Jump to content

exile360

Experts
  • Content Count

    23,608
  • Joined

  • Last visited

Everything posted by exile360

  1. Greetings, This is happening due to the spam filter used on the forums that blocks content containing links in order to prevent spam posts. You should be able to zip and attach your logs instead and this should allow you to post the requested information without triggering the spam filter.
  2. Greetings, Thanks for the suggestion, I'll see to it that the Product team receives it for consideration. If you have any additional input please let us know as we're always looking for feedback and ideas. Thanks
  3. Yep, ever since 2.0 Malwarebytes has operated based on a service oriented architecture where it relies on a SYSTEM level service to perform all major operations, including not just the protection components and their drivers, but now also scanning as well (which in the 1.x days was an admin level user mode process executed by mbam.exe, but now is run through MBAMService.exe which itself is obviously a service).
  4. Actually, I think it's because Defender (and probably other AVs) are able to spoof user tokens. The trouble with network shares is, by default at least, they don't actually include local admin access (much like trying to scan another user's documents from a different limited user account) so even the SYSTEM account lacks privileged access to network shares, and this is why Malwarebytes can't scan these locations, and even if it could, it wouldn't be able to remove what it finds there due to lacking write access.
  5. The file I linked to isn't infectious, it's just a PUP (Potentially Unwanted Program) installer so you don't have to worry about any of your systems being compromised by it. You just needed something that Malwarebytes would detect in a scan, and that PUP installer fits the bill.
  6. Well that's frustrating. Hopefully you can figure out a reasonable alternative that works so that you can use your HOSTS/block lists without the performance issues. If I come up with any new ideas I'll definitely let you know.
  7. If you look back at older threads you'll find several on the subject from Malwarebytes 1.x to 2.x as well as older versions of 3.x explaining that it doesn't scan network drives due to permissions (it appears to scan, but doesn't actually check the files/folders there and if anything is there that it would normally detect, it doesn't detect it). You can verify this if you wish with one of the older versions of Malwarebytes: https://filehippo.com/download_malwarebytes_3/history/ Install one of the previous versions from the above link, then download a PUP installer such as this one then place it in one of your network shares and try scanning the share to see if it gets detected. You can then place it in another location such as your desktop and scan it with Malwarebytes to verify that it is detected.
  8. Greetings and welcome, Is the option only greyed out for your network drives or is it this way for all files and folders? The reason I ask is because, to my knowledge, Malwarebytes isn't actually able to scan network drives and their contents (though its real-time protection components should be able to detect/stop any threat that executes from those locations as it functions differently if I recall correctly). Please refer to the following threads and in particular the comments from members of the Malwarebytes staff for more info: https://forums.malwarebytes.com/topic/220770-malwarebytes-free-not-scanning-files-on-mapped-drive/?do=findComment&comment=1214838 https://forums.malwarebytes.com/topic/225516-malwarebytes-does-not-scan-all-files-network-drive/?do=findComment&comment=1228143 If anyone from the staff knows better, then please correct me, however I don't believe Malwarebytes 3 can scan network drives due to the way permissions work for network shares which would explain why the option to scan is still present, but greyed out for these locations (likely something the Developers implemented to eliminate confusion since previously I believe it would let you scan those locations, but wouldn't actually check them with the scan; it would just go through the motions as though it were scanning but wouldn't be capable of actually checking the data stored there or detecting any threats within those locations).
  9. You can try this and it may help if more data is needed: Post Event Logs: Please download VEW by Vino Rosso from here and save it to your desktop Double click it to start it Note: If running Windows Vista, 7, 8/8.1 or Windows 10 you will need to right click the file and select Run as administrator and click Yes, Continue or Allow at the User Account Control Prompt. Click the check boxes next to Application and System located under Select log to query on the upper left Under Select type to list on the right, click the boxes next to Error and WarningNote: If running Windows Vista, 7, 8/8.1 or Windows 10 also click the box next to Critical (not XP). Under Number or date of events select Date of Events and type [01] [01] [2017] in the boxes next to From: and type [11] [06] [2018] in the boxes next to To: then click Run Once it finishes it will display a log file in notepad, you may close it and then navigate to the root of C:\ and you'll find a text file called VEW there; move it to your desktop Right-click on the VEW.txt file on your desktop and hover your mouse over Send to and select Compressed (zipped) folder Please attach the VEW.zip file you just created to your next reply
