Jump to content

Salonoi

Members
  • Content Count

    14
  • Joined

  • Last visited

About Salonoi

  • Rank
    New Member
  1. Hi, I use Roguekiller, Avast, malwarebytes, Malwarebytes mbar (anti rootkit) and Eset Online Scanner (its a one time use scanner). I regularly scan my pc and dont visit dangerous sites, so not sure how I got this,bust avast found HTML:Scam-P [Phish], on file or website or dont know what it is called game4853.firdayfun78.live . I think however that I accidentally clicked on one website on google on 27th that showed this up? This keeps showing up only on Avast and nowhere else. Even when I put it in virus chest, it doesnt show up there. Avast reports only name of infection, and not infected file, or its location. I think I became infected on October 27,1:27 AM because Avast in notification history reports "threat blocked" and that it safely aborted connection to that game4853 website. I suppose it did not abort anything since it keeps reporting this infection :/. I think back then I clicked accidentaly on one website on google where I received this report. So, I got help at bleeping computer, with farbar logs they managed to get rid of the issue, and I was no longer seeing infection on avast for like 2-3 days, but for some reason it reappeared again, I have not clicked on any weird website or anything. Here is original post on bleepingcomputer: https://www.bleeping...mlscam-p-phish/ Thing is, that I might be dealing with something probably more difficult, I think problem might be reappearing for as long as infected file is still on my PC, unfortunately avast doesnt report location of the file. Can you guys please help me find core of the problem? I am attaching farbar logs (and screenshot of what avast keeps reporting) that I produced right after finding that virus yesterday, and before I tried to put it in chest or delete it (which doesnt do anything anyway). FRST.txt Addition.txt
  2. Listen,could you please confirm for me if Malwarebytes Mbar detected false positivr as well? And if the file Default.Sfx is safe? Thanks
  3. Thanks. So,this is a false positive then? No threat ?:)
  4. Hello, I scanned my computer with roguekiller, eset online scanner,malwarebytes, malwarebytes mbar. Malwarebytes Mbar found this as infected file. File located in winrar folder called Default.SFX. I uploaded file to virustotal and more antivirus programs picked it up. https://www.virustotal.com/#/file/0a2484026f989bbc29caba5873ac9c0a64ecad529b76f08a50cb1ec470b04453/detection Then I scanned my computer with Malwarebytes and it caught this: Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-K.MBAM, No Action By User, [8009], [664683],1.0.10008 Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-U.MBAM, No Action By User, [8009], [664683],1.0.10008 Trojan.FlyStudio, C:\WINDOWS\TEMP\AVAST_ASH2\WINRAR ARCHIVER (64 BIT)\WINRAR-X64-570CZ.EXE, No Action By User, [8009], [664683],1.0.10008 I am attaching the file. Is this please false positive or real? Thanks. Default.zip
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.