Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by ast

  1. Website blocked due to trojan , Website blocked: warmplace.ru i want download music programm "Virtual Ans" from this site. Malwarbytes blocking this old and often used music site hosted by Mr. Anton Zolotov Can you please check if there a true trojan on this site, false positive? thank you
  2. Many thanks for the very quick answer, have a nice day
  3. Thank you, here are the files in the program directory (except the non-English language files) SuspectedFiles.zip
  4. Hello, "Malwarebytes" has reported the program "Parkcontrol.exe" and "Uninstall.exe" during a scan and requires a reaction from me. The virus scanner "Malwarebytes" asks if this program should be moved to quarantine or not. Program Source https://bitsum.com/parkcontrol/ I assume that this detection via artificial intelligence is false positive, but can you please check this. I am awaiting your instructions on whether or not to instruct Malwarebytes to ignore "Parkcontrol.exe". You never really know, it could be that the AI has actually detected something that shouldn't be. Note: I have translated the message of Malwarebytes below from German to English. Many thanks in advance for a quick answer Best regards from Switzerland: Andres ---------------------MB----------- protocol message ---------from-----Malware.AI------------- -protocol details- Scan date: 03.08.20 Scan time: 02:39 Log file: d4481e0a-d521-11ea-87a2-f4939ff855ed.json -Software data- version: component version: 1.0.990 Version of the update package: 1.0.27841 License: Premium -System data- Operating system: Windows 10 (Build 19041.388) CPU: x64 File system: NTFS User: System -Scan Overview- Scan type: Threat scan Scan started by: Scheduler Result: Closed Scanned objects: 377804 Threats detected: 2 Threats moved to quarantine: 0 Elapsed time: 3 min, 18 sec -Scan Options- Memory: Activated Start: Activated File System: Enabled Archives: Activated Rootkits: Disabled Heuristics: Activated PUP: Recognition PUM: Recognition -Scan-Details- Process: 0 (no malicious elements detected) Module: 0 (no malicious elements detected) Registry key: 1 Malware.AI.1838945012, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ParkControl, No action by user, 1000000, 0, , , , registry value: 0 (no malicious elements detected) Registration data: 0 (no malicious elements detected) Data stream: 0 (no malicious elements detected) Folder: 0 (no malicious items detected) File: 1 Malware.AI.1838945012, C:\PROGRAM FILES\PARKCONTROL\UNINSTALL.EXE, No action by user, 1000000, 0, 1.0.27841, C438FB7B728DACD46D9C12F4, dds, 00835138 Physical sector: 0 (no malicious elements detected) WMI: 0 (no malicious elements detected) (end) Bitsum-Parkcontrol-and-Uninstall-False-Positive.txt
  5. I have repeated messages because the program Portal.exe from UVI contacts Trojan sites by itself. https://www.uvi.net/de/uvi-portal The company UVI claims that this contact search of Portal.exe has to do with my PC because other users would not deliver messages. My question now is, could it be my PC that Portal.exe contacts Trojan sites, so it is my own fault? Note: My PC is protected by Malwarebytes and ESET Antivirus. Portal.exe is the only installed program where Malwarebytes alarms. Portal.exe is often open for hours while downloading UVI because the downloaded files are often very large. The alarm often appears only after a long time and sometimes not at all. -------------- New Trojan Message -protocol details- Date of the protection event: 19.07.20 Time of the protection event: 11:46 Log file: c955e960-c9a4-11ea-beba-0a0027000007.json -Software data- version: component version: 1.0.979 Version of the update package: 1.0.27031 License: Premium -System data- Operating system: Windows 10 (Build 19041.329) CPU: x64 File system: NTFS User: System -details of blocked websites- Malicious website: 1 C:\Program Files (x86)\UVI Portal\UVI Portal.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojans Domain: IP address: port: 53832 Type: Outgoing File: C:\Program Files (x86)\UVI Portal\UVI Portal.exe -------------- Last UVI Support Response A. S. (UVI Support) Jun 11, 2020, 11:45 AM GMT+2 Hi Andres, Our team is still investigating the issue but we are unable to reproduce the problem at the moment, Since we have not received any other tickets reporting a similar problem, my guess is that we are facing an isolated case related somehow to your system. We do not know what could have triggered these alerts in your antivirus but as mentioned we will continue to investigate and keep you posted as soon as we have new information regarding this problem. Have a nice day and feel free to ask if you have any questions. All the best from Paris, Support Team malwarebytes-Trojaner-Message-19-07-2020.txt
  6. Stefan, there is Interesting News about Portal.exe from UVI. The option force "direct download" in Portal.exe is the temporary solution of the problem for myself. But I only got the solution because I was warned by Malwarebytes in time. This shows once again how important it is to have the right tools installed to protect your computer, in this case Malwarebytes 😘 There is quoted unmodified statement from my UVI Support (Email).
