Jump to content

bjm

Honorary Members
  • Posts

    135
  • Joined

Everything posted by bjm

  1. Okay....Thanks for your interest. FWIW ~ at this time "Nothing to block" Something updated/changed my side or your side? Thanks again for Malwarebytes Community interest.
  2. Um, so with Ads/Trackers off. BG still reports trackers ? BG still blocks trackers ? I imagined Ads/Trackers turned off globally....turned off Ads/Trackers. Please explain.....
  3. and now "29" ....29 what ?
  4. Hi I'm curious what's "browser.pipe.aira.microsoft.com ? Malware | Scam | PUP ? What does "Total 18" represent ? 18 what ? Note: I have Ads/Trackers off globally. Thanks
  5. -Log Details- Scan Date: 4/1/21 Scan Time: 8:10 PM Log File: e2f7f396-9347-11eb-b849-3c2c30e5a972.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1236 Update Package Version: 1.0.38996 License: Premium -System Information- OS: Windows 10 (Build 19042.804) CPU: x64 File System: NTFS User: DESKTOP-DELL\bjm -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 344653 Threats Detected: 0 Threats Quarantined: 0
  6. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/1/21 Scan Time: 2:34 PM Log File: efe1802e-9318-11eb-863c-3c2c30e5a972.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1236 Update Package Version: 1.0.38982 License: Premium -System Information- OS: Windows 10 (Build 19042.804) CPU: x64 File System: NTFS User: DESKTOP-DELL\bjm -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 344869 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 1 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS.CREED.VALHALLA_V1.0.2-V1.2.0_PLUS_19.TRAINER-FLING.ZIP, No Action By User, 0, 392686, 1.0.38982, , shuriken, , 16AFF4E61BDD648DA01DF3A3C03C7479, 3B6CA12F75F88B8EA8AB32B5FF22A73BC7145F27263AD21E973243F656FC5EA3 Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS CREED VALHALLA V1.0.2-V1.2.0 PLUS 19 TRAINER.EXE, No Action By User, 0, 392686, 1.0.38982, , shuriken, , 73B81E1864C485FCF12BD1648BBEC00A, C2D011739B7DD167D983B572E63F05A0C0E0456BCAA1B08E922D6339AACB2648 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  7. Yes, I had "expert system algorithms" On. Now, with "expert system algorithms" Off. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/1/21 Scan Time: 1:45 AM Log File: 7e7af03e-92ad-11eb-b6e7-3c2c30e5a972.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1236 Update Package Version: 1.0.38962 License: Premium -System Information- OS: Windows 10 (Build 19042.804) CPU: x64 File System: NTFS User: DESKTOP-DELL\bjm -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 344915 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 1 min, 51 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect File: 2 Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS.CREED.VALHALLA_V1.0.2-V1.2.0_PLUS_19.TRAINER-FLING.ZIP, Quarantined, 0, 392686, 1.0.38962, , shuriken, , 16AFF4E61BDD648DA01DF3A3C03C7479, 3B6CA12F75F88B8EA8AB32B5FF22A73BC7145F27263AD21E973243F656FC5EA3 Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS CREED VALHALLA V1.0.2-V1.2.0 PLUS 19 TRAINER.EXE, Quarantined, 0, 392686, 1.0.38962, , shuriken, , 73B81E1864C485FCF12BD1648BBEC00A, C2D011739B7DD167D983B572E63F05A0C0E0456BCAA1B08E922D6339AACB2648 (end)
  8. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/1/21 Scan Time: 1:16 AM Log File: 5d58815e-92a9-11eb-b05d-3c2c30e5a972.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1236 Update Package Version: 1.0.38962 License: Premium -System Information- OS: Windows 10 (Build 19042.804) CPU: x64 File System: NTFS User: DESKTOP-DELL\bjm -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 0 min, 25 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS CREED VALHALLA V1.0.2-V1.2.0 PLUS 19 TRAINER.EXE, No Action By User, 0, 392686, 1.0.38962, , shuriken, , 73B81E1864C485FCF12BD1648BBEC00A, C2D011739B7DD167D983B572E63F05A0C0E0456BCAA1B08E922D6339AACB2648 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  9. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/31/21 Scan Time: 9:14 PM Log File: aa45203e-9287-11eb-887a-3c2c30e5a972.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1236 Update Package Version: 1.0.38954 License: Premium -System Information- OS: Windows 10 (Build 19042.804) CPU: x64 File System: NTFS User: DESKTOP-DELL\bjm -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 0 min, 21 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS CREED VALHALLA V1.0.2-V1.2.0 PLUS 19 TRAINER.EXE, Quarantined, 0, 392686, 1.0.38954, , shuriken, , 73B81E1864C485FCF12BD1648BBEC00A, C2D011739B7DD167D983B572E63F05A0C0E0456BCAA1B08E922D6339AACB2648 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  10. Okay....regarding "no control on the Virus Total results". My understanding .... Malwarebytes command-line engine employs different configuration and detection techniques/heuristics which might detect more than the commercial product. Malwarebytes employs false-positive suppression mechanisms in the commercial product which are not present in the Virus Total command-line engine. With my opening post Malware.AI.1254230990 detection was reported with my Malwarebytes commercial product, as with Virus Total. So, either AI detection evolved over time or Malwarebytes manually changed detection with commercial product. Thanks
