Jump to content

exile360

Experts
  • Content Count

    28,408
  • Joined

  • Last visited

Everything posted by exile360

  1. Greetings, Please make certain that the computer clock is set to the correct time as this is what the software will use to determine when to scan. Also, make certain that the Recover if missed by/Recover missed tasks option is not enabled for your scheduled scans to prevent them from launching as soon as the device is available for scanning if the most recent scheduled scan was missed. Other than those items, I'm not certain what else to check to determine why the scans might be kicking off when they are, but that's where I'd start in trying to track it down. I hope this helps, but if not then you should contact Malwarebytes Business Support by filling out the form on the bottom of this page or taking advantage of the CHAT WITH US option if available at the time.
  2. Greetings, I would suggest excluding each of the program's active/running processes when the program is running/in use to see if that helps. Be sure to exclude them by selecting the Exclude an Application that Connects to the Internet option described in the section of the same name in this support article. That should hopefully resolve it, but if it does not then it may prove helpful to grab a WireShark log of the communication from the app when it's being used to determine exactly what IPs/domains it connects to then excluding each of them using the Exclude a Website option described in the same support article and hopefully that will resolve it.
  3. The button does have an appearance that can make it seem to be grayed out. I have requested that they modify its appearance to be more prominent both to make it stand out more as an active control/button and to be clearer that it is active/isn't grayed out. As long as it looks like the button in the below image then it is actually active, it just doesn't stand out much against the background and doesn't resemble most other controls in the UI which are mostly white with a gray border or blue in color; that light gray they chose for this and a few other controls in the UI really makes it easy to overlook them or for the user to get the impression that they are disabled, at least in my opinion:
  4. Greetings, Based on the wording I suspect that what you saw was actually a block by Malwarebytes' Web Protection component and it was blocking some process from connecting to a known malicious website that is known to be used by Trojans. You should be able to verify this by opening Malwarebytes and navigating to Reports and locating the most recent entry showing a web block entry. Double-click on it and you should be able to see the details including the website that was blocked and the process that tried to connect to it (most likely your web browser). If you still aren't sure you may do the following so that we can take a closer look at what's going on: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply
  5. That makes sense. I'm guessing it was some installer from the web that had some bundled PUP with it; technically harmless, and of course it would have been detected by real-time protection had you tried to execute the file which would have prevented the PUP from being installed in the first place.
  6. Was it an active threat or just a dormant file (like an installer containing a bundled PUP or something similar)? The reason I ask is because any active threat should be detected by the Threat scan, and any dormant threat on any secondary drive or in any location that the Threat scan doesn't check would first have to be executed to present a threat to the system (which is why I suggested using the context menu scan function if you have a tendency to save files from the web on secondary drives etc.). There is also the possibility that it was a false positive, but the only way to know that would be to check the file on VT and/or maybe submit the file to the Research team in the FP area to have them take a look.
  7. The Hyper scan is to do a fast check of the currently running processes in memory as well as known loading points and the registry to quickly determine if the PC might be infected. If the Hyper scan finds anything, it's a good idea to go ahead and perform a Threat scan. Basically the Hyper scan is useful for a really quick check to see if there might be any active infections on the system.
  8. Greetings, Thanks for the suggestion. I definitely like this idea now that we have the My Account web portal to manage licenses/devices. I will submit your proposal to the Product team for review and consideration. Also, just for future reference, any suggestions/feature requests etc. for Malwarebytes 3 should be posted in this area. Please feel free to post if you have any further ideas/suggestions/feedback/feature requests. Thanks
  9. Greetings, You may try to resolve this yourself using the Deactivate or Deactivate all function under your My Account page at My.Malwarebytes.com and you should then be able to reactivate the software on your system again. If that doesn't work then wait for Support to respond to your ticket and they will assist you, but simply deactivating the device currently listed under your account should free it up so that you can use your license key again to get the product reactivated.
  10. You may also find the information on this page to be helpful. It's a good writeup on the differences between traditional antivirus and modern anti-malware.
