Jump to content

alvarnell

Malware Hunters
  • Posts

    2,061
  • Joined

  • Last visited

  • Days Won

    7

Everything posted by alvarnell

  1. There appears to be nothing on your Mac that needs to be removed. Avast is just preventing you from downloading anything from those web sites, presumably because they are known to distribute malware. VirusTotal also indicates there are problems with that first site: https://www.virustotal.com/gui/url/f1423a67e514c1d8f8964296d55ec0df99908be87717e2cc90f4c19f3a6c9307/detection. That happens quite frequently with sites that end in ".info". If you believe these are a false positive blockages, you should contact Avast.
  2. I'm reasonably sure that Malwarebytes knows where your currently established download location is and if so it would be a mistake to restore the default to a place where no files exist without moving them from their current location. There's always a chance that something you have already downloaded will be later found to contain malware. Staff needs to confirm.
  3. Yes, there is a legitimate support tool, so as long as you downloaded it from a malwarebytes.com site shown in the ticket it should not be a problem. Not sure what the "hates" reference at the end of your post was, but assume some sort of typo.
  4. I believe I read that the Mac version does not check running processes, nor do I believe it checks threads loaded into memory at this time. The latter is something that was just recently found to be possible without being downloaded to disk.
  5. I'm guessing that Malwarebytes had already removed the key active components of OSX/Conduit.A and that none of those components are a threat to your computer, just leftover files taking up a tiny amount of space. I can't really tell from what you posted exactly where those files were found by Virus Barrier and without examining the files for myself and knowing where they were, nobody here can be absolutely certain of that. Malwarebytes only scans places where active components of current malware are known to be installed looking for active components, thus saving you a lot of time and computer use by not bothering to scan your entire drive looking for files that cannot, by themselves, do any harm to your computer. In other words, it's more efficient than traditional AV scanners. I can't tell you where Malwarebytes scans because I don't know, it's proprietary information and knowing that information would only assist malware developers in knowing how to avoid detection. Just know that it looks everywhere that current active components of malware are known to exist.
  6. Not necessarily. Malwarebytes takes reports from a variety of sources, so the one hit on virustotal could easily be the one that caused it to be blacklisted. There is no way for the staff to check each and every report from other sources to verify maliciousness or not. They prefer to err on the side of caution for your protection. Generally, only reports from the site owner and from users who feel blockage may be a false positive or interfer with their computing are checked. The fact that Browser Guard is blocking it should be all you need to know.
  7. I don't ever click on a shortened link such as bit.ly from someone I don't know. Just delete it and ask your correspondents not to use such services. Way too often they are just spam ads and could be worse.
  8. I've been under the impression that only the phone number is used for blocking purposes. Caller ID's aren't considered and only displayed on your phone for your convenience. Staff will need to confirm that.
  9. @exile360 is correct, in that the macOS version will automatically update in the background when a new version becomes available. You can see the dates of release for all versions of Malwarebytes at https://support.malwarebytes.com/hc/en-us/articles/360038521514-Malwarebytes-for-Mac-Product-Lifecycle
  10. I don't believe it says that it won't be supported by the next update, rather it says some future version of macOS. At this time it's not clear as to what future macOS that is nor when it may be released, so there is still plenty of time before Malwarebytes will have to have a compatible version ready for our use. As the above response indicates, they are actively working on such a version and plan on having it ready at the appropriate time. You will continue to get these notices every thirty days, just know that the staff is well aware of it.
  11. You will need to wait for the staff to return tomorrow and have them let you know what to do about the "com.undelineated.hr.plist" file. It's not one I'm familiar with and they may also want to examine it before it's deleted. I suspect they might be backlogged due to the long holiday weekend in the US.
  12. Not much I can add as @exile360 has covered most of what you need to know. Just be aware that when Macs are repaired, they will normally reinstall macOS as part of the service. That shouldn't cause any issues with your personal data or 3rd party software, but here's hoping you have a recent backup, just in case. And yes, give us the information on that file that was not quarantined so we can advise on what needs to be done about it.
  13. I'm only surprised that "until a few days ago it had never happened." I've been seeing different items in that folder for at least a couple of years now. Just a temporary file that wasn't able to be saved to disk for some reason and was recovered from RAM in case it was something you need.
  14. I beieve that is proprietary information, but more importantly it could allow malware developers all the information they need to know as to where not to install their files. I would also have to guess that such information could change over time if newly discovered malware is being placed in a new folder. Suffice to say, Malwarebytes looks in every folder where currently active malware is known to place malicious files.
