Jump to content


  • Content Count

  • Joined

  • Last visited

About Sorr

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hello! I just received an alert by my Malwarebytes 4.0 that it blocked an outbound connection to a Steam website. I just wanted to know if this is a false positive, or a legitimate threat. I've attached my log and screenshots below. If I could get a fast response by a staff member/expert, that would be greatly appreciated as this occurred on my work computer. Thanks, and I hope to hear from you soon! steam report.txt
  2. I see what you mean about that IP having multiple domains, got two more popups from Mbam today, but this time on my desktop. Funny thing is, they're both urls I've asked for clarification on before in separate threads lol; one linked to Steam's webpage & the other to Microsoft. I checked both reports and both incidents shared the same IP address that keeps being flagged. Makes me wonder if these legitimate websites can even do anything to change their IP to something dissociated with fraudulent domains entirely.
  3. Okay! So it's not related to the actual web domains insomuch as the actual IP addresses tied to them? I haven't noticed Mbam pop up anymore since early this morning, so it must've been resolved.
  4. This just seems strange to me that Mbam is blocking two urls tied to Microsoft. Maybe both shared an IP address that an old malicious domain shared?
  5. Hello! I just booted up my laptop after two days, and my Malwarebytes is blocking connections that appear to be associated with Microsoft Office 2016, listing the reasons as fraud. I haven't installed anything new since my last time using my laptop, and the last time I've scanned my PC, the report came back negative. I've attached the reports for both blockings below. Can I get a Staff member/expert to verify this & advise me what to do next. Thank you for your time & I hope to hear from you soon. Office Fraud.txt Office Fraud 2.txt
  6. Just restarted my PC, restored all quarantined items back to their regular locations, updated Malwarebytes to the latest update, did a threat scan, and no threats were found; everything seems to have been fixed on my end.
  7. Okay, thank you and I hope you have a good evening!
  8. I have the same thing happening; same files, locations, threat type, & ID numbers too.
  9. Do they involve any files that have "pid.dll" in the filename?
  10. I also Checked the file on Virustotal and Malwarebytes is the only one flagging this file as malware/Trojan.Emotet.Generic.
  11. I just did a threat scan on my computer and I wanted to make sure if this scan was accurate. I had done a full scan last night and didn't get any results, nothing flashed earlier on my real-time protection, and I haven't gone to any unsecured/ non-HTTPS sites (I've been to Zillow, Indeed, and Great Schools.org; literally the only websites I can think of where this trojan may have come from), so I'm not sure if this is a legitimate threat or not.The threat is labeled as Trojan.Emotet.Generic , found under the C:\WINDOWS\SYSWOW64\PID.DLL and found in the HKLM\SOFTWARE folders. I've attached the log file and screenshot of the report below. May I please get some help on this? Thank you! Results 2.txt
  12. Okay, no problem. Have a nice weekend Ron!
  13. Here you are: ActionSuccess : True AdditionalActionsBitMask : 0 AMProductVersion : 4.18.1806.18062 CleaningActionID : 3 CurrentThreatExecutionStatusID : 0 DetectionID : {9017505B-A0DD-4B66-B8A1-201B131AE3F8} DetectionSourceTypeID : 1 DomainUser : DESKTOP-QCM0VIU\Stephen InitialDetectionTime : 7/4/2018 4:26:03 PM LastThreatStatusChangeTime : 7/4/2018 4:27:29 PM ProcessName : Unknown RemediationTime : 7/4/2018 4:27:29 PM Resources : {file:_C:\Users\Stephen\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2tx yewy\LocalState\Indexed\Settings\en-US\ControlPanel.settingcontent-ms, file:_C:\Window s.old\Windows\ImmersiveControlPanel\Settings\ControlPanel.settingcontent-ms, file:_C:\ Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..ngs-searchdataother_31bf3856ad36 4e35_10.0.14393.0_none_91dae98fc47b5ff8\ControlPanel.settingcontent-ms} ThreatID : 2147727924 ThreatStatusErrorCode : 0 ThreatStatusID : 4 PSComputerName : Sorry it's so discombobulating!
  14. Malwarebytes Premium Version 3 (; Components: 1.0.374; Update: 1.0.5789) If it helps, I did post another thread with a more detailed explanation of what exactly happened in the Windows Malware Removal Help & Support subforum titled, "Trojan:O97M/DPlink.A file infection". That thread details eveything that I did yesterday and my current questions now.
  15. Hey there! This is more of just asking for Malwarebytes Staff/ Professional's opinion on an issue. On July 4th, I scanned my computer with Malwarebytes Premium and the Anti-rootkit beta; nothing was found each time. When I did a full scan of my computer with Windows Defender just to make sure, it says I was infected with "Trojan:O97M.Dplink.A". When I saw this I started to do some research on this trojan, but couldn't find any info other than a reddit thread talking about it and Microsoft's own entry on the trojan. I posted this to the Microsoft Community website asking if it was a false positive, but didn't really get a straight answer from them. I'll post it here because it goes into detail what happened; sorry that it's lengthy, but I like to try and be as thorough as I can be and I don't want to post links leading out of the forum: " Hello! I've been trying to figure this out all day; on my desktop earlier today, Windows defender flagged a file associated with the Immersive Control Panel - 'Control Panel a.k.a. ControlPanel.settingcontent-ms' - as 'Trojan:O97M/DPlink.A' in my user files and in the 'Windows.Old' files (I'd just reformatted and updated to 1803 about two weeks ago). This seemed strange since I've only logged into my Gmail, Youtube and Amazon since last night and haven't downloaded anything or even opened up an email, so I really haven't been in a position to have been infected by anything. Also, I had scanned my computer with Windows Defender last night too, and nothing came up when I did that. Windows Defender had deleted the file, so I don't have it on my computer anymore to send, if you needed it. I've run a full scan on my laptop and my father's laptop as well; WIndows Defender flagged the same exact file in the same exact location as the same Trojan I named above each time. On VirusTotal, I've noticed that Microsoft (Windows Defender) is the only Antivirus/Antimalware that's flagging it as a malicious XML file, labeling it 'Trojan:O97M/DPlink.A' leading me to suspect that this is a false positive. After a whole day of scouring the internet, I wanted to ask the Microsoft Community if this is indeed a threat or is Windows Defender detecting a false positive? On a side note, W.D. deleted the suspected file off my laptop as well, but I do have a screenshot of where it detected the suspected file; I'll attach it for reference. I do have the suspected file still on my father's laptop; windows defender is doing a full scan with the most recent virus definitions now as opposed to earlier today and the same file is not being flagged anymore. On all the machines I've scanned I ran a full scan with Malwarebytes Premium before running Windows Defender; Malwarebytes didn't detect anything on any computer during any scan, even when I had it select the exact file in question. [Screenshot is attached below] To summerize, I'm wanting to know if the file Windows Defender flagged is truly malicious or just a false positive? Given how my desktop and my laptop have deleted ControlPanel.settingcontent-ms from 'windows.immersivecontrolpanel_cw5n1h2txyewy' folder, will this cause permanent damage to my systems or will they still function properly? (I haven't noticed any problems yet)" I know that Malwarebytes staff isn't Microsoft, but based on the information above and the evidence I can present, do you feel confident in saying that this is a false positive? Admittedly, I do nnot have the ControlPanel.settingcontent-ms file on my computer since Windows Defender deleted it, but I have a link leading to the virus total page whee I uploaded it to the website; as of right now, Virus Total doesn't flag the file in question as malicious across any A.V./A.M. Thank you for taking the time to read this monster of a post and I hope to hear from you soon!
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.