Gokussj

Didn't happen again after my last reply

Here's the log: 24/05/2020 20:00:23 Arquivos rastreados: 790195 Arquivos detectados: 14 Arquivos limpos: 14 Tempo total do rastreamento 05:20:17 Status do rastreamento: Concluído C:\Users\Victor\AppData\Roaming\Fusion_ld\Fusion.dll uma variante de Win32/FusionCore.AX Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.5_41712.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.5_41865.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.7_42330.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.8_42449.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.8_42576.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_42923.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_42973.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_43085.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_43295.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_43388.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.5.0_43580.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão

But i'm not trying to access these websites. I don't even know if they exist That's why i asked Adware cleaner found an app that i use (i installed it myself) and some pre-installed asus stuff. I didn't remove these because i didn't know if it's safe to do so MB detected nothing Adware cleaner # ------------------------------- # Malwarebytes AdwCleaner 8.0.4.0 # ------------------------------- # Build: 04-03-2020 # Database: 2020-05-19.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 05-24-2020 # Duration: 00:01:02 # OS: Windows 8.1 Single Language # Scanned: 31863 # Detected: 41 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater PUP.Optional.FreeMakeConverter HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.ASUSLiveUpdate Folder C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61F38529-6932-4346-8DC3-FA1543D42F62} Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61F38529-6932-4346-8DC3-FA1543D42F62} Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D095A0EE-672B-4989-AAD4-D9E33FDCBB4F} Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update1 Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker Preinstalled.ASUSLiveUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4} Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\ASUS LIVE UPDATE1 Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\UPDATE CHECKER Preinstalled.ASUSProductRegistration Folder C:\Program Files (x86)\ASUS\APRP Preinstalled.ASUSProductRegistration Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ASUSPRP Preinstalled.ASUSProductRegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ASUSPRP Preinstalled.ASUSScreenSaver Folder C:\Program Files (x86)\ASUS\ASUS SCREEN SAVER Preinstalled.ASUSScreenSaver Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2} Preinstalled.ASUSSmartGesture Folder C:\Program Files (x86)\ASUS\ASUS SMART GESTURE Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CA2F08E-B6BC-4F74-B5DC-5C6C2721EACE} Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Smart Gesture Launcher Preinstalled.ASUSSmartGesture Registry HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1} Preinstalled.ASUSSmartGesture Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D} Preinstalled.ASUSSmartGesture Task C:\Windows\System32\Tasks\ASUS SMART GESTURE LAUNCHER Preinstalled.ASUSSplendid Folder C:\Program Files (x86)\ASUS\SPLENDID Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BA359BA-9B71-4408-BEBC-A1E3E56AF246} Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C325FFC8-485B-42C1-8EE6-9119ECACA908} Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ColorU Preinstalled.ASUSSplendid Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D} Preinstalled.ASUSSplendid Task C:\Windows\System32\Tasks\ASUS SPLENDID ACMON Preinstalled.ASUSSplendid Task C:\Windows\System32\Tasks\ASUS SPLENDID COLORU Preinstalled.ASUSVibe Folder C:\Program Files (x86)\ASUS\ASUSVIBE Preinstalled.ASUSVibe Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSVIBE Preinstalled.ASUSVibe Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5E60084B-A440-4A51-8DB6-42F012EB8D70} Preinstalled.ASUSVibe Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E60084B-A440-4A51-8DB6-42F012EB8D70} Preinstalled.ASUSVibe Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AsusVibeSchedule Preinstalled.ASUSVibe Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Asus Vibe2.0 Preinstalled.ASUSVibe Task C:\Windows\System32\Tasks\ASUSVIBESCHEDULE Preinstalled.ASUSWebStorage Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|WebStorage Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-asus-genres AdwCleaner[S00].txt - [6236 octets] - [15/04/2020 09:03:52] AdwCleaner[C00].txt - [1644 octets] - [15/04/2020 09:10:22] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ########## FRST.txt Addition.txt mbam log.txt

No, these notifications still show up. I'm sorry but isn't it a sign of infection or something else?

