Gokussj
Honorary Members-
Posts
106 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Gokussj
-
Websites detected as trojan - Opera
Gokussj replied to Gokussj's topic in Resolved Malware Removal Logs
Didn't happen again after my last reply -
Websites detected as trojan - Opera
Gokussj replied to Gokussj's topic in Resolved Malware Removal Logs
Here's the log: 24/05/2020 20:00:23 Arquivos rastreados: 790195 Arquivos detectados: 14 Arquivos limpos: 14 Tempo total do rastreamento 05:20:17 Status do rastreamento: Concluído C:\Users\Victor\AppData\Roaming\Fusion_ld\Fusion.dll uma variante de Win32/FusionCore.AX Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.5_41712.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.5_41865.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.7_42330.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.8_42449.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.8_42576.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_42923.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_42973.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_43085.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_43295.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.4.9_43388.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão C:\Users\Victor\AppData\Roaming\uTorrent\updates\3.5.0_43580.exe uma variante de Win32/uTorrent.C Aplicativo potencialmente não desejado limpo por exclusão -
Websites detected as trojan - Opera
Gokussj replied to Gokussj's topic in Resolved Malware Removal Logs
But i'm not trying to access these websites. I don't even know if they exist That's why i asked Adware cleaner found an app that i use (i installed it myself) and some pre-installed asus stuff. I didn't remove these because i didn't know if it's safe to do so MB detected nothing Adware cleaner # ------------------------------- # Malwarebytes AdwCleaner 8.0.4.0 # ------------------------------- # Build: 04-03-2020 # Database: 2020-05-19.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 05-24-2020 # Duration: 00:01:02 # OS: Windows 8.1 Single Language # Scanned: 31863 # Detected: 41 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater PUP.Optional.FreeMakeConverter HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.ASUSLiveUpdate Folder C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61F38529-6932-4346-8DC3-FA1543D42F62} Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61F38529-6932-4346-8DC3-FA1543D42F62} Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D095A0EE-672B-4989-AAD4-D9E33FDCBB4F} Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update1 Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker Preinstalled.ASUSLiveUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4} Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\ASUS LIVE UPDATE1 Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\UPDATE CHECKER Preinstalled.ASUSProductRegistration Folder C:\Program Files (x86)\ASUS\APRP Preinstalled.ASUSProductRegistration Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ASUSPRP Preinstalled.ASUSProductRegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ASUSPRP Preinstalled.ASUSScreenSaver Folder C:\Program Files (x86)\ASUS\ASUS SCREEN SAVER Preinstalled.ASUSScreenSaver Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2} Preinstalled.ASUSSmartGesture Folder C:\Program Files (x86)\ASUS\ASUS SMART GESTURE Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CA2F08E-B6BC-4F74-B5DC-5C6C2721EACE} Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Smart Gesture Launcher Preinstalled.ASUSSmartGesture Registry HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1} Preinstalled.ASUSSmartGesture Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D} Preinstalled.ASUSSmartGesture Task C:\Windows\System32\Tasks\ASUS SMART GESTURE LAUNCHER Preinstalled.ASUSSplendid Folder C:\Program Files (x86)\ASUS\SPLENDID Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BA359BA-9B71-4408-BEBC-A1E3E56AF246} Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C325FFC8-485B-42C1-8EE6-9119ECACA908} Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ColorU Preinstalled.ASUSSplendid Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D} Preinstalled.ASUSSplendid Task C:\Windows\System32\Tasks\ASUS SPLENDID ACMON Preinstalled.ASUSSplendid Task C:\Windows\System32\Tasks\ASUS SPLENDID COLORU Preinstalled.ASUSVibe Folder C:\Program Files (x86)\ASUS\ASUSVIBE Preinstalled.ASUSVibe Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSVIBE Preinstalled.ASUSVibe Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5E60084B-A440-4A51-8DB6-42F012EB8D70} Preinstalled.ASUSVibe Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E60084B-A440-4A51-8DB6-42F012EB8D70} Preinstalled.ASUSVibe Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AsusVibeSchedule Preinstalled.ASUSVibe Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Asus Vibe2.0 Preinstalled.ASUSVibe Task C:\Windows\System32\Tasks\ASUSVIBESCHEDULE Preinstalled.ASUSWebStorage Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|WebStorage Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-asus-genres AdwCleaner[S00].txt - [6236 octets] - [15/04/2020 09:03:52] AdwCleaner[C00].txt - [1644 octets] - [15/04/2020 09:10:22] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ########## FRST.txt Addition.txt mbam log.txt -
Websites detected as trojan - Opera
Gokussj replied to Gokussj's topic in Resolved Malware Removal Logs
No, these notifications still show up. I'm sorry but isn't it a sign of infection or something else? -
