Jump to content


Malware Hunters
  • Content Count

  • Joined

  • Last visited

Everything posted by alvarnell

  1. Not necessarily. Malwarebytes takes reports from a variety of sources, so the one hit on virustotal could easily be the one that caused it to be blacklisted. There is no way for the staff to check each and every report from other sources to verify maliciousness or not. They prefer to err on the side of caution for your protection. Generally, only reports from the site owner and from users who feel blockage may be a false positive or interfer with their computing are checked. The fact that Browser Guard is blocking it should be all you need to know.
  2. I don't ever click on a shortened link such as bit.ly from someone I don't know. Just delete it and ask your correspondents not to use such services. Way too often they are just spam ads and could be worse.
  3. I've been under the impression that only the phone number is used for blocking purposes. Caller ID's aren't considered and only displayed on your phone for your convenience. Staff will need to confirm that.
  4. @exile360 is correct, in that the macOS version will automatically update in the background when a new version becomes available. You can see the dates of release for all versions of Malwarebytes at https://support.malwarebytes.com/hc/en-us/articles/360038521514-Malwarebytes-for-Mac-Product-Lifecycle
  5. I don't believe it says that it won't be supported by the next update, rather it says some future version of macOS. At this time it's not clear as to what future macOS that is nor when it may be released, so there is still plenty of time before Malwarebytes will have to have a compatible version ready for our use. As the above response indicates, they are actively working on such a version and plan on having it ready at the appropriate time. You will continue to get these notices every thirty days, just know that the staff is well aware of it.
  6. You will need to wait for the staff to return tomorrow and have them let you know what to do about the "com.undelineated.hr.plist" file. It's not one I'm familiar with and they may also want to examine it before it's deleted. I suspect they might be backlogged due to the long holiday weekend in the US.
  7. Not much I can add as @exile360 has covered most of what you need to know. Just be aware that when Macs are repaired, they will normally reinstall macOS as part of the service. That shouldn't cause any issues with your personal data or 3rd party software, but here's hoping you have a recent backup, just in case. And yes, give us the information on that file that was not quarantined so we can advise on what needs to be done about it.
  8. I'm only surprised that "until a few days ago it had never happened." I've been seeing different items in that folder for at least a couple of years now. Just a temporary file that wasn't able to be saved to disk for some reason and was recovered from RAM in case it was something you need.
  9. I beieve that is proprietary information, but more importantly it could allow malware developers all the information they need to know as to where not to install their files. I would also have to guess that such information could change over time if newly discovered malware is being placed in a new folder. Suffice to say, Malwarebytes looks in every folder where currently active malware is known to place malicious files.
  10. I think it was moved here due to the subject. @AdvancedSetup recommend it be moved to correct forum with perhaps different subject?
  11. I'm a bit confused by all this. Are you using a Windows computer and originally posted this to the Windows forum, which would explain why the bot responded to this. You seem to be asking two questions here, the first appears to be the most important to know why MBAM is blocking the online store you are trying to access. That being the case if your question has now been moved to the iOS forum, I think that was a mistake and it needs to be moved back to Windows. If that's the case let me know and I'll have it moved back. But the Subject may be what caused our post to appear here and I will cover your second question to get that out of the way. iOS devices are much more secure than computers and almost never subject to malware infections as long as they are not jailbroken by their user. There have only been a very few attacks against them and Apple has been very quick to patched to prevent future harm. At this time there are no known threats to an iOS device that is running a fully up-to-date iOS version. Further, I'm not aware of any Trojan or other type of malware that could infect your iPhone by simply visiting a web site. You would have to be able to download something in order for an infection to occur.
  12. Welcome to the Malwarebytes Forum and glad this posting was helpful. Feel free to return should you ever have other problems or issues.
  13. I believe I read that it comes back every thirty days. It should be fixed on or before the time when that "future version of macOS" is released. Not only do we not know exactly when that date is, as of today we don't even know what version of macOS will actually make the current version incompatible. I would not expect Malwarebytes to have a "compatible" version available for you before whatever macOS becomes available for testing such a version. The whole point of this posting is to let you know you can safely ignore the warning as the developer is already well aware of the requirement. The only thing that now needs to be updated is that the next version of macOS is 11.0 and not 10.16, but even that may not be the OS that breaks things.
  14. I'll just ad that there are steps that can be taken to transfer "digital rights" to the estate of a decedent, so that access to their email account would then be possible.
  15. You appear to be in the wrong forum. This is for macOS users and everything you posted indicates you are a Windows user. @AdvancedSetup
  16. iOS malware is extremely rare and Apple is normally quick to patch against any that has occurred in the past, at least on non-jailbroken iPhones. I seriously doubt that your router compromise could have resulted in any damage to your wife's iPhone. Network updates come from your vendor, AT&T in your case. And yes, a fresh install only involves iOS and Apple apps. I would dismiss any thoughts about malware and simply contact AppleCare and/or AT&T to resolve any issue you may still be experiencing.
