Jump to content

LizinPa

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Twice in the past two days Malwarebytes has prevented me from accessing a reputable website via a link in an email. For example, today I could not access my American Express statement via a link in an email from AmEx. For years I routinely used these links with no problem. What is most frustrating is that I get only a screen that says "Malwarebytes blocked a suspected bad URL or an unwanted program." There's a link to click for more info, but it just takes me to a generic page -- https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true -- and does not provide me with the URL or IP that was blocked, so I can't add it to Exclusions. When I go into the reports in Malwarebytes, the protection events are not listed chronologically -- really irritating -- and if it's an outbound connection that was blocked I can't see the URL to which I was trying to connect. . . . so I can't get the info for Exclusions there, either. What's going on?? I did enable beta versions of Malwarebytes; maybe something changed very recently? I've had premium Malwarebytes for quite a while and this has not happened before. Any suggestions about how to deal with this would be very much appreciated.
  2. Thanks, Ron -- This seems to have done the trick! Just curious -- do you think PUP.Optional.Spigot could have been responsible for the malicious website outbound attack?
  3. Looking for guidance on two potentially related problems: 1) Beginning around Nov. 8, Malwarebytes (Premium 3.3.1) has been identifying PUP.Optional.Spigot during its daily scan of our desktop. When I click "quarantine," Google Chrome abruptly shuts down. I restart Chrome, and then Malwarebytes finds Spigot again on its next scan. I did check my Google Chrome extensions, and nothing suspicious shows up there. I also went through the processes described in "Chrome Secure Preferences detection always comes back, " and it did not solve the problem. PUP.Optional.Spigot repeatedly comes back (in C:\USERS\ANN OR LIZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [647], [454814],1.0.3329). I also scanned our laptop, which is connected via home wifi network, and on which we use the same Google & gmail accounts as the desktop. The laptop had not been scanned in a long time; Malwarebytes found 55 threats -- many of them PUP.Optional.Spigot, in numerous locations. The Malwarebytes quarantine got rid of 54 of the 55; as with the desktop, the only one I can't get rid of is the one connected to Chrome. I did not re-enable sync. 2) On Nov. 20, Malwarebytes repeatedly blocked a malicious website, outbound. All but one was from File: C:\Windows\System32\svchost.exe; the other, from File: C:\Windows\System32\spoolsv.exe. I've checked our DNS servers (router & local ones on both computers) and all seems to be fine. On a possibly related note, a credit card number that had been stored in Chrome was stolen and a fraudulent charge attempted on Nov. 21. Can someone offer guidance on how to permanently get rid of PUP.Optional.Spigot in Chrome? And is it plausible that PUP.Optional.Spigot was the cause of the malicious website outbound attack on Nov. 20? If not, what else should we be doing? Logs created via FRST and MB-Check are attached. Thanks in advance for any guidance/assistance! mb-check-results.zip
  4. Hi! Now that the Thanksgiving holiday is over, will someone be able to help me with this? FYI, I've checked our DNS servers (router & local ones on both computers) and all seems to be fine. Still having the problem with PUP.Optional.Spigot. When I quarantine it, Chrome shuts down. Thanks in advance for any help.
  5. OK -- I went through the processes described in "Chrome Secure Preferences detection always comes back, " and it did not solve the problem. That is, I quarantine PUP.Optional.Spigot, but it keeps coming back (in C:\USERS\ANN OR LIZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [647], [454814],1.0.3329). I also scanned our laptop, which is connected via home wifi network, and on which we use the same Google & gmail accounts as the desktop. The laptop had not been scanned in a long time; Malwarebytes found 55 threats -- many of them PUP.Optional.Spigot, in numerous locations. The Malwarebytes quarantine got rid of 54 of the 55; as with the desktop, the only one I can't get rid of is the one connected to Chrome. I did not reenable sync. Logs created via FRST and MB-Check are attached. I am concerned about a couple of things: 1) how to get rid of PUP.Optional.Spigot (on both the desktop and the laptop) 2) whether PUP.Optional.Spigot could have been the cause of the malicious website outbound attack described in my initial post, or whether I need to be concerned about our DNS server, too, and doing something different to deal with that. Thanks in advance for any guidance/assistance! mb-check-results.zip
  6. Hi, Porthos -- Thanks for your reply! Will go through the steps outlined in the link shortly. Question: Do you think that will solve the malicious-website-outbound problem, too? or just the PUP.Optional.Spigot problem?
  7. I have been experiencing two (& maybe 3) potentially related problems: 1) Beginning around Nov. 8, Malwarebytes (Premium 3.3.1) has been identifying PUP.Optional.Spigot during its daily scan. When I click "quarantine," Google Chrome abruptly shuts down. I restart Chrome, and then Malwarebytes finds Spigot again on its next scan. I did check my Google Chrome extensions, and nothing suspicious shows up there. 2) On Nov. 20, Malwarebytes repeatedly blocked a malicious website, outbound. As the attached logs document, all but one was from File: C:\Windows\System32\svchost.exe; the other, from File: C:\Windows\System32\spoolsv.exe. 3) This may or may not be related, but -- on Nov. 21, a fraudulent charge was made to one of my credit cards, which I had used to make an online reservation on Nov. 15. It's quite a coincidence if it's unrelated, in that the charge was made less than 24 hours after the malicious website "attack." So -- help! I am very cautious online, have Malwarebytes running every day, have Norton Internet Security doing daily scans . . . yet obviously our computer has been infected &/or there is a malicious DNS server. We do have a wifi network - not sure whether KRACK could have played a role?? In any case, I am wondering how to deal with this problem -- specifically, whether it is something I should be able to deal with myself (with instructions from someone much more tech-savvy than I :-) )? Or?? Thanks in advance for any guidance. Malwarebytes logs 11 22 17.docx
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.