Jump to content

Spido

Members
  • Posts

    10
  • Joined

  • Last visited

Everything posted by Spido

  1. I had tried posting a false positive, but I got a bit mixed up and reported the wrong thing. I've tried uninstalling and reinstalling Steam and that didn't fix it. However, I just tried clearing the contents of the htmlcache folder like you suggested, and I am no longer receiving any block notifications from Malwarebytes (and yes, it is running). So, I don't think it really was a false positive, just that the problem was in that folder and needed to be removed. I think the problem is resolved now for good, I can't find anything wrong with my system. Thank you very much for all of your help. I plan to take some measures to make sure things like this don't happen to me again.
  2. If you can't find a way to help me get rid of whatever is on my computer, and I need to reformat my hard drive and start from scratch to know it is gone, I understand. It seems to be very well hidden. I have had to do that one other time when I needed to replace my hard drive. It's just a long process that I'm trying to avoid if I can, but I have the means to do it if it comes to that.
  3. I added the m77.dnsqa.me domain to the list of web exclusions, and upon going to the store page I immediately received notifications that several other sites had been blocked, and I got a separate JavaScript pop-up that said my computer must be infected with adware or something similar if I was seeing the pop-up. This JavaScript pop-up is something I had seen a few times before I made this forum post dealing with this problem. I will post the protection log below, the blocks I am referring to are at the bottom. I ran another Malwarebytes scan and it didn't detect anything. Malwarebytes Anti-Malware www.malwarebytes.org Update, 3/22/2016 9:43 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, Update, 3/22/2016 10:15 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, Scan, 3/22/2016 10:18 AM, SYSTEM, SPUDBOX2000, Context, Start:3/22/2016 9:43 AM, Duration:34 min 40 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.21.11, 2016.3.22.4, Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Malware Database, 2016.3.21.6, 2016.3.22.7, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Update, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.22.4, 2016.3.22.5, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Scan, 3/22/2016 11:12 AM, SYSTEM, SPUDBOX2000, Manual, Start:3/22/2016 11:05 AM, Duration:7 min 50 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopping, Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopped, Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49515, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:39 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49576, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:40 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49611, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Update, 3/22/2016 3:54 PM, SYSTEM, SPUDBOX2000, Scheduler, Failed, No Internet connection detected, Update, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Scheduler, Malware Database, 2016.3.22.7, 2016.3.22.8, Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 3:58 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50850, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50850, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50853, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50854, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50855, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 50856, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, IP, 8.34.112.226, ddc.terrestrialthese.com, 50864, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, IP, 8.34.112.226, ddc.terrestrialthese.com, 50864, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 8.34.112.229, jem.recombinantsunengaged.com, 50871, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 8.34.112.229, jem.recombinantsunengaged.com, 50871, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 8.34.112.227, kdv.decipheringwarns.com, 50883, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 4:46 PM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 8.34.112.227, kdv.decipheringwarns.com, 50883, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Scan, 3/22/2016 4:56 PM, SYSTEM, SPUDBOX2000, Manual, Start:3/22/2016 4:49 PM, Duration:7 min 8 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, (end)
  4. Actually, my original issue may not be completely resolved it looks like, so I could be wrong about this post.
