Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. Ok - ran the scan again -- quarantined and deleted. New log files attached. I also decided to un-install Google Chrome, ran another scan and no threats found. mbst-grab-results.zip
  2. I will re-run the scan and re-post results but rest assured that I have done multiple scans and choose FIX every time but they still come back. As soon as that machine is done with windows update I will re-run scan and post results.
  3. Checked the Google settings, sync and other google services are already off. Chrome is not even my default browser. mbst-grab-results.zip
  4. Hello - I keep getting the same PUPs coming back after scanning and cleaning (I use Premium). Have also used adwcleaner, it finds issues but they also come back. Need some advice please! Addition.txt FRST.txt scan results.txt
  5. Thanks for all the help and great information for going forward. Please consider this issue resolved/closed. PS - MWB 3 and its support just got you another new customer!
  6. Ok - followed you procedure exactly - attached is the fixlog file. Just as FYI, it saved to the FRST64 folder not to the desktop. Fixlog.txt
  7. Reply to: Advance Setup post. Follow you procedure per you post and all seems to be good. Files attached as requested. However, I am wondering if the issue could come back if the user re-enables Google Sync. Once I disable (turned off) sync MWB was able to clean and keep the threats from coming back. I also tried to follow the procedure that was linked in exile360's post above regarding turning off and resetting Google Sync but I was not able to follow the entire procedure only up to the point of turning off sync not resetting sync which seem to do the trick. I have also attached the original threat scan that shows the repeating threats so that maybe you can tell if these are really issue or not, file name "threat scan 59 issues". Thanks for the follow up! Addition.txt AdwCleaner[C05].txt FRST.txt Threat scan results.txt Threat scan 59 issues.txt
  8. Thanks for the suggestions. It appears that the issue here is Google Sync. I was not able to fully complete the instruction regarding Sync but got far enough to turn it OFF. Since SYNC has been off I have re-scanned and re-booted the computer multiple times and the result is that the threats are not longer coming back or being detected. So that is success! I don't know if SYNC can be fixed and re-enabled (I do not have full access to this google account) and not have MWB detect threats but that is for another day. Thanks!
  9. Hello - Need some help please! Working on a computer that keeps getting the same 59 threats even after MWB says they are quarantined. I have also run ADWcleaner and it also keeps finding threats, not as many and sometime none but I can't seem to keep the system clean. All 59 treats are for MindSpark and all are located/related to Chrome extensions. Attached are the log files from a scan with FarBar. Any suggestion would be appreciated!! Addition.txt FRST.txt
  10. Looks like I found the issue. It was a SPAM email that my filter did not catch which had links to the blocked website. Looks like MWB is doing its job!! Thanks.
  11. After starting the computer and only opening Outlook I get a MWB message "Website Blocked". Blocked Website details: Cat: Ransomware, Domain: N/A, IP add:, Type: Outbound Connection File: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE I am trying to figure out what is going on and how to fix it. Seem wrong that Outlook is trying to make an outbound connection with out me doing anything other than opening Outlook. Any suggestions would be appreciated. Thanks!
  12. Ok, finally have a response from the client. A full reset of Internet Explorer has resolved the fake message from popping up. Thanks for the help.
  13. Thanks for the detail analysis. I am also not fond of webmail but many of my clients are elderly and want to keep things as simple as possible. I am also aware of the risks with the advertisements that appear on these webmail sites but my latest test I switched his home page to google, no other pages loading and after approx. 3 hours sitting idle at that page the fake message appeared again. I have asked him to reset IE to factory/default settings but he has not responded since. If no luck I will also have him try Chrome and/or Firefox. I will update as soon as I hear from him. Thank you!
  14. Yes, just like those examples. The point is that is keeps coming back even after Malwarebytes scans which find nothing. The message will come on even if you just let explorer sit there idle. This can happen anywhere between 1 to 4 hours. I have asked the client to do a reset on Explorer and waiting to see if that helps/resolves the issue. Thanks.
  15. I have a friend/client running Windows 8.1 and Internet Explorer (all current and updated) that he uses IE to access his Comcast email. We leaves IE running to monitor his emails but after sitting idle anywhere from 1 hour to several hours the fake virus warning with audio comes on (so this happens without any movement or clicking by the user). The IE tab changes from the current site to flash yellow and now says Microsoft Support (but obviously it is not). The only way at this point that IE can be closed is to use task manager. The user has a current trial version of the latest Malwarebytes program and has scanned the system several times, the first scan 2 weeks ago produced a few PUP/issues and cleaned them but the warning messages came back. Subsequent scans did not find any issues. This is the first time that I have seen this issue where Malwarebytes did not permanently resolve the issue and where the warning message pops up even when IE is sitting idle. Any suggestion how to fix this would be appreciated! My latest attempt was to reset IE - waiting on result. Possibly uninstalling/re-installing IE and/or installing Chrome?
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.