Websites detected as trojan - Opera
Gokussj replied to Gokussj's topic in Resolved Malware Removal Logs
-
Websites detected as trojan - Opera
Gokussj replied to Gokussj's topic in Resolved Malware Removal Logs
I didn't find this on settings -
I came here because of this https://forums.malwarebytes.com/topic/259943-websites-detected-as-trojan/ The thing is i keep getting these MB alerts from time to time (see screenshot) All logs attached! mbam log.txt FRST.txt Addition.txt
-
Websites detected as trojan
Gokussj replied to Gokussj's topic in Malwarebytes for Windows Support Forum
Ok, i'm just waiting for a scan to finish then i create a topic there. Thanks -
Websites detected as trojan
Gokussj replied to Gokussj's topic in Malwarebytes for Windows Support Forum
-
Websites detected as trojan
Gokussj replied to Gokussj's topic in Malwarebytes for Windows Support Forum
Ok, i disabled notifications from all browsers. I'll wait a few days to see if this will happen again Thanks -
Websites detected as trojan
Gokussj replied to Gokussj's topic in Malwarebytes for Windows Support Forum
Sure! Here it is: Malwarebytes www.malwarebytes.com -Detalhes do Relatório- Data do evento de proteção: 20/05/2020 Hora do evento de proteção: 15:58 Arquivo de relatório: dc236854-9acb-11ea-9532-10c37bc2c9b2.json -Informações do Software- Versão: 4.1.0.56 Versão de componentes: 1.0.920 Versão do pacote de definições: 1.0.24152 Licença: Premium -Informações do Sistema- Sistema operacional: Windows 8.1 CPU: x64 Sistema de arquivos: NTFS Usuário: System -Detalhes do Site da Web Bloqueado- Site da web malicioso: 1 , C:\Users\Victor\AppData\Local\Programs\Opera\68.0.3618.104\opera.exe, Bloqueado, -1, -1, 0.0.0 -Dados do site da Web- Categoria: Trojan Domínio: goldenmangas.online Endereço IP: 104.27.158.211 Porta: 443 Tipo: Saída Arquivo: C:\Users\Victor\AppData\Local\Programs\Opera\68.0.3618.104\opera.exe (end) -
I don't know why this happens but sometimes malwarebytes detectes websites that i don't even know or didn't access. Why this happens? Should i do a full scan?
-
I forgot to mention before this folder is always empty, even when show hidden files is checked. I'll do another scan tomorrow to see if it'll be back
-
Sure! Here it is CNQMACNF.rar
-
Hi, two files were found but both are related to my printer. Also, they are in a different folder than that one
-
Thanks
-
Did you find out anything?
-
Hi, here it is! Thanks for answering mbst-grab-results.zip
-
Malwarebytes always detects this as a backdoor. The thing is this file (or whatever that is) is inside the following folder: C:\ProgramData\Malwarebytes\MBAMService\tmp\CNQMACNF.EXE-U.MBAM Isn't it malwarebytes related? Could it be a false positive? I've already removed this once because malwarebytes detected it before but now it's back
-
I suspect there's a cryptominer on my computer
Gokussj replied to Gokussj's topic in Resolved Malware Removal Logs
Ok, thank you -
I suspect there's a cryptominer on my computer
Gokussj replied to Gokussj's topic in Resolved Malware Removal Logs
Well, you said the folder Fusion_ld may be problematic. It's still here Other than that, there's no problem at all -
I suspect there's a cryptominer on my computer
Gokussj replied to Gokussj's topic in Resolved Malware Removal Logs
Done! What should i do now? -
I suspect there's a cryptominer on my computer
Gokussj replied to Gokussj's topic in Resolved Malware Removal Logs
Btw. sometimes i get notifications from websites i'm not even trying to access. Example: Malwarebytes www.malwarebytes.com -Detalhes do Relatório- Data do evento de proteção: 27/03/2020 Hora do evento de proteção: 11:24 Arquivo de relatório: 9c8d7078-7036-11ea-a595-10c37bc2c9b2.json -Informações do Software- Versão: 4.1.0.56 Versão de componentes: 1.0.859 Versão do pacote de definições: 1.0.21452 Licença: Premium -Informações do Sistema- Sistema operacional: Windows 8.1 CPU: x64 Sistema de arquivos: NTFS Usuário: System -Detalhes do Site da Web Bloqueado- Site da web malicioso: 1 , C:\Users\Victor\AppData\Local\Programs\Opera\67.0.3575.97\opera.exe, Bloqueado, -1, -1, 0.0.0 -Dados do site da Web- Categoria: Site Arriscado Domínio: updateanti-virus.com Endereço IP: 81.17.18.196 Porta: 80 Tipo: Saída Arquivo: C:\Users\Victor\AppData\Local\Programs\Opera\67.0.3575.97\opera.exe (end) -
I suspect there's a cryptominer on my computer
Gokussj replied to Gokussj's topic in Resolved Malware Removal Logs
I did install LDplayer but i never downloaded this dll, unless it comes with LDplayer install Here's the log: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 29-03-2020 Executado por Victor (31-03-2020 15:54:36) Run:1 Executando a partir de C:\Users\Victor\Desktop Perfis Carregados: Victor (Perfis Disponíveis: Victor) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: FilesInDirectory: D:\ChangZhi\LDPlayer\+.+ EmptyTemp: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. ========================= FilesInDirectory: D:\ChangZhi\LDPlayer\+.+ ======================== ====== Fim de Filesindirectory ====== =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44626523 B Java, Flash, Steam htmlcache => 1161 B Windows/system/drivers => 5554321 B Edge => 0 B Chrome => 58488969 B Firefox => 39224135 B Opera => 533503343 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile32 => 0 B LocalService => 40294 B NetworkService => 40294 B Victor => 2782902670 B RecycleBin => 0 B EmptyTemp: => 3.2 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 16:01:37 ====