  11. The Threat scan is recommended because the Research team finds all the locations used by threats in the real world and this is what comprises the Threat scan. It is also dynamic, so whenever a new location is used by malware the Research team can add that new location in a database update (in other words it doesn't require a new Malwarebytes build/version release to change the locations checked by the Threat scan) so it is very efficient. One thing to also keep in mind is that the Threat scan checks all running processes, threads and modules in memory, so even if an active threat were using some new/previously unknown location (even a location on a drive other than C:\) Malwarebytes would still can/detect it because it checks the files for all running processes in memory. Of course Malwarebytes also checks all the usual loading points found on disk and in the registry for startup items, so even if a threat is installed in an unusual location it should still get caught because there is no way off-disk for a piece of malware to load on boot/startup. The only time I would suggest anything beyond the Threat scan would be for cases where you might store downloaded files from the web on another disk, in which case I'd suggest simply right-clicking on that location or the individual file and using the Scan with Malwarebytes option in Explorer to check those items to make sure they're not threats (though even this is optional as long as you've got Malwarebytes Premium as its real-time protection would detect/block/quarantine any such item from any location as soon as you tried to run it).
  12. That is odd; it's supposed to prevent the second activation from happening. You're supposed to get the error message that the license is already in use. You'll probably need to contact Support to find out why that happened and see if there is anything that can be done to prevent it in the future. You may contact them by filling out the form on the bottom of this page. In the meantime I'll be reporting this to the team for review; hopefully it's just a bug and they can get it fixed soon. Please try waiting a few hours and then try to activate the license once more to see if that resolves the issue. If it does not, then please contact Malwarebytes Support by filling out the form on the bottom of this page and they will assist you.
  13. I wanted to let you know that I have written up a feature request based on this thread to ask the Research team to provide some kind of online database to detail why each site is blocked in the Web Protection database. The idea is that when a block occurs, in addition to displaying the information that it currently does, it might also include a clickable link that says something like 'Click here for details' or something similar which, when clicked by the user, would open up a webpage to an online threat database created by the Malwarebytes Web Research team documenting what the malicious content is that is found on the IP/domain/server, why it's dangerous and why it was blocked. I also requested they consider including further details like when the threat was first seen in the wild/when the site was added to the block database etc. With that said, do keep in mind that it isn't up to me so it may not happen; all I can do is put in the request. It will be up to the Product team and Research team to decide whether or not to implement it, as well as how to do so/what it will look like/how it will work, if they do decide to make it happen.
  14. By the way, you should find the information in this support article as well as this support article to be informative on the subject.
  15. Greetings, Once the software has been activated on one machine it can no longer be activated on another until you either deactivate your license on that machine using the Deactivate License button in the Malwarebytes UI, or uninstall the software from that device, or deactivate your license using your account at My.Malwarebytes.com. This means that for someone to try and use your key when it's already in use by you, they would first either have to gain access to your machine to deactivate your key in your copy of the software, or they would have to access your account at My.Malwarebytes.com. This is one of the reasons the My Account/My.Malwarebytes.com license management system was created so that customers such as yourself could have full control over your license keys and devices, monitor where they are installed/activated, and more easily deactivate them to move them to other devices if you ever need to (if, for example you got a new computer and needed to move your license to that new system from your existing system). Before the new My.Malwarebytes.com license management system existed, and especially while multiple activations were still allowed on single device license keys it was much easier for someone to steal another user's license key and use it on their own device without the actual owner knowing about it or being able to do anything about it, but now with the new system you can not only deactivate your key from any device where it has been activated remotely via My.Malwarebytes.com, but now you can also see where the license key has been activated so you can quickly identify whether the active device is your own PC or not.
  16. They don't need to be checked to be active. Anything listed in the Exclusions tab will be excluded. If you still aren't able to reach those sites then you may need to clear your web browser's cache and DNS cache. Sometimes after a site has been blocked and redirected by Malwarebytes, Windows and/or your browser may remember that modified route/connection so that when you attempt to visit the same site again after excluding it in Malwarebytes you still aren't able to reach the site because Windows doesn't route it correctly/make the connection. The only reason checkboxes exist in the Exclusions tab (and any other tab in Malwarebytes) is so that you can select multiple entries at the same time for doing things like deleting multiple entries at once (you'll notice that when you check the boxes next to any of them that the Remove Exclusion button becomes active, and if you check the box next to 2 or more of them that the button changes its text to plural Remove Exclusions instead of just Remove Exclusion).
