8.8.8 10.232.0.4 ([][-][]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{949ac5bc-9ec3-49f6-97b3-c55ca812b79f} | DhcpNameServer : 118.136.64.4 202.73.99.4 202.73.99.2 ([Indonesia][-][-]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_70AC\ControlSet002\Services\Tcpip\Parameters\Interfaces\{06C64660-CB6C-4561-AC78-C6B0BC4E9F48} | DhcpNameServer : 10.20.20.1 8.8.8.8 10.232.0.4 ([][-][]) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_70AC\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4250A59E-BBF4-4398-98FF-6A0C58B67969} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Utomo\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Utomo)| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_70AC\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8B07DC07-FE7D-4F70-93AD-25026CF281B1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Utomo\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Utomo)| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {652DC0A2-2827-42AE-8BC0-04DA783EF0F2} : v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE|Name=LogiOptionsMgr.EXE|Desc=LogiOptionsMgr.EXE| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{0CAC408E-97DE-4826-9697-9BC8BBDAEAB4}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe|Name=LogiOptionsMgr.exe (UNICODE)|Desc=LogiOptionsMgr.exe (UNICODE)|Defer=User| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{02CD1A1E-43FA-482A-8C69-289ABEBE157E}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe|Name=LogiOptionsMgr.exe (UNICODE)|Desc=LogiOptionsMgr.exe (UNICODE)|Defer=User| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_70AC\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4250A59E-BBF4-4398-98FF-6A0C58B67969} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Utomo\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Utomo)| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_70AC\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8B07DC07-FE7D-4F70-93AD-25026CF281B1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Utomo\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Utomo)| [x] -> Found [PUM.StartMenu] (X64) HKEY_USERS\RK_Utomo_ON_D_150B\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\RK_Utomo_ON_D_150B\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SanDisk SDSSDXPS240G ATA Device +++++ --- User --- [MBR] 062f1eb9b84f2f9fa0cbb815a3b5e45b [BSP] 82e17c3ce24a84f2dc71685fede2f183 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 228129 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467929088 | Size: 453 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST2000DL003-9VT166 ATA Device +++++ --- User --- [MBR] 14c6c1ef3409c91ced7b28ee8b276abd [BSP] 967d54c8bc65d1de44c3f32234b4dfe1 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 199899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409804800 | Size: 1707628 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
  8. I found shortcut Malware from Flashdisk. malwarebytes already clean it. and I already format the flashdisk. I see a suspicious shortcut I never create it I am not sure that my computer is safe or infected. I already scan it and clean (using malwarebytes premium and Norton 360, all are updated) I also check using rkill and roguekill. any other tools I need to use to make sure that all clean ?
  9. Utomo

    Cryptocurrency Malware

    Thank you. Beside miner malware which stealing our coisn is more dangerous I read few article where it change the wallet address when copy paste the clipboard
  10. Now many Hacker targetting Bitcoin / Cryptocurrency. as it can make Big money Some try to Install malware in our computer such as https://www.cylance.com/en_us/blog/threat-spotlight-cryptocurrency-malware.html I hope malwarebytes pay more attention to this kind of malware
  11. Thank you. I found this https://blog.malwarebytes.com/puppum/2016/08/pup-friday-mackeeper/
  12. Website blocked by Malwarebytes. but Virustotal say No problem example : www.mackeeper.com any explanation about this ? Thank you
  13. Add features to send files to malwarebytes, if we suspect that the files maybe virus/ malware with easily from inside the malwarebytes
  14. Yes sometimes too many pop up warning is not good. Give easy option to hide it but the protection still running
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.