  10. I also discovered this if you want to use the blocklist functionality in DNSCrypt as an alternative to a HOSTS file (blocking custom lists of domains and IP addresses is a built-in feature for DNSCrypt and is something I've used in the past with Simple DNSCrypt before I discovered I could use the Windows Firewall to block custom lists of IP addresses which I did in order to block Microsoft's telemetry servers).
  11. Wow, yeah, I don't blame you there. I don't see any of these issues in Windows 7, but if I did I probably wouldn't continue to use the HOSTS file either. Have you tried HostsServer yet to see if it helps at all? It's supposed to improve performance when using a large HOSTS file, especially when using it with the DNS Client service disabled as it replaces its caching functions. You could attack the problem in a different way by using some alternate means of blocking these sites, such as adding them to the Windows Firewall with Advanced Security rules (in Windows 10; not XP obviously since it doesn't exist there and doesn't support that). You can find info on how to do that here as well as here although I believe that method requires you to block the actual IP addresses of the sites you want blocked, meaning safe sites that share IP addresses/servers with the sites you're blocking will also be blocked (the pitfall of IP blocking tools). There are also other third party tools that can be used for blocking/filtering sites that are reasonable alternatives to the HOSTS file such as (possibly, at least based on my research so far) Privoxy and even Proxifier which you're already using. If you can import the list of domains to block from your HOSTS file into Proxifier then you should be all set, assuming it doesn't cause tons of CPU usage in Firefox once you do. Also, according to this you should be able to do the same with Fiddler and/or Charles Proxy. Honestly though, I think the issue comes down to some kind of problem with the version of Firefox you're forced to use because you're on XP (at least for XP, but the cause could be the same on 10 since you're using the same version of FX there as well), but if one of these alternatives works then you should be all set.
  12. Greetings, I did a quick search (via DuckDuckGo as I don't use Google much these days due to privacy concerns) and discovered that they are considered by many to be an adware vendor so I can definitely understand your concerns. I'm not certain what you can do to eliminate whatever they might have placed on your mobile device, but I did find this information which might prove helpful if you have any PCs affected by their software/site(s). That said, we do offer free, expert malware removal services for Android devices so if you'd like to get your device checked and cleared of any threats you may create a new thread in that area by clicking here and one of our mobile malware removal specialists will assist you directly once one becomes available, or, if you prefer to do so privately you may contact Malwarebytes Support directly for assistance with this issue via one of the options on this page and they should be able to help. I have my own thoughts with regards to privacy on the web, but rather than bombard you with a massive post of my opinions, tools and contextual links to relevant info on the subject, I'll stay on topic and will provide more detailed info in the PC Help and/or General Chat area if you wish to continue that side of the conversation there. Right now I think it's more important to just make sure that your device is clean and to do something about it if it isn't. While you're getting help with your issue, you might also inquire about whether or not the (currently free) beta Malwarebytes browser plugin for Chrome (should work with any Chromium based browser, not just Google Chrome) and Firefox (again, should work with any Firefox/Mozilla based browser) is compatible with mobile devices as you may find it useful in keeping safe online and protecting your privacy (it blocks many ads and trackers in addition to scams, phishing sites and malware servers).
  13. Yes, you could most likely block it by adding each of the following to your HOSTS file: 127.0.0.1 dhl-news.com 127.0.0.1 www.dhl-news.com Alternatively you could use 0.0.0.0 instead of 127.0.0.1 and in theory it might improve performance since it's a null address instead of redirecting to your local machine address (Windows DNS resolver still attempts to connect to the site when 127.0.0.1 is used but just instantly blocks the connection when 0.0.0.0 is used so it can make browsing faster when using a HOSTS file; that's one of the tricks I picked up over the years having used a large HOSTS file myself for a long time now (currently over 1 million blocked sites in my HOSTS file)).