  7. @Dashke, IP and Port was called from Portal.exe twice before i has stopped. No other exe on my computer is calling Emotet Addresses. Portal.exe is my problem. malwarebytes-uvi-Portal-website-block.txt malwarebytes-uvi-Portal-website-blocked-secondtime.txt
  8. Until now I have only received a standard answer. I should release the program Portal.exe in the Virus Scanner. 🤧 Currently I am waiting for the answer from the support, I have written that the problem is not Malwarebytes.
  9. Thank you very much for the quick answer, I am very glad I asked here first. This is very worrying for me. Therefore I will inform the support of UVI and ask them why their program "Portal.exe" calls an Emotet Trojan page. I will be happy to publish the answer here when it comes.
  10. Website blocked because Trojan?? activity I think this is false positive, can you please show and deblock it Many peoples used portal.exe from UVI https://www.uvi.net/en/uvi-portal messages from your malwarebyte: -Protokolldetails- Datum des Schutzereignisses: 03.05.20 Uhrzeit des Schutzereignisses: 08:51 Protokolldatei: 7e6ddcd6-8d0a-11ea-b1e8-0a0027000006.json -Softwaredaten- Version: Komponentenversion: 1.0.875 Version des Aktualisierungspakets: 1.0.23348 Lizenz: Premium -Systemdaten- Betriebssystem: Windows 10 (Build 18362.628) CPU: x64 Dateisystem: NTFS Benutzer: System -Einzelheiten zu blockierten Websites- Bösartige Website: 1 , C:\Program Files (x86)\UVI Portal\UVI Portal.exe, Blockiert, -1, -1, 0.0.0 -Website-Daten- Kategorie: Trojaner Domäne: IP-Adresse: Port: 34463 Typ: Ausgehend Datei: C:\Program Files (x86)\UVI Portal\UVI Portal.exe (end)
  11. many thanks 🙃@cli , now it works
  12. thank you for your answere i attached logs and original (restored) quarantined firefox.exe firefox.zip mbst-grab-results.zip
  13. after firefox session on a big music plugin page midnight server want not response futher ( Rob Papen Synthesizers ) Then i going sleep but leave firefox runing open. Then in the morning malwarebytes wanted restarting my Windows 10 Pro 64bit after restart i found this reported: Malwarebytes www.malwarebytes.com -Protokolldetails- Datum des Schutzereignisses: 01.04.20 Uhrzeit des Schutzereignisses: 10:47 Protokolldatei: 6f0dd51c-73f5-11ea-9042-0a0027000006.json -Softwaredaten- Version: Komponentenversion: 1.0.859 Version des Aktualisierungspakets: 1.0.21722 Lizenz: Premium -Systemdaten- Betriebssystem: Windows 10 (Build 18362.628) CPU: x64 Dateisystem: NTFS Benutzer: System -Einzelheiten zu Ransomware- Datei: 1 Malware.Ransom.Agent.Generic, N:\vonW7-Data-H\Programme\Portable\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe, In Quarantäne, 0, 392685, 0.0.0 (end) What should i do now?
  14. Just an important remark, since I was able to solve the problem myself: The automatic installation of the last update (3.3.1) did not work. "Unable to start service" I first had to manually uninstall the program and then reactivate it with my license. Unfortunately, all settings had to be reset. That's not good behavior. I have windows 10 64bit (german settings) pro with latest "fall creators update".
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.