Jump to content

mig0

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

713 profile views
  1. Source of file: https://github.com/JustArchiNET/ArchiSteamFarm Started getting this notice on this computer and on another where I run an instance of ASF. I changed the computer name and my computer's user name. MWB 11112020 report.txt
  2. I received an identical message on a copy of a googlechromeportable installer exe i have on 1 of my computers (not the one Im typing on atm), flagged as malware.generic. This file was downloaded February 28.
  3. I installed this extension from chrome a week ago after hearing about it on the PAX subreddit, its an extension to check for when PAX tickets are to go on sale, google store URL is https://chrome.google.com/webstore/detail/pax-ticket-site-auto-laun/baidlhgloneedeeibiiflohiifbaophh I am getting warnings in malware bytes that this is the PUP Web disco. Here's an excerpt of the log files from my app data directory: Folder: 6 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\webimages, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\_metadata, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\webaudio, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\web, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAIDLHGLONEEDEEIBIIFLOHIIFBAOPHH, No Action By User, [12157], [302033],1.0.3015 File: 15 PUP.Optional.WebDisco, \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Preferences, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAIDLHGLONEEDEEIBIIFLOHIIFBAOPHH\1.0.5_0\MANIFEST.JSON, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\web\connectedPopup.html, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\web\disconnectedPopup.html, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\webaudio\master_sword.mp3, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\webimages\connectedIcon.png, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\webimages\disconnectedIcon.png, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\_metadata\verified_contents.json, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\background.js, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\jquery.min.js, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\jquery.signalR-2.2.0.min.js, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\PaxTicketSaleCheckerSignalR.js, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\popup.js, No Action By User, [12157], [302033],1.0.3015 PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\signalRClient.js, No Action By User, [12157], [302033],1.0.3015 Is this legit and this extension is the PUP malware or is this a false positive? Thanks. Uninstalling the extension fixes the problem and the scan yields no other problems.
  4. Well the latest MWB updates fixed the HOSTS issue. I've got another issue I can't quite figure out but I'll resort to a new post on that matter, if I can't find my answer in older posts (appears to be a common problem but this is peculiar).
  5. Ive added a zip file containing a copy of my hosts file and the log. archive.zip
  6. I've updated my MWB to 2016.1.22.09 and it's happening again. My hosts files have entries created by spywarebot anti beacon, even deleting the host file doesn't stop the errors I'm getting.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.