Jump to content

brucemc777

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

1 Neutral
  1. In that my confusion has been solved, is there somewhere i should mark this thread as "Solved"? As i don't see it, i doubt this forum uses that, but if i am supposed to and am just being a bit blind, i don't want to not do what i am supposed to do!
  2. Thank you! I did have "expert" on; it seemed to me that even if it possibly slowed my system and/or scans down a bit, to use "expert" would always be better than just plain average... Though i am a little confused, it is off now-
  3. mwb02.pdfmwb01.pdfavcprodrm.zip Here they are! Thank you-
  4. It's been a long time since i had this issue. MWB quarantined a file based on heuristics. How do i send that file to MWB for analysis?
  5. Well, i am not used to sending a heart icon to just anybody (usually just my wife and daughters...), but i did want to thank you for your reply!
  6. Recently when using P2P i ran into a website blocked due to a believed trojan bing present (and for all purposes, i default to believing the warning also). 1) Since the website is being accessed for reasons of the P2P and not opened in a browser, is the presumed correct trojan truly a threat? If when accessed via P2P the trojan is not a threat: When i go to "Detection History|History" the website is shown. Upon hovering over the line item, there are three icons (it'd be nice if they also had tooltips, just saying...). The three are the eyeball (gives details), the Download symbol (presumably to download and store the detail summary) and a Trash Can (to delete the specific item from the report). 2) Why is there no icon to provide a direct means of adding the flagged site to my internal "Allow List"? Seems to me to be a no-brainer, rather than having to copy information myself, then go to the Allow page and re-enter all the same information, but i suspect someone smarter than i made a conscious decision not to provide this faculty. Thank you!
  7. My friend is running on a VISTA OS based computer since his W10 computer was trashed by a tech support scam last week and that computer can not go online. I want to get MWB onto his W10 (trashed) computer, but when he tries to download MWB to his VISTA computer so he can then copy to a USB "thumb" drive and load onto the trashed W10 computer, the process is killed as MWB detects the old VISTA OS and refuses. I am guessing we are dealing with a stub and detection to bring in the correct balance of MWB. How can either he or i download the full installation for a W10 computer so we can get it onto a USB "thumb" drive and then onto the trashed computer? Many Thanks!!!
  8. I quite well agree that direct contact would be optimal, and would help avoid any problems in relaying information, and who knows, maybe talking to one of your people would get him off that dang McAffee and also on to MWB... I fear that trying to convince him to make a general post is not going to be met with much success. May i ask by what means i could have him contact your help-desk? Every time i have done so (and there have been more than several) it has been through a link within MWB-
  9. I've got a friend... No, really! Anyway, he has a PC and for some reason uses McAffee AV. When trying to upgrade the McAffee he somehow became prey to one of those pop-up call support scams. He called and allowed the person access. After a while he figured out something was amiss and rattled off some impolite words to the scammer. Yeah, brilliant, while the computer is still connected to a remote operator... He now can not connect to the internet. When he called McAffee support, they said they could not do anything without an internet connection (translation: we are a boiler-room pretend support site and WILL not help you without an internet connection because we have no clue what to do otherwise.) He and i are about a thousand miles apart, so i was trying to walk him through some pretty basic trouble shooting in the dark. The OS is Windows 10. Tried first connecting to his modem. He is with Comcast so i had him open a browser and point it to 10.0.0.1 but got an error message saying it could not connect, and i think, no connection was present. He is able to connect to the internet with another computer, a bit of a dinosaur, through the same switch, but he is way to obstinate to try to get him to go to a support website and post - matter of fact, his best contemplated solution is to buy a new computer. Next we tried the Windows network connections troubleshooter, but it was not able to run due to an error. Then i had him open services.msc and put bits on automatic and start it, Cryptographic Services on auto and start and Windows Update on auto and run, then we opened up an admin cmd window and tried ipconfig /flushdns but this failed. I had him restart the computer and tried to flush the dns cache again, but that once again failed. So that is what we have tried, right or wrong. Would someone who actually knows what they are doing (in other words, not me...) give me some step by step guidance here so i can try to walk him through on the phone? Thank-you very much!