  14. I'm not sure then. I guess it could be some kind of tracker they're using, but there's no way to determine that without asking Corel most likely. Also, while Adblock Plus does block ads, it doesn't necessarily block connections to ad servers since it resides in the browser as a plugin. The Web Protection in Malwarebytes operates in the network stack in the same layer as the Windows Firewall and actually uses the same filtering technology as the Windows Firewall itself (WFP, i.e. the Windows Filtering Platform) so it would see any connection attempt to/from the site going through your internet connection.
  15. I'm guessing that this was a false positive and that the block has been removed so the site shouldn't be blocked any more with the latest database update for Malwarebytes.
  16. It doesn't appear that dhl-news.com actually belongs to DHL. It seems it's just some sort of price comparison service for shipping, so what was blocked was most likely an advertisement on the page you were visiting.
  17. By the way, if you end up not being able to use a HOSTS file but still want to block a lot of the bad stuff on the web in Firefox, including malware, malvertisements, ad trackers, scam sites, phishing sites and more then you might give the new Malwarebytes for Firefox beta plugin a try. It enhances the web blocking capabilities in Malwarebytes Premium, but even without a license for Malwarebytes, it still blocks a lot of undesirable content on the web. If you combine it with something like Adblock Plus or uBlock Origin then you should be able to eliminate a lot of what the HOSTS files would block for you anyway without having to use one.
  18. Don't lose heart, bugfix updates are still going to continue for legacy operating systems (XP & Vista) according to this information:
  19. I'm not sure what it is then. When I use Firefox, even with my massive HOSTS file, it doesn't use much CPU at all except when I'm loading a page, but after that it drops back down to 0. It might be something specific to Firefox in Windows 10 but I can't test that since I'm using Windows 7.
  20. Do you mean an option to exclude something from the Reports tab? In my opinion that would be even more tedious because of the way they're labeled. You can't easily determine where a specific detected item is: You see what I mean? Each item is labeled so generically that it is difficult to determine where a specific detection is, especially if you don't remember exactly when it was blocked/detected. If it's a specific file or folder that you want to exclude, then you can just use the Browse... button in the Add Exclusion dialog or you can even change the setting for Automatic Quarantine to Off so that you are asked what to do whenever a file/process is detected by real-time protection and you can exclude it as soon as it is detected if you wish: To be clear, I'm not necessarily saying that they shouldn't add an option to exclude items from reports, just that I don't think it's the most efficient way to handle it. Also, if an item you're excluding is a false positive then it's possible that it could be corrected in a future update which negates the need for an exclusion, though that's not as likely obviously.
  21. Interesting, then it likely isn't the DNS Client service. Can you try resetting the HOSTS file to default/normal to see if the issue goes away? Also, if you open Task Manager and locate the instance of svchost.exe using the CPU, right-click on it and select Go to Service(s) and make a note of all of the highlighted services in the list. Hopefully that will help us narrow down where the CPU spikes are coming from.
  22. Please be sure to look for it again the next time you restart your system as it may return, but hopefully the issue is gone for good.
  23. My apologies if I came off as rude, that was not my intention. The information should be listed in your purchase email which contained your license key when you made your purchase. If you no longer have that email then you can either check your purchase history on your payment method that you used for the purchase or worse comes to worse you may contact each of them and they can look up the information for you, and the one that handled your purchase will let you know. Had I known that you did not know who handled your original purchase then I would have explained that, but you simply asked how to cancel the autorenewal which was why I pointed you to the article. If you'd have told me that you weren't sure which one of them handled it, I would have pointed you in a different direction so again, my apologies if I made too many assumptions but I didn't see anything in your initial posts about not knowing which of them handled your purchase, just that you wanted to know how to cancel the autorenewal. Other than that of course you may contact Support directly as instructed by dcollins above and they can assist you further.
  24. By the way, if you're using an antivirus and haven't excluded your HOSTS file from being scanned, that could also be the reason, as could a software firewall if you're using one (other than the built in Windows Firewall).
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.