  5. When I go to the Steam store page, within the application, Malwarebytes gives me a notification that the domain "m77.dnsqa.me" has been blocked. I spoke with Kevin, and we came to the conclusion that the block is a false positive. I will post the protection log where the block is shown at the bottom, and the VirusTotal scan which shows that the file calling for the domain is valid. I am posting this as a website block FP and not a file FP because Malwarebytes didn't actually detect the file as being malicious. Malwarebytes Anti-Malware www.malwarebytes.org Update, 3/22/2016 9:43 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, Update, 3/22/2016 10:15 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, Scan, 3/22/2016 10:18 AM, SYSTEM, SPUDBOX2000, Context, Start:3/22/2016 9:43 AM, Duration:34 min 40 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.21.11, 2016.3.22.4, Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Malware Database, 2016.3.21.6, 2016.3.22.7, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Update, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.22.4, 2016.3.22.5, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Scan, 3/22/2016 11:12 AM, SYSTEM, SPUDBOX2000, Manual, Start:3/22/2016 11:05 AM, Duration:7 min 50 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopping, Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopped, Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49515, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:39 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49576, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:40 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49611, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, (end) SHA256: 9beef4212db81701212c2398e88403dec3f63a1173bf9b617388e5c6a918e7df File name: steamwebhelper.exe Detection ratio: 0 / 56 Analysis date: 2016-03-22 20:21:32 UTC ( 0 minutes ago ) 0 0 Probably harmless! There are strong indicators suggesting that this file is safe to use. Analysis File detail Relationships Additional information Comments Votes Antivirus Result Update ALYac 20160322 AVG 20160322 AVware 20160322 Ad-Aware 20160322 AegisLab 20160322 Agnitum 20160316 AhnLab-V3 20160322 Alibaba 20160322 Antiy-AVL 20160322 Arcabit 20160322 Avast 20160322 Avira (no cloud) 20160322 Baidu 20160322 Baidu-International 20160322 BitDefender 20160322 Bkav 20160322 ByteHero 20160322 CAT-QuickHeal 20160322 CMC 20160322 ClamAV 20160319 Comodo 20160322 Cyren 20160322 DrWeb 20160322 ESET-NOD32 20160322 Emsisoft 20160322 F-Prot 20160322 F-Secure 20160322 Fortinet 20160322 GData 20160322 Ikarus 20160322 Jiangmin 20160322 K7AntiVirus 20160322 K7GW 20160322 Kaspersky 20160322 Malwarebytes 20160322 McAfee 20160322 McAfee-GW-Edition 20160322 eScan 20160322 Microsoft 20160322 NANO-Antivirus 20160322 Panda 20160322 Qihoo-360 20160322 Rising 20160322 SUPERAntiSpyware 20160322 Sophos 20160322 Symantec 20160322 Tencent 20160322 TheHacker 20160321 TrendMicro 20160322 TrendMicro-HouseCall 20160322 VBA32 20160322 VIPRE 20160322 ViRobot 20160322 Zillya 20160322 Zoner 20160322 nProtect 20160322 There were green check marks filling in the middle column that just don't copy over.
  6. Okay, thanks a lot. The results of the analysis are below. So should I add this domain to Malwarebytes' list of web exclusions and just not worry about it? I think you are probably right that it is fine, because the last time I had opened Steam, I didn't realize Malwarebytes wasn't running, and nothing happened when I went to the Store page, but once I enabled it again it gave me the website blocked notification. SHA256: 9beef4212db81701212c2398e88403dec3f63a1173bf9b617388e5c6a918e7df File name: steamwebhelper.exe Detection ratio: 0 / 56 Analysis date: 2016-03-22 20:21:32 UTC ( 0 minutes ago ) 0 0 Probably harmless! There are strong indicators suggesting that this file is safe to use. Analysis File detail Relationships Additional information Comments Votes Antivirus Result Update ALYac 20160322 AVG 20160322 AVware 20160322 Ad-Aware 20160322 AegisLab 20160322 Agnitum 20160316 AhnLab-V3 20160322 Alibaba 20160322 Antiy-AVL 20160322 Arcabit 20160322 Avast 20160322 Avira (no cloud) 20160322 Baidu 20160322 Baidu-International 20160322 BitDefender 20160322 Bkav 20160322 ByteHero 20160322 CAT-QuickHeal 20160322 CMC 20160322 ClamAV 20160319 Comodo 20160322 Cyren 20160322 DrWeb 20160322 ESET-NOD32 20160322 Emsisoft 20160322 F-Prot 20160322 F-Secure 20160322 Fortinet 20160322 GData 20160322 Ikarus 20160322 Jiangmin 20160322 K7AntiVirus 20160322 K7GW 20160322 Kaspersky 20160322 Malwarebytes 20160322 McAfee 20160322 McAfee-GW-Edition 20160322 eScan 20160322 Microsoft 20160322 NANO-Antivirus 20160322 Panda 20160322 Qihoo-360 20160322 Rising 20160322 SUPERAntiSpyware 20160322 Sophos 20160322 Symantec 20160322 Tencent 20160322 TheHacker 20160321 TrendMicro 20160322 TrendMicro-HouseCall 20160322 VBA32 20160322 VIPRE 20160322 ViRobot 20160322 Zillya 20160322 Zoner 20160322 nProtect 20160322 There were green check marks in the middle column for all of the tests, that just didn't get copied over.
  7. Sure thing, here it is: Malwarebytes Anti-Malware www.malwarebytes.org Update, 3/22/2016 9:43 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, Update, 3/22/2016 10:15 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, Scan, 3/22/2016 10:18 AM, SYSTEM, SPUDBOX2000, Context, Start:3/22/2016 9:43 AM, Duration:34 min 40 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.21.11, 2016.3.22.4, Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Malware Database, 2016.3.21.6, 2016.3.22.7, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Update, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.22.4, 2016.3.22.5, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Scan, 3/22/2016 11:12 AM, SYSTEM, SPUDBOX2000, Manual, Start:3/22/2016 11:05 AM, Duration:7 min 50 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopping, Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopped, Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49515, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:39 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49576, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:40 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49611, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, (end)
