[Can you check this website?]

The website

https://www.telecupole.com

is blocked by Malwarebytes Browser Guard for Firefox

I attach lock screen

I attach VirusTotal link

https://www.virustotal.com/gui/url/f7f82e133d8079f20553e4701332014f7f4026e5f76108a94923b41cfb776175/detection

On VirusTotal 5 security vendors flagged this URL as malicious

Specifically they are:

• Clean MX
• Forcepoint ThreatSeeker
• Webroot
• CyRadar
• Fortinet

This is the website of an Italian regional television channel in Piedmont (Italy)

I attach Body SHA-256 Virus Total

cf30b2bc861a449fc72ea0c2d5f64f38de1d89fa2e2afda023be5e226642d062

Could it be a false positive or is it really dangerous?

Thank you

Good evening

Massimiliano

[Possible FP on files]

Already done on Friday evening, as you advised me before split the discussion.

He disabled the experimental function.

He restored the files so that you could have them analyzed

At this point I would just like to know if the two files are dangerous and if it is better to permanently remove them without risking damaging the system or some application.

[Possible FP on files]

Detection history follows

In this screenshot you can see it better

Following the instructions you gave me, the person concerned did the restore and zipped them and she made me have them to be able to post them here on the forum

 

[Malwarebytes for Mac 4.10]

Quote

On 6/12/2021 at 1:22 PM, Xauma 95 said:

I've installed the lastest version and it asked me to install rosetta, but when i look the activity monitor it says malwarebytes is apple class, did something went wrong or it was normal?

On 6/12/2021 at 6:54 PM, Xauma95 said:

Still wondering why it asked me to install Rosetta as this version of malwarebytes is universal and on my activity monitor says apple class.

On 6/13/2021 at 4:31 AM Alvarnell said:

Possibly because there is a component that is not the app executable itself that hasn't been made universal yet. Something the coders will need to look into.

@treed , or another staff member, can you explain why?

Thanks

[Malwarebytes for Mac 4.10]

22 minutes ago, Xauma95 said:

Ok, thanks. One more question, the 2 layers of protection (malware and app block) are inside RTProtectionDaemon process or is there any other process i should have?

I'm inside RTProtectionDaemon which is supposed to handle the scan as well

[Malwarebytes for Mac 4.10]

The only two I've used are ka-block! and 1Blocker (I only use Safari) and I've never had any such problems

[Malwarebytes for Mac 4.10]

Just now, Xauma95 said:

Still wondering why it asked me to install Rosetta as this version of malwarebytes is universal and on my activity monitor says apple class.

This can only be said by a member of staff

[Malwarebytes for Mac 4.10]

4 minutes ago, Xauma95 said:

I can't find any report about definition updates, maybe because i just installed malwarebytes today and can't see what version i have, i only know malwarebytes version 4.10.4

That's exactly how I wrote you. Something must have changed in the last two versions.
You will surely see it on the first available update. However, it is not certain that it will be released this month

You can rest assured. With Malwarebytes and a good ad blocker you are more than protected on the Mac.

If you use Chrome (or its derivatives) or Firefox you can use Malwarebytes Browser Guard (which is free) Malwarebytes Browser Guard
On Safari there is (always free) ka-block! (or 1blocker if budget permits which has a lot more features - I use this and I'm fine with it but if I were you, I would download ka-block for the time being! because the free Malwarebytes extension will be released soon, although not c 'is still a precise date; it can still be combined with 1blocker for those like me who have already bought it)

[Malwarebytes for Mac 4.10]

Up to Intel-only versions when you installed Malwarebytes the definitions were updated and you could see them.
Now this doesn't happen anymore, probably when you download the installer it already contains the updated definitions (but I'm not sure).
As soon as they are updated (now there should be version 4.0.547 of 05/27/2021 - I keep a text file where at each update I take a note - if I have not forgotten to mark it but at most it could be one more version) you can see in the survey history -> Report tab. I mark it on a file precisely because I clean old reports from time to time.

However, consider that if on Windows they are updated several times a day on macOS this does not happen because the total of Malware existing for macOS (since 2001) perhaps corresponds approximately to the number of malware produced in an hour for Windows.
On macOS 1 new malware in a month is already to be considered a particularly exceptional situation. @treed, @adas or another staff memberwill be able to clarify you better.

Malwarebytes on my Mac is set up like this (see screenshots)
Enabling betas is a very personal choice. One scheduled scan per day is enough, doing it every 12 hours is my personal preference

[Malwarebytes for Mac 4.10]

Unfortunately I can't tell you, as in my case Rosetta2 had already been installed previously for the various apps that I still had x86 including the old versions of Malwarebytes up to 4.8.12 inclusive (which were only x86).

@treed please, can help @Xauma95 ?

Thanks

[Possible FP on files]

40 minutes ago, Porthos said:

Restore them and zip them up and attach so staff can check out.

Here are the two files. The zipped file is freely unpackable

Suspicious Files.zip

42 minutes ago, Porthos said:

Could you grab a log from the web block.

For this it will take a few days until he returns to the area; in the meantime, explain to me what you need and as soon as possible I upload them to the forum

[Request information about blocked threats]

3 minutes ago, Porthos said:

Are you remote accessing the PC?

