jpkogelman

I did confirm that Spybot Anti-Beacon was blocking the telemetry data, which was modifying the host file. I will check the change log to see if that was implemented towards the end of last week, which would explain a great deal.

Thank you for the detailed information. I will check with Logitech to see if there is a different version of their driver software, as I use a few of their devices and the program was meant to keep them up-to-date. As for Spybot-anti-beacon software, this is a program that prevents Microsoft from collecting information from Windows 10/11 and relaying it back to them, without user permission or knowledge of the events happening. It is something I trust overall, though I can check that it isn't effecting Malwarebytes. I went ahead and updated the DNS, usually I do have Google and one other as my default; I suspect a Windows update did a change recently.. I will look at the last item as I have more time this evening. I do very much appreciate all the time and effort on reviewing this information and providing recommendations!

I ran the program above and the only thing identified was browser cookies, the log is attached below. Some of the information on the use of the Sophos program may be a bit dated; it does not install it is a run and scan tool and the log file location is a prompt instead of needing to be located. SophosScanAndClean_20221107_0914.log

I will not have that program on my PC, due to concerns in the IT security circles. If you have an alternative to Kaspersky, I will be happy to move forward.

Thank you for the reply and I did as instructed, the rather short results are attached for review. A note about the instructions on using the program that was suggested, it required "Run as Administrator" in order to properly run, otherwise the application would randomly quit trying getting it to run. Maybe something worth reviewing going forward. The ESET scanner that was suggested, as well as my own Malwarebytes and Avast full scans have shown nothing on the PC in question. While I am tempted run a in Windows Safe mode, I am more inclined to believe Malwarebytes has been reporting a false positive at this point. ESET Results.txt

As a test, I removed the hosts file from windows\system32\drivers\etc and restarted, scanned just the \etc file and getting another item detected. So I am not sure what is re-creating the hosts file or if this is still a false positive. I've made a copy of the hosts file that is being flagged, added .txt and attached it here. hosts.txt

Ran the recommended program and the log files are attached to this post. I did remove the user name as well as windows shortcuts as that information is not relevant to this inquiry. Thank you FRST.txt Addition.txt

Greetings, In the last three or four days, my daily scans pick up a risk; windows\system32\drivers\etc\hosts - which I have replaced and deleted. The issue is this seems to keep coming back, however there are a number of older replies pointing to this being a false positive by MWB. I have run an advance full scan with no other detections but it seems to return with each restart. Attached is the daily scan report including the detection of this host file. I've already deleted the file, so I don't have a copy atm. At this point I am hoping to find out if this may be a new false positive or if I need to try a scan with a different tool to see if something is running that MWB can't detect currently. Log.txt

I started experiencing the issue with Web Protection not enabling. I re-installed recently after the Protection would not start up. This seems to be related to the thread from May 19th https://forums.malwarebytes.com/topic/201185-protection-keeps-turning-off-v312/?page=29 I am running Windows Home 10 64bit & MWB 3.1.2