  17. Greetings, If you have not done so already, please create an account at My.Malwarebytes.com, if possible using the same email address you used when you first purchased your license (assuming you still have access to that email address; if you don't, then just use your current email instead). Instructions on how to do so can be found in this support article. Once that's done, if you don't see your lifetime key listed under your account there, try adding your license as described in this support article. If that was successful, try resetting your licenseusing the Deactivate all function described in this support article and that should reset your lifetime key so that you may activate it again. If that doesn't fix the situation then you will have to work with Malwarebytes Support to get it reset. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks
  18. Thanks. Your logs show that the following items exist in your Exclusions for Malwarebytes. They are all Web Exclusions (i.e. items excluded from the Web Protection component): shop.zverinfo.ru/track/314594180/anons/1200096803/https%253A%252F%252Fvk.com%252Fapp6051158_-52197716%2523MhxDkB?_hash=n272tdBFRH94oZEoV4IyNjl1oDTZpQ6%2Fn%2FDgAiRo5NU%3D stalic.ru/blog onfillm.online stalkerfish.ru/recipes/ Was there anything else you were trying to exclude that is not listed there?
  19. By the way, here are some additional resources about Web Protection that you may find helpful: https://support.malwarebytes.com/docs/DOC-1040 https://blog.malwarebytes.com/101/2016/08/explained-the-malwarebytes-website-protection-module/ https://blog.malwarebytes.com/malwarebytes-news/2013/05/oh-the-sites-you-will-never-see/
  20. They determine whether an IP contains malicious content the same way anyone would. They find malware samples, malicious advertisements, malicious exploits and the like as well as grab the IPs/domains that malware samples (such as Trojans) reach out to and they add them to the database to be blocked. They are then categorized based on the reason for the block, in this case it is categorized as a Trojan. I don't know what level of detail you expect, but I've never seen any security product provide any more detail (and more often than not much less) than Malwarebytes does when they block a malicious website. In this case, Trojan traffic was detected connecting to the site in question, but like I said, if you suspect that it may be a false positive (which you would need to determine based on where the traffic is coming from; there's no way for us to know what sites you're connecting to in your web browser or what the traffic looks like or what you were doing when the block occurred beyond the site that was blocked and the process that was attempting to connect to it; in this case firefox.exe) then you can post in the Website Blocking FP forum to ask them to investigate it, otherwise you can simply trust that Malwarebytes is doing its job to block malicious content and move on. If it were me, I'd probably start with checking each individual site that I had my web browser set to connect to on startup to determine which page contains the content being blocked and go from there. That would be a good place to start to find out precisely where the content actually is and what its purpose is (for example, if it's just an ad on a webpage being blocked as I suspected it may be, or if it is something else).
  21. Greetings, It looks like the upgrade install for the new version didn't complete. Reinstalling it should correct the issue. First, please try downloading and installing the latest build from here. Once that's done, check to verify that Malwarebytes is now working properly. If the problem still persists or it won't install for some reason please let us know and we'll proceed with further steps. Please let me know how it goes. Thanks
  22. Excellent, I'm glad the Support Tool was able to fix the problem. Please let us know if there is anything else we might assist you with. Thanks
  23. Greetings, Please do the following so that we may take a closer look at what is going on with your system to try and solve the problem: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks
  24. I did a search and it looks like www.voxxintl.com is an electronics retailer. I'm guessing they had an advertisement embedded in one of the pages you were visiting and that the IP address being used for their website is also being used by some Trojan(s) for malicious purposes. Unfortunately this is a common problem as the same IP address can host multiple websites/domains, so while www.voxxintl.com may be perfectly safe, other content hosted on the same IP address 174.128.41.178 is likely malicious. When Malwarebytes categorizes a block as Trojan it is generally because it's been observed by Research to be used by some known Trojan(s)/malware for part of its communications (for example, receiving commands from the bad guys or uploading stolen data etc.). If you suspect this to be a false positive you may report it by reviewing the information here as well as here and then create a new thread in the Website Blocking FP area by clicking here. I hope that helps to clear things up. If there is anything else we might assist you with please let us know. Thanks
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.