No, but by contacting her for the two executables, I can know when she is back in the area and update you on the matter. Give me a few minutes

[Request information about blocked threats]

1 minute ago, Porthos said:

You personally are a Mac user correct?

I use both systems (I have used Windows for many years - and still have a PC that I use very little, but for several years now I have preferred the Mac and Apple products in general)

[Request information about blocked threats]

1 minute ago, Porthos said:

Restore them and zip them up and attach so staff can check out.

As for the two files, it is simpler, and I can do it by driving it over the phone

[Request information about blocked threats]

3 minutes ago, Porthos said:

Could you grab a log from the web block.

How should it be done?

Because, not being able to access the PC, for a few days, it could become complicated as the person concerned is not particularly computer savvy

[Request information about blocked threats]

Ok. I tell her to disable it

For those two files it is better to restore them from the Quarantine, in your opinion, given the names?

[Request information about blocked threats]

Just now, Porthos said:

These are found because you have

Use expert system algorithms to identify malicious files" enabled? It is located in Settings > Security> Scan option.

Should she disable it or keep it enabled?

[Request information about blocked threats]

Malwarebytes made the following blocks on the PC of a relative of mine (See screenshot) so she asked me for help

The first two executable files, which are in quarantine are:

• C:\users\user\AppData\Local\Microsoft\WindowsINetCache\IE\EWO26025\G2MCoreInstExtractor\_19709_19584[1].exe
• C:\users\user\AppData\Local\Microsoft\WindowsINetCache\IE\KOKRTQIU\G2MCoreInstExtractor\_19228_18962[1].exe

The site was then blocked 

www.campagnamica.it

which is a site linked to Coldiretti (association of Italian growers)

This is the response of VirusTotal  

This domain has also been blocked several times

v4clientoss-cn-hangzhou.aliyuncs.com

This is the response of VirusTotal

Can you tell me if they are false positives or if they are a risk?

At the moment I am unable to make any access to that PC because it is several kilometers away from me

I await an answer on the matter and in the meantime thank you

Have a nice weekend

Massimiliano

I notice that Malwarebytes is missing from VirusTotal for URL scanning? It's normal?

@AdvancedSetup If it is not in the correct section, please postpone the discussion

[Malwarebytes for Mac 4.10]

2 hours ago, Xauma95 said:

Ok thanks, do you know if i can transfer my windows licence to my mac?

If you have a subscription license for one machine, you must first deactivate it on your PC and then activate it on your new Mac.
If the PC is no longer usable, you can deactivate it from your account on the my.malwarebytes.com website

On Windows it is deactivated from Malwarebytes settings-> account tab. On Mac you activate it at the same time as installation or later from the account settings tab.

ATTENTION. If yours was an old license of the LIFETIME type, this can be used forever, but only with the Windows operating system, and in that case you must purchase a new subscription key (1 machine about 40 € / year; with more machines you see the savings)

[Malwarebytes for Mac 4.10]

2 minutes ago, Xauma95 said:

Are those versions stable or beta? Sorry i haven't tried MBAM yet on my new mac because i was waiting for a native m1 version

Both are stable versions.
Version 4.10.4 is currently downloaded from the site (Link to download it)

[Malwarebytes for Mac 4.10]

11 minutes ago, Xauma95 said:

Does anyone know when will be available the stable version of malwarebytes for M1 macs? Thanks in advance

Version 4.9.7 (released May 19, 2021) and following (therefore also the current 4.10.4) are native both M1 and x86 being an Apple universal binary

[Activation]

If you have free licenses (as you seem to understand) just open MALWAREBYTES FOR MAC

On the top bar there is a button next to the gear

If it says ACTIVATE LICENSE just click on it and a window will open where you can insert the ACTIVATION KEY

If it says MY ACCOUNT it should be active and clicking on it opens the window indicating the edition (PREMIUM with the activation key next to it), the status (PREMIUM) and THE EXPIRY DATE (the day before the renewal is carried out in order to always remain protected)

[Malwarebytes for Mac 4.10]

@treed 

just one question: will Browser Guard be compatible with 1Blocker (which I just bought with a perpetual license)? If so, how?

I'm ready, as soon as available, to be a beta tester, of course.

[Malwarebytes for Mac 4.10]

The release of both will be the TOP  but already having Browser Guard for Safari will be fantastic (especially for those like me who only use Safari)

THANK YOU VERY MUCH

[Malwarebytes for Mac 4.10]

46 minutes ago, treed said:

but we'll wait to see whether it remains a significant issue

In my opinion it is not a significant issue as at the moment, perhaps because the Mac is new, it does not seem to have a particular impact on the battery charge. Its presence, when there is, is independent of the type of power supply, however.
My repeated reports are mostly due to the fact that it had never happened in many years and therefore I thought it could be a problem and not for the possible impact on the battery.
In fact, it has not happened to me yet, even with a use of several hours, to drain the battery too much.

(I assume for the optimization between CPU M1 and Big Sur that, even with demanding tasks such as high resolution HandBrake conversion of a video of almost 3 hours, it didn't overheat in the slightest. The MacBook Air, which is fanless, was barely warm at the end).

56 minutes ago, treed said:

prioritizing over other things that may have a bigger positive impact on customer experience.

I don't know what you mean, but I hope it's web protection (hope, they say, is the last to die). Meanwhile, on your advice, I bought 1Blocker