  10. Thank-you Ron! I am a little confused given I had done each of these prior, but I suspect that what we want is to get a series of scans without allowing FireFox to run a synch. If this is what I am to try to accomplish, would it be as good if I did an uninstall, deleted the Mozilla directories in \ProgramFiles\ and \ProgramFiles (86)\ , and in my area (bem) for C:\Users\bem\AppData, then click on your link, install fresh, not log in to synch, and then run the scans? Then if that comes up clean start loading the extensions from my list one at a time, and if no improper behavior shows up see if re-engaging synch causes the problem? - Just want to give you what you need, as sometimes I think I am helping but cause more trouble!
  11. I was having problems with website loading and memory abuse with my upgrade to Firefox (FF) 57, so I tried the beta; still had problems. I posted to the FF forums and was advised to uninstall, delete directories, and reinstall 57 from a verified Mozilla link. I deleted everything, including folders in AppData, then reinstalled, after verifying that it did indeed direct me to https://www.mozilla.org/firefox/all Upon starting the newly installed FireFox (where "installed" includes the automatic running of FF synch - I am not absolutely positive, but I believe the mal-behavior only started once I had entered my credentials into FF synch) I was inundated with malware in my browser (some example screenshots are attached hereto). One screen claimed it was from Windows Defender stating that I had the Zeus virus and provided a phone number to call for help (I apparently am stupid, but not that stupid). On most of my synchronization restorations, the main portion of the top one fourth of my screen showed an unfamiliar button to "Start" my re-installations which I also note does not show if I go to those sites now. These redirected me to multiple CrapWare sites. That shot of "From Doc to PDF" screenshot was one of the CRAPware sites. The FoxClocks site shows the unfamiliar button which appeared on most of my screens during the update to synched addons, the Office Works screen is another CRAPware screen, and the last is the spoofed Defender Zeus infection claim. The MalwareBytes report and FRST scan reports are attached. As it might be relevant, I have also included a list of the shown addons from FF (due to my suspicion that the behavior might have started when this version of FF started synching with the other computer). I do use Defender for normal daily AV and Malwarebytes Premium. I subsequently also ran Eset's online scanner, AdwCleaner, HitmanPro and SpyBot. Nothing was detected other than minimal threats such as cookies. Thank-you very much for your expertise. This has me very confused for normally I am paranoid and have rarely knowingly run into this kind of problem except when a daughter (I have four) have used my computer and did something against my typical warnings. What is just as strange is that this specific behavior has never happened prior to the re-installation of FF and since the initial event has never occurred again to any degree. MWB171223.txt MWB171222.txt FRST.txt Addition.txt Shortcut.txt FFAddins.txt
  12. @John L. Galt - I thought this sort of critter was alien to VirusTotal and a specialty of MWB so I frankly didn't even think of sending it through there mill! Thanks for having a look. I do use CopyTrans a lot, not only for transferring music to my phone but also archiving all my SMS, so when I ran into this recently I was rather concerned. Much appreciation of the fast review! @1PW - Here y'all go- It was a bit of a trick, as I first tried just stopping protection and exiting the program but it still refused to archive a couple files (claiming "in use"), but finally copying them to alternate temp directories I was able to comply- didn't think an empty log file would do you much good... MBAMSERVICE - Copy.zip Malwarebytes Anti-Ransomware.zip
  13. AntiRansomware 6 is flagging the attached as ransomware; would someone be so kind as to review and advise? As I do not know if it is a false-positive or not I am hopeful that I am posting this properly, and PLEASE don't experiment with the attached unless you know what you are doing! I don't want to be the "Typhoid Mary" of the forum! CopyTransDriversInstallerv2.037(1).zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.