Zzyzx
-
Posts
22 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Zzyzx
-
Hello @LiquidTension, Sorry for the late reply. I didn't realize the notifications were getting marked as spam in Gmail. This issue was only happening with both enabled, and everything was freezing, the mouse would still move, but it was otherwise unresponsive for a few seconds. With the 1.0.627 Component Package, this issue has been resolved for me. Thanks for your help and the quick response! -
Sorry, I misspoke slightly. I have web, exploit, malware and ransomware protection enabled, while I have the self-protection module disabled, and everything is fine. Similarly, if I have web, exploit, malware and self-protection enabled, while I have the ransomware protection disabled, everything is fine. It is only when both ransomware and self-protection enabled that the microfreezes/stuttering occurs.
-
Greetings, I am using MBAM 3.8.3.2965 with component version 1.0.625 and update package version 1.0.12563, which is showing up-to-date for me as of this post. This is on Windows 10 1809 Build 17763.737, and I have no available Windows Updates at this time. Starting around Monday (9/16), I began to have issues with my computer just freezing for maybe 5-15 seconds every few minutes, which is very frustrating and annoying. This is definitely a very recent issue, so perhaps something was changed with an update in the last day or two; I think with the update to component version 1.0.625. I found that if I exited MBAM, the issue seemed to vanish. By process of elimination, it seems it's the ransomware protection in conjunction with the self-protection module that seems to be causing the issue, because I still have web, exploit, and malware protection enabled now with the self-protection module disabled, and everything is fine. I ran the MB support app, version 1.5.1.681 to repair MBAM, but it did not help. I have attached the logs from the MB support tool in case they are of any help. If you need any further information, please don't hesitate to ask! Best, Zzyzx mbst-grab-results.zip
-
Bobby3.com, a site I download Visio templates from was blocked when I tried to update them today. Not sure why. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/23/19 Protection Event Time: 10:31 AM Log File: e08a0d34-3790-11e9-bb0d-005056c00001.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9406 License: Premium -System Information- OS: Windows 10 (Build 17134.590) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: bobby3.com IP Address: 66.147.244.96 Port: [52596] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
-
Hey, I got a response from the webmaster. Can you tell me if anything shows up on the site now? Best, Zzyzx
-
Weird. I'll try to get in touch with the webmaster and see if they can get it removed. Thanks!
-
Greetings, I think this is a false positive, as I've never seen any sort of phishing activity on the PQ website. Just a silly game to play. You can see more info by pulling up Progress Quest on Wikipedia as well. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/27/18 Protection Event Time: 4:26 PM Log File: ab7bb2aa-aa50-11e8-8042-005056c00001.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.421 Update Package Version: 1.0.6529 License: Premium -System Information- OS: Windows 10 (Build 17134.228) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Phishing Domain: progressquest.com IP Address: 173.230.140.86 Port: [65402] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) Best, Zzyzx
-
I have sent the requested logs via PM.
-
Yes. Like so:
-
Greetings, I am on 1803 build 17134.167 with Malwarebytes 3.5.1.2522 with component package 1.0.391 and update package 1.0.6113, and I am having the server connectivity blocked issue whenever web protection is enabled with no events being logged. If there is any information I can provide that will help in fixing this issue again, please let me know. Best, Zzyzx
-
Greetings, For some reason, the news site, Salon.com is blocked, and I'm not sure why, since it's a legitimate news site. You can see more info about it on Wikipedia: hxxps://en.wikipedia.org/wiki/Salon_(website) Here is the protection log: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/18/18 Protection Event Time: 2:01 PM Log File: cc50677a-733a-11e8-99a1-005056c00001.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5530 License: Premium -System Information- OS: Windows 10 (Build 17134.112) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: RiskWare Domain: www.salon.com IP Address: 151.101.1.167 Port: [61616] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) Best, Zzyzx
-
Greetings, I've noticed that this morning, Malwarebytes has started blocking this IP for Gaijin's War Thunder launcher, a game distributed through Steam. Please see the relevant log file below. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/10/18 Protection Event Time: 6:40 AM Log File: a425d2aa-5457-11e8-93e9-005056c00001.json Administrator: Yes -Software Information- Version: 3.4.5.2467 Components Version: 1.0.342 Update Package Version: 1.0.5054 License: Premium -System Information- OS: Windows 10 (Build 16299.431) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Malware Domain: IP Address: 193.23.181.144 Port: [51939] Type: Outbound File: C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (end) Thanks for your help, Zzyzx
-
Thanks for looking into this!