  15. I think it was moved here due to the subject. @AdvancedSetup recommend it be moved to correct forum with perhaps different subject?
  16. I'm a bit confused by all this. Are you using a Windows computer and originally posted this to the Windows forum, which would explain why the bot responded to this. You seem to be asking two questions here, the first appears to be the most important to know why MBAM is blocking the online store you are trying to access. That being the case if your question has now been moved to the iOS forum, I think that was a mistake and it needs to be moved back to Windows. If that's the case let me know and I'll have it moved back. But the Subject may be what caused our post to appear here and I will cover your second question to get that out of the way. iOS devices are much more secure than computers and almost never subject to malware infections as long as they are not jailbroken by their user. There have only been a very few attacks against them and Apple has been very quick to patched to prevent future harm. At this time there are no known threats to an iOS device that is running a fully up-to-date iOS version. Further, I'm not aware of any Trojan or other type of malware that could infect your iPhone by simply visiting a web site. You would have to be able to download something in order for an infection to occur.
  17. Welcome to the Malwarebytes Forum and glad this posting was helpful. Feel free to return should you ever have other problems or issues.
  18. I believe I read that it comes back every thirty days. It should be fixed on or before the time when that "future version of macOS" is released. Not only do we not know exactly when that date is, as of today we don't even know what version of macOS will actually make the current version incompatible. I would not expect Malwarebytes to have a "compatible" version available for you before whatever macOS becomes available for testing such a version. The whole point of this posting is to let you know you can safely ignore the warning as the developer is already well aware of the requirement. The only thing that now needs to be updated is that the next version of macOS is 11.0 and not 10.16, but even that may not be the OS that breaks things.
  19. I'll just ad that there are steps that can be taken to transfer "digital rights" to the estate of a decedent, so that access to their email account would then be possible.
  20. You appear to be in the wrong forum. This is for macOS users and everything you posted indicates you are a Windows user. @AdvancedSetup
  21. iOS malware is extremely rare and Apple is normally quick to patch against any that has occurred in the past, at least on non-jailbroken iPhones. I seriously doubt that your router compromise could have resulted in any damage to your wife's iPhone. Network updates come from your vendor, AT&T in your case. And yes, a fresh install only involves iOS and Apple apps. I would dismiss any thoughts about malware and simply contact AppleCare and/or AT&T to resolve any issue you may still be experiencing.
  22. Sorry, but all license issues must be handled by customer support. Nobody here has access to the data necessary to correct any problems. I'm curious as to how you were able to pay the $20 as all Malwarebytes for iOS have to be paid to Apple on the App Store. Not sure why you didn't receive a reply to the original ticket as they usually only take a day or two. Perhaps it went to your spam mailbox. If you haven't replied back to the email you got yesterday, do so immediately as the weekend is coming up.
  23. I have that same file. It's only 41 bytes long and looks like this: 957CB9C5 22000101 1A6C6576 656C6462 2E427974 65776973 65436F6D 70617261 746F7202 00030204 00 The ASCII portion reads: �|��"leveldb.BytewiseComparator I also have 179 other occurrences of that file name of which 131 are 41 bytes long. There are four more in ~/Library/Containers/desktop.whatsapp/Data/Library/Application Support/Whatsapp/... Obviously just a relatively common data file used by a variety of different applications. You got it by installing and running WhatsApp.
  24. A few comments, based on the VirusTotal scan. - The -67 score is primarily due to a couple of individuals with a high reputation. Their scores are based on their contribution to the community and are not something they control. Also, those scores are relatively old. - Looking at the relations tab you can see that that file is used by more than 50 processes apparently malicious processes, almost all being Windows executables. The file itself is listed as an unknown type and probably data. You didn't mention how you came about this file and where it was located on your Mac, but it does appear to be used exclusively in a Windows environment, so unless you are also running Windows on your Mac, it is not a threat. Let us know if you are running Windows or routinely exchange files with Windows users.
  25. I get that same error and have never been able to explain it. The "strings" command line tool is clearly at that location and chkrootkit uses it a total of 121 times to check the contents of other files, so I don't understand why it fails during the sshd check. I can run it manually from Terminal, so there must be something else wrong with the chkrootkit process for examining that file. FYI, strings checks for ASCII (alfa-numeric) code in a file so that chkrootkit can compare it with known malware ASCII terms.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.