It's disabled

I didn't find this on settings

I came here because of this https://forums.malwarebytes.com/topic/259943-websites-detected-as-trojan/ The thing is i keep getting these MB alerts from time to time (see screenshot) All logs attached! mbam log.txt FRST.txt Addition.txt

Ok, i'm just waiting for a scan to finish then i create a topic there. Thanks

So.... it happened again The same website and a new one

Ok, i disabled notifications from all browsers. I'll wait a few days to see if this will happen again Thanks

Sure! Here it is: Malwarebytes www.malwarebytes.com -Detalhes do Relatório- Data do evento de proteção: 20/05/2020 Hora do evento de proteção: 15:58 Arquivo de relatório: dc236854-9acb-11ea-9532-10c37bc2c9b2.json -Informações do Software- Versão: 4.1.0.56 Versão de componentes: 1.0.920 Versão do pacote de definições: 1.0.24152 Licença: Premium -Informações do Sistema- Sistema operacional: Windows 8.1 CPU: x64 Sistema de arquivos: NTFS Usuário: System -Detalhes do Site da Web Bloqueado- Site da web malicioso: 1 , C:\Users\Victor\AppData\Local\Programs\Opera\68.0.3618.104\opera.exe, Bloqueado, -1, -1, 0.0.0 -Dados do site da Web- Categoria: Trojan Domínio: goldenmangas.online Endereço IP: 104.27.158.211 Porta: 443 Tipo: Saída Arquivo: C:\Users\Victor\AppData\Local\Programs\Opera\68.0.3618.104\opera.exe (end)

I don't know why this happens but sometimes malwarebytes detectes websites that i don't even know or didn't access. Why this happens? Should i do a full scan?

According to what i read, malwarebytes can be affected by this bug that could be used to install malware. How serious is that? Malwarebytes is still affected by this bug?

I forgot to mention before this folder is always empty, even when show hidden files is checked. I'll do another scan tomorrow to see if it'll be back

Sure! Here it is CNQMACNF.rar

Hi, two files were found but both are related to my printer. Also, they are in a different folder than that one

Thanks

Did you find out anything?

Hi, here it is! Thanks for answering mbst-grab-results.zip

Malwarebytes always detects this as a backdoor. The thing is this file (or whatever that is) is inside the following folder: C:\ProgramData\Malwarebytes\MBAMService\tmp\CNQMACNF.EXE-U.MBAM Isn't it malwarebytes related? Could it be a false positive? I've already removed this once because malwarebytes detected it before but now it's back

Ok, thank you

Well, you said the folder Fusion_ld may be problematic. It's still here Other than that, there's no problem at all

Done! What should i do now?

Btw. sometimes i get notifications from websites i'm not even trying to access. Example: Malwarebytes www.malwarebytes.com -Detalhes do Relatório- Data do evento de proteção: 27/03/2020 Hora do evento de proteção: 11:24 Arquivo de relatório: 9c8d7078-7036-11ea-a595-10c37bc2c9b2.json -Informações do Software- Versão: 4.1.0.56 Versão de componentes: 1.0.859 Versão do pacote de definições: 1.0.21452 Licença: Premium -Informações do Sistema- Sistema operacional: Windows 8.1 CPU: x64 Sistema de arquivos: NTFS Usuário: System -Detalhes do Site da Web Bloqueado- Site da web malicioso: 1 , C:\Users\Victor\AppData\Local\Programs\Opera\67.0.3575.97\opera.exe, Bloqueado, -1, -1, 0.0.0 -Dados do site da Web- Categoria: Site Arriscado Domínio: updateanti-virus.com Endereço IP: 81.17.18.196 Porta: 80 Tipo: Saída Arquivo: C:\Users\Victor\AppData\Local\Programs\Opera\67.0.3575.97\opera.exe (end)

I did install LDplayer but i never downloaded this dll, unless it comes with LDplayer install Here's the log: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 29-03-2020 Executado por Victor (31-03-2020 15:54:36) Run:1 Executando a partir de C:\Users\Victor\Desktop Perfis Carregados: Victor (Perfis Disponíveis: Victor) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: FilesInDirectory: D:\ChangZhi\LDPlayer\+.+ EmptyTemp: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. ========================= FilesInDirectory: D:\ChangZhi\LDPlayer\+.+ ======================== ====== Fim de Filesindirectory ====== =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44626523 B Java, Flash, Steam htmlcache => 1161 B Windows/system/drivers => 5554321 B Edge => 0 B Chrome => 58488969 B Firefox => 39224135 B Opera => 533503343 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile32 => 0 B LocalService => 40294 B NetworkService => 40294 B Victor => 2782902670 B RecycleBin => 0 B EmptyTemp: => 3.2 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 16:01:37 ====