JoltLiz

Ran KRPM and attached logs. While I was scrolling through it I ironically got another alert (see attached). kprm-20220801011029.txt

Yup! Seems like we are all clean here; ESET found nothing. Nothing else can be done I suppose. Thanks for the help!

Thanks for the response. It is comforting to know Malwarebytes is doing a good job. All scans came up as clean. My question is if there is anything else to be done, or is no further action required on my part? Was I accurate on the (possible) cause of these alerts? Just want to make sure it isn't something else more serious.

Hi, I have been getting several notifications from Malwarebytes about blocked inbound connections, with them being much more common today. I accidently left my system on when I went to work, which is when the majority of the alerts happened. I am particularly paranoid about my computer and would like to know what exactly is happening here. My initial guess was attempted probes and/or some sort of SMB brute force attack? I have done a few scans and it seems there is no onboard infection but I am worried that this attack will continue and breach my system. Is there any way to stop these attempts? I have just disabled Remote Desktop; is there anything further to be done? The main reason I am concerned is that the most recent blocked inbound connection was from wininit rather than svchost, which is new. Attached are the detection history logs for this month, and my FRST scans. Apologies if I am making a big deal out of nothing; I am irrationally afraid of malware haha- Addition.txt FRST.txt [svchost-wininitRTPdetection]7.16.22-7.31.22.txt

If you don't want it to block it, you can add it as an exclusion. Settings > Exclusions > Add Exclusion > Exclude a Website > Type in the URL Also, make sure your links are not clickable... You can use the code button (the one that looks like this <>) It will look like this Or you can do this example[.]com

I'm having a hard time trying to download mods for a game and I and trying to avoid malware. The place where I usually download mods has faulty versions of the mod that don't work. I tried downloading the newest version (the first one listed) and I got a popup from both my antiviruses saying it was a trojan, despite the link being posted on the official website for the mod. https://www.mocreatures.org/downloads http://zipansion.com/2aTPv The first one is the official website and the second is the link it gives you to download the mod. Is it blocking it because zipansion also hosts malicious downloads or it it just that specific one? Thanks!

I've noticed that whenever I click on the Malwarebytes icon in the hidden icon menu, that after you right-click it, the mouse is dangerously close to the "quit Malwarebytes" button. I've accidentally clicked it before when I wanted to check for updates but clicked twice by accident. The suggestion I would like to make is to maybe switch the "open Malwarebytes" and "quit Malwarebytes" buttons, so someone doesn't accidentally click it. (tried to recreate the cursor in the screenshot)

I did type another URL I knew was bad into google search and Malwarebytes didn't seem to react; I assume that it wasn't in your signatures. Are you guys aware of dregol(dot)com?

I was typing in some malicious websites into Google Search (not the URL bar so I wouldn't actually GO to the site) to see if my SiteAdvisor would display an "X" next to the dangerous site, just to test it (I guess there are better ways to do this but I figured this way was safe). I typed it in like I did in the screenshot below. Malwarebytes then showed a notification for that website being blocked, even though I never actually visited it. Will typing a bad URL into Google Search actually harm my computer, or does Malwarebytes just show the notification to warn you not to visit the site or something? I did the same thing with google(dot)com and it didn't go to googles site... [EDIT] I also ran a scan and found nothing; nothing has been quarantined.

Thanks for the fast response! I'm assuming if I visit the page, nothing bad will actually happen (unless I really mess up somehow)... I shall keep reading! Thanks again!

So I was just scrolling through your security blog, reading about malware and stuff, when I got jumpscared by my McAfee WebAdvisor saying that one of your stories called "Inside the Kronos Malware - part 1" had PUPs? I thought this was a little funny, McAfee blocking me from a post on Malwarebytes blog, but my question is why? Just a little curious, and slightly concerned... Sorry for potentially wasting your time with this, I just wanted to know why webadvisor would block the site.