Jump to content


Malware Hunters
  • Content Count

  • Joined

  • Last visited

Everything posted by alvarnell

  1. @adas, from the Malwarebytes staff, wants to analyze it, probably to see if it's something Malwarebytes needs to detect.
  2. Since these notifications are coming from the Password settings on your iPhone, then I'm confident that those links were legit at the time of the compromise and clicking on them is a trustworthy means of accessing the site to make any password changed. I went through all of the ones listed on my iPad today and was not able to repeat your findings. A small number of sites came up blank, but none came up referencing Distil Networks. I haven't taken the time to dig in to those, but suspect the sites no longer exist today and those messages are coming from either your DNS service provider or
  3. This might help Trojan.StolenData. In general, anti-malware for Mac computers is ineffective at identifying malware in a Windows VM, so I'm both surprised that Malwarebytes for Mac found it there and Malwarebytes for Windows found nothing. Sorry, I've just read your post in the Windows forum and see that I misinterpreted what you were asking. Since Malwarebytes for Mac found nothing, I wouldn't worry about the Mac side of your computer.
  4. I'll just add that Ransomware is considered to be malware on the Mac platform, so you are protected against the few such threats that have existed to date. I don't actually know what "Exploit protection" means in a Windows environment, but in my book an exploit is malware that takes advantage of a vulnerability which is generally what all malware attempts to do. Web protection might be considered a deficiency here and that is due to some macOS restrictions that prevent it from being implemented in the Malwarebytes app itself. There are extensions for Chrome and Firefox that accomplish thi
  5. Are you certain that you received this notification from a reliable source? What was it that notified you and how did you receive it (e-mail, text, pop-up, etc.). Do you have an Imperva product installed on your Mac (they appear to be associated with Distil Networks, Inc.). I subscribe to some services (e.g. https://haveibeenpwned.com) that alert me to such things, but only something new and rarely more than one compromised password at a time. I'm concerned that this could be a phishing attempt designed to harvest changed passwords. I would need to know the url to give you
  6. Broken code was my conclusion, as well. I'm guessing that you probably accidentally approved a download at some point and Safari remembers that and allows them without asking now. To fix that open Safari Preferences->Websites and click on "Downloads" in the left hand "General" column. Now look for the "safeframe.googlesyndication.com" or perhaps just "googlesyndication.com" and click the "Remove" button.
  7. The file you posted here, when unzipped is zero bytes. And please don't post suspected malware here again. Either send it by Private Message (click on member name and then use the "Message" button) or post it to the Research Center "Newest Mac Threats" forum. I'm afraid we are unable to provide additional help without having at least some of the information requested earlier. - What browser (and version) are you using. - What extensions or add-ons do you have installed in that browser?
  8. I got a similar report on an email list I monitor. OP was browsing the Guardian web site. @Jazzbro77what website are you seeing this on?
  9. As I cited above, the Developer documentation for Safari 14 extensions say that "BlockingResponse" and "Blocking" Web Requests are not supported. Not sure why nobody from the staff has chosen to comment here, just that @treed is on a lengthy vacation out-of-state at the moment.
  10. I've been spending some time looking into what safeframe.googlesyndiation is all about. I'll start by assuring you that it has no association whatsoever with malware, rather it's a mechanism that's used by google to provide websites with safe advertising via Adsense. That being said, I can't think of any reason for you to be using that service unless you have a website hosted on your computer.
  11. If you have JavaScript turned on in your preferences, it isn't surprising that a js (javascript) file would be allowed to download to your computer. If you disallow javascript, it is quite likely that many websites would not work properly as javascript is widely used for important functions. Where did you find the f.txt.js file? Next time you get one please send it to me in a PM before deleting it. You said something about the popup looks different. Please take a screenshot of it and include it with your next reply. I still need to know more about your setup to comment further.
  12. There was a recent update to Java, so that was almost certainly legit. If you don't need it to run any third party apps, then there is no need to re-install it. There haven't been any serious issue with Java for Mac users for a long time now, but if needed you should keep it up-to-date. Malwarebytes and many other anti-malware software packages focus on disabling malware by quarantining or deleting the active processes of that malware and often ignore the passive files that may be associated with it. Viewing previews of even active files should not cause any damage as they have to be actu
  13. That all sounds normal to me, but I don't really know your setup. What macOS are you running, what browser and version are you seeing this in? Are you running a third party firewall and what browser extensions / add-ons do you have installed? Do you have browser preferences set to alert you to fraudulent web sites? Here's what Apple has to say: https://support.apple.com/HT203987
  14. Pi-Hole. Only expense is for a Rasberry Pi processor.
  15. I doubt that any of those will continue to work as well with Safari 14 now. I gave up on all of them a long time ago and use Pi-Hole DNS to achieve what is needed for my entire local network.
  16. With no ability to block, Malwarebytes Browser Guard for Safari would be worthless. Same applies to uBlock and similar extensions.
  17. According to this article, the following would seem to preclude it:
  18. Pay particular attention to the "Nuke Chrome" section, as that is what most Chrome users have had to resort to.
  19. @Porthos is correct that external drives are never scanned. The Malwarebytes architecture only scans locations where current malware files are known to exist and the structure of an external disk would likely not be organized in a standard manner, so there wouldn't be any means of knowing where to look. Anything copied or installed from an external disk to the boot drive would almost certainly be caught by the Real-Time Malware protection feature or the next scheduled/manual scan.
  20. @onam I'm not sure that Malwarebytes will be willing to pay to check out your app. I recommend that you provide a copy by PM to a staff member when they get back to work next week and respond either here or by PM.
  21. @AdvancedSetup I believe this discussion should be moved to https://forums.malwarebytes.com/forum/42-file-detections/.
  22. Yes, in that much of that article does not pertain to Malwarebytes and many other anti-malware scanners since they don't scan Time Machine volumes. But if you happen to know the exact location of any malware found on your boot drive, you can use the instructions #2 to remove all of those same files from those same locations on the TM drive. And you could just completely erase the backup drive as outlined in #3 and start over, but that's a rather extreme approach.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.