  17. Sorry, but all license issues must be handled by customer support. Nobody here has access to the data necessary to correct any problems. I'm curious as to how you were able to pay the $20 as all Malwarebytes for iOS have to be paid to Apple on the App Store. Not sure why you didn't receive a reply to the original ticket as they usually only take a day or two. Perhaps it went to your spam mailbox. If you haven't replied back to the email you got yesterday, do so immediately as the weekend is coming up.
  18. I have that same file. It's only 41 bytes long and looks like this: 957CB9C5 22000101 1A6C6576 656C6462 2E427974 65776973 65436F6D 70617261 746F7202 00030204 00 The ASCII portion reads: �|��"leveldb.BytewiseComparator I also have 179 other occurrences of that file name of which 131 are 41 bytes long. There are four more in ~/Library/Containers/desktop.whatsapp/Data/Library/Application Support/Whatsapp/... Obviously just a relatively common data file used by a variety of different applications. You got it by installing and running WhatsApp.
  19. A few comments, based on the VirusTotal scan. - The -67 score is primarily due to a couple of individuals with a high reputation. Their scores are based on their contribution to the community and are not something they control. Also, those scores are relatively old. - Looking at the relations tab you can see that that file is used by more than 50 processes apparently malicious processes, almost all being Windows executables. The file itself is listed as an unknown type and probably data. You didn't mention how you came about this file and where it was located on your Mac, but it does appear to be used exclusively in a Windows environment, so unless you are also running Windows on your Mac, it is not a threat. Let us know if you are running Windows or routinely exchange files with Windows users.
  20. I get that same error and have never been able to explain it. The "strings" command line tool is clearly at that location and chkrootkit uses it a total of 121 times to check the contents of other files, so I don't understand why it fails during the sshd check. I can run it manually from Terminal, so there must be something else wrong with the chkrootkit process for examining that file. FYI, strings checks for ASCII (alfa-numeric) code in a file so that chkrootkit can compare it with known malware ASCII terms.
  21. Are you sure you are in the right place? This Forum is for macOS users and your reference to "pc" would lead me to believe your are using a Windows computer. If so I can ask that this be moved to the correct forum where it can be. It would also help to provide the VirusTotal link that you checked.
  22. Yes, the first time you run CCC's chkrootkit it has to compile it. Thereafter it shouldn't require that step. The version provided with CCC is 0.50 from 2014, but I doubt that anything has been added that would affect macOS. I compared your results with 0.53 in Mojave and these were the only checks added, many being Linux: Searching for Linux/Ebury - Operation Windigo ssh... not tested Searching for Mumblehard Linux ... nothing found Searching for Backdoor.Linux.Mokes.a ... nothing found Searching for Malicious TinyDNS ... nothing found Searching for Linux.Xor.DDoS ... nothing found Searching for Linux.Proxy.1.0 ... nothing found Searching for CrossRAT ... nothing found Searching for Hidden Cobra ... nothing found Searching for Rocke Miner ... nothing found Checking `asp'... not infected Checking `bindshell'... not infected Checking `lkm'... chkproc: not tested Checking `rexedcs'... not found Checking `sniffer'... stf0 is not promisc XHC0 is not promisc en3 is PROMISC ipsec0 is not promisc utun2 is not promisc Checking `w55808'... not infected Checking `wted'... unable to open wtmp-file wtmp Checking `scalper'... not infected Checking `slapper'... not infected Checking `z2'... not tested: not found wtmp and/or lastlog file Checking `chkutmp'... not tested: can't exec ./chkutmp Checking `OSX_RSPLUG'... searching for /Library/Internet Plug-Ins/QuickTime.xpt searching for /Library/Internet Plug-Ins/plugins.settings not infected I added something to my reply above that you probably missed: Malwarebytes for Mac will almost certainly locate any known keyloggers that might have been installed on your Mac.
  23. I'll guess that you downloaded Catalina Cache Cleaner directly from Northernsoftware back in March. The latest version is 15.0.4 dated Feb 9 of this year, so it should not need to be updated. As to the error you see when checking for an update, I reported that to them when I had 15.0.0 and never heard back, so have been re-downloading since then. I still get that error when checking today. Where did you obtain checkrootkit from and what version? Are you using something like MacPorts or Homebrew or some other site. The current version of chkrootkit is 0.53 dated Feb 11 2019. If you downloaded the source directly from chkrootkit.org and compiled it, then yes, it does require that Apple CommandLineTools is installed. What version of macOS are you running? Note that chkrootkit contains almost no macOS checks, only a few of the Darwin unix commands. There really haven't been any serious rootkit attacks against macOS in years, mostly due to System Integrity Protection provided in recent OS versions that prevent such things. What leads you to believe you have "transported Malware onto the Mac"? You haven't reported anything out of the ordinary here.
  24. Then an ad blocking extension would be in order. One other thing you can check is in System Preferences, do you see a section called "Profiles"? Most users won't have it. If you do, please list those.
  25. Let's start by checking Safari Preferences->Extensions to see if there is anything you don't recall installing. Probably best if you list all the extensions back here. If you haven't yet installed an ad blocker those could have been opened by some code embedded in ads on a site you are visiting at the time.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.