Jump to content

MrWashingToad

Members
  • Content Count

    13
  • Joined

  • Last visited

Everything posted by MrWashingToad

  1. Then not much I can do at this point except wait for justice to find them, and hope the unlock keys are done, then.
  2. Indeed. I tried multiple times to get Malwarebytes to run in the full Premium mode (as I stated previously, the system was running Malwarebytes Premium when this occurred, and has a lifetime license, was updated on Friday (attack occurred sometime over weekend). I have attached the other logs I could provide above. Note - I WAS able to get the infected drive imaged to another drive, so now I can play with it whilst keeping the original data drive safe. However, as this happened during a weekend backup run, it corrupted all local copies of my data on that computer, the network atta
  3. Ok, nearly a full 48 hours now, and no replies at all, thanks - really feel like I'm being helped. I've attempted multiple times to get Malwarebytes and Malwarebytes Chameleon to load correctly, but they all fail install; OR, install, but do not allow premium features (real time protection) to turn on. Have checked with the MalwareHunterTeam website, uploaded the .hta ransom note there, and it came back as 1) Dharma, and 2) Phobos. Additionally, all the files are labeled as 'FRENDI' files, and are labeled ID-C602BF82.[withdirimugh1982@aol.com].Frendi. I've located a hidden folder u
  4. Had updated copy of Malwarebytes Premium (lifetime license user) installed on Windows Server 2008r2. Note this is a personal server, not a business server, I just have software I use requiring the use of Windows Server base code in order to run stuff I need. Last I did on server on Friday March 29th was go ahead and let Skype update. Then logged out my RDP session. Go to login this morning, Monday April 1st, and the RDP won't connect. Walk over to the system console and login manually locally, and it pops up with 'Phobos Ransomware', and was encrypting files. I immediately checked all o
  5. Looks like Update package 1.0.3306 fixed the issue for me.
  6. Still getting the same error after forcing package update.
  7. Negative - just came back up after ~1-2 min unblocked on update package 1.0.3305. Edit: Tested against the drobox, not user: GroundHogDay's svchost.exe 255.255.255.255 issue as I was not experiencing that one.
  8. Adding IP address 255.255.255.255 to the exclusion list has stopped the popups every ~8 seconds - for now.
  9. Same thing - just started as well. Dropbox version: 39.4.49. Just uninstalled / reinstalled dropbox as well - same thing. Malwarebytes version: 3.3.1.2183 Component package: 1.0.236 Update package version: 1.0.3304
  10. I have a personal subdomain off duckdns.org. (I can PM the direct link, but as this directs to my personal WAN IP, would like to keep this from the main public for my subdomain). The MB3 program is blacklisting the main DuckDNS.ORG domain (IP for duckdns.org: 127.42.0.1) This was preventing any incoming IP address. I have the duckdns updater on another computer that doesn't have MB3 on it, so the auto-updater worked fine. I couldn't figure out what was causing the failure until I tried to visit duckdns.org directly, and had it immediately blocked, which would then come up with the notificat
  11. Hosting a java based Minecraft server from my computer. Internal IP address works fine for accessing. Cannot use Dyndns (duckdns.org) IP, nor direct IP to connect to the server with Malwarebytes 3.1.2.1733 web protection turned on. It does pop up notices that it blocked a "Java malicious inbound socket detected". BUT, where this SHOULD popup in the exclusions tab for a "previously detected threat", there is nothing listed, so I can't just add an exclusion.I did do a web exclude for website (duckdns.org), and it worked for about 4-5 hours. Then, it blocked access again by itself later on. (EDIT
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.