-
Thanks for the quick follow-up!
-
Greetings, I noticed that while accessing ballotpedia.org that I got blocking notices for magic.piktochart, a sub-domain of piktochart.com, an infographics site that isn't blocked itself. Could this possibly be in error? Please see the log below: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/8/18 Protection Event Time: 7:23 AM Log File: aad0498c-0cdb-11e8-a8d5-005056c00001.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3900 License: Premium -System Information- OS: Windows 10 (Build 16299.192) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Unspecified Domain: magic.piktochart.com IP Address: 104.25.200.10 Port: [50156] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) Best, Zzyzx
-
Greetings, For some reason, this IP (217.23.187.143) used by the game War Thunder launcher/updater, a Gaijin Entertainment game distributed by Steam is being blocked as a malicious website. Please see the log below: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/8/18 Protection Event Time: 2:25 AM Log File: fd0cdce4-0cb1-11e8-87d1-005056c00001.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3897 License: Premium -System Information- OS: Windows 10 (Build 16299.192) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Unspecified Domain: IP Address: 217.23.187.143 Port: [54041] Type: Outbound File: C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (end) Thanks for your help, Zzyzx
-
Greetings, I have noticed over the last few days that both NE-1 and NE-2 on AWS are blocked for some reason, specifically: s3-ap-northeast-1.amazonaws.com s3-ap-northeast-2.amazonaws.com NE-1 was from something in Chrome, while NE-2 was actually while Samsung Magician was trying to download an update. Here are the logs for both: Northeast-1: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 12/5/17 Protection Event Time: 6:46 PM Log File: 4df8b71c-da27-11e7-ad9c-005056c00001.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3419 License: Premium -System Information- OS: Windows 10 (Build 16299.64) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: s3-ap-northeast-1.amazonaws.com IP Address: 52.219.0.88 Port: [50666] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) Northeast-2: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 12/9/17 Protection Event Time: 2:07 AM Log File: 55dff026-dcc0-11e7-ab36-005056c00001.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3450 License: Premium -System Information- OS: Windows 10 (Build 16299.64) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: s3.ap-northeast-2.amazonaws.com IP Address: 52.219.58.4 Port: [58889] Type: Outbound File: C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (end) Thanks for your help, Zzyzx
-
Oh, I don't know if this makes any difference, but it's Winamp 5.666 Build 3516 (http://forums.winamp.com/showthread.php?t=374929#download.) It's been working fine for some time, and I've been running both that version of Winamp and MBAM for a long time without any issue.
-
Greetings, Just today, MBAM started shutting down Winamp until I added an exception for it: Here is the log file for the event: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/7/17 Protection Event Time: 8:55 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1890 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [-1],0.0.0 -Exploit Data- Affected Application: Winamp Player Protection Layer: Malicious Memory Protection Protection Technique: Exploit code executing from Heap memory blocked File Name: URL: (end) I have also attached the log files from C:\ProgramData\Malwarebytes\MBAMService\logs\ and FRST64. Cheers, Zzyzx mbam-winamp-false-positive.7z
-
cdn.discordapp.com is how Discord distributes any files users share with each other, including images and other files, so it's more than likely someone just shared something bad with another user. I'm still getting it blocked on 2017.1.15.4. To work around it for now, you can go to MBAM > Settings > Web Exclusions > Add Domain and add cdn.discordapp.com. If this isn't unblocked, then images and files will not work at all in Discord. This really needs to be unblocked. mbam - discord.txt
-
Thanks, Tammy! Appreciate the quick fix!
-
Good Evening, For some reason when I got home from work, my computer was showing that two files from UltraVNC were "RiskWare.WinVNC." I've had this installed for a very long time, and it's never come up before, so I wanted to see if this was a false positive. I know VNC could possibly used for malicious things, but by and large, its uses are legitimate. Thanks, Zzyzx mbam-log-2016-09-20.txt vncviewer.zip