  8. I ran the FRST, and it got stuck trying to delete a file, so I terminated it and ran it again as administrator, and then it finished very quickly. The Malwarebytes scan didn't detect anything, but here is the log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 3/22/2016 Scan Time: 11:05 AM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.03.22.07 Rootkit Database: v2016.03.12.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jordan Scan Type: Threat Scan Result: Completed Objects Scanned: 374023 Time Elapsed: 7 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Here is the log from the JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.4 (03.14.2016) Operating System: Windows 7 Home Premium x64 Ran by Jordan (Administrator) on Tue 03/22/2016 at 11:21:21.89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 13 Successfully deleted: C:\Users\Jordan\AppData\Local\crashrpt (Folder) Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) Successfully deleted: C:\Windows\system32\drivers\swdumon.sys (File) Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task) Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CCL0F7G (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLKTI67B (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOWPHI8D (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2L9XPHY (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CCL0F7G (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLKTI67B (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOWPHI8D (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2L9XPHY (Temporary Internet Files Folder) Registry: 4 Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{910B3CBD-EB2B-457B-B4F9-0216EC9BB5AD} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 03/22/2016 at 11:22:25.78 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I then ran the FRST scan again like you said, and thought I might have forgotten to run the JRT as administrator so I ran that again too (even though it looks like I did run it as admin the first time). Here's the log from the second JRT run: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.4 (03.14.2016) Operating System: Windows 7 Home Premium x64 Ran by Jordan (Administrator) on Tue 03/22/2016 at 11:33:47.61 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 2 Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLKTI67B (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLKTI67B (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 03/22/2016 at 11:35:01.56 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ So when I start Steam and go to the store page, Malwarebytes still says that it is blocking this m77.dnsqa.me domain. I think there is still a problem somewhere, because that shouldn't be happening I don't think. FRST.txt Addition.txt
  9. Okay, thank you for getting back to me. Just one problem, I don't see the fixlist.txt file. Perhaps you forgot to include it at the bottom.
  10. I recently found that DNSUnlocker was on my computer. I uninstalled it, and soon started having issues where I would be redirected to unwanted web pages from normal pages in Chrome. I installed the trial version of Malwarebytes and did a scan, and it found 2 malware files and a bunch of PUP files, which I then deleted using the tool. I also ran HitmanPro and Adware Cleaner, which also both found files that I deleted. Now Chrome appears to be working normally, but the instant I open up the "store" page from Steam, Malwarebytes informs me that it has blocked the domain "m77.dnsqa.me". Earlier, when this happened I was redirected to a dell support page where I was told to call a certain number for help because my information was being stolen, but we determined that this was a scam. Basically, for some reason it keeps trying to redirect me to this domain from inside the Steam application (going to the Steam store online doesn't bring up the problem), and nowhere else. I believe that DNSUnlocker hasn't been completely removed, and I need help getting rid of it for good. I have tried uninstalling Steam, but that hasn't fixed it. None of the scans come up with anything at this point. I believe some people have had this problem resolved using the Farbar Recovery Scan Tool, it just looks like I need a specific "fix" file that only someone here can give me, because they are user-specific. This person had a similar problem: https://forums.malwarebytes.org/topic/179404-struggling-with-dnsunlocker/#comment-1022700 I downloaded the tool and did a scan, here are the two resulting files, if anyone is able to help: FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.