  11. Yes, (same) sample is not detected locally. Version: 4.3.0.98 Components Version: 1.0.1217 Update Package Version: 1.0.38391 License: Premium Objects Scanned: 1 Threats Detected: 0
  12. Please confirm Malware.AI.1254230990 detection (consumer product) has changed. Thank you
  13. Please advise has AI detection been fixed?....remains under review? Malwarebytes static scan Version: 4.3.0.98 Components Version: 1.0.1217 Update Package Version: 1.0.38351 License: Premium Objects Scanned: 1 Threats Detected: 0 File: tomb4.exe File size: 1.77 MB (1,851,392 bytes) MD5 checksum: 1D97D0BDE7A64CB81DEB31F547B471A1 SHA1 checksum: 403522D7E43F9508D082F5B83ACDBFC4FA5F312D SHA256 checksum: 4AC9D22DC556E4D485C8A1E46FD556311605D4D4AB414A24ED7CA19211FB811A My understanding is that VirusTotal uses the command-line scanner versions of the products that support VirusTotal. Some of the solutions included in VirusTotal are configured according to the parameters requested by the vendor, with a more aggressive level of heuristic detection than the official end-user default configuration would offer.
  14. https://www.virustotal.com/gui/file/4ac9d22dc556e4d485c8a1e46fd556311605d4d4ab414a24ed7ca19211fb811a/detection Please confirm AI detection. Thanks Malware.AI.1254230990.txt tomb4.zip
  15. -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.38053 License: Premium -System Information- OS: Windows 10 (Build 19042.804) CPU: x64 File System: NTFS User: DESKTOP-DELL\bjm File: 1 Malware.AI.896372918, C:\USERS\BJM\DESKTOP\0.7.2 - 5.49.0\SANDBOXIE-PLUS-X64-V0.7.2.EXE, No Action By User, 1000000, 0, 1.0.38053, FDD3A3D8DB903DFA356D90B6, dds, 01154351, 1BCE5F2B705F0BB24CAC84E85D797AF7, 7EE710C0182215B2C8C51F39708E7C83F63CB08183BC55A8B71F8C9351DE6678
  16. Website blocked due to phishing Website blocked: anonfiles.com Malwarebytes Browser Guard blocked this website because it may contain malware activity.
  17. I'm thinking with my setup....I'll be best served with Browser Guard Ads / Trackers Off. Regards w Respect
  18. Yes, I've experienced local caching issues with Norton Safe Web reporting. After a website classification false positive is cleared. I'd need to clear local cache to get updated status.
  19. Okay....knowing that Databases download EVERY time you start a new browser session is great to know. I check for updates outside sandbox. So, BG databases will update and when I run browser sandbox. Database will be copied over to sandbox. Think I found database available in my Edge sandbox. {"md5":"d3c206f9ace4f1dda048ebbabc5f93c4","name":"mbgc.db.worm","sha256":"a2f81a477fb16a9d8d59da70b2f898e0d142166d8098f0567b8dfde4c712bfdf","size":5122,"url":"https://cdn.mwbsys.com/packages/mbgc.db.worm/d/3/c/2/d3c206f9ace4f1dda048ebbabc5f93c4/e85c1643-ff4e-4377-bcdc-2e507f3a96ed.worm","version":"1.0.202012291252"}}á÷Ù< X last_successful_fetch"12/31/2020, 4:37:05 PM"Ãf¢#= Y last_successful_unpack"12/31/2020, 4:37:14 PM" Does "Trust on this site" write to this database? Is this the only databases repository?
  20. Okay...I'll accept that Allow list does not populate with Trust event. I'll accept that Allow list is for manual override. I'll accept that Allow list populates with manual override of Protection for this website toggles. So, when I opt Trust nexus.ensighten.com and then navigate away from that page. I'd have to find the same page and find nexus.ensighten.com as Trust....in order to reverse Trust for nexus.ensighten.com Guess, I imagined a "Trust on this site event" as a temporary status that refreshes to default Block status with page refresh or browser cycle. I think I observed Trust against nexus.ensighten.com survive browser restart. I'll accept I'm confused and apologize for spreading my confusion. Ahh....I thought databases were all cloud. I thought Browser Guard only queried the cloud. My browsers run sandbox'd. So, I need to figure out how to open a whole for Browser Guard databases to write outside sandbox. Or, figure out if the full databases download during a browser sandbox session. I know Browser Guard throws page blocks. Either I'm accessing local databases or cloud databases that downloaded in to my browser sandbox. I wish I knew the path to the Browser Guard database to maybe open a whole for Sandboxie to write outside sandbox. With uBlock Origin I'm able manually pull filters updates outside sandbox. Sandboxie reads from browser profile. I'd need to open direct access for Sandboxie to write outside of sandbox. I guess Browser Guard does not have a way to manually pull current databases. Thanks to all. I need to re-think Browser Guard. BG works in my browser sandbox. I'm not knowing how databases update outside sandbox. Can you share how frequently database updates?
  21. as far as I know ...ensignten.com is deemed by Browser Guard as an ad network / tracker ensighten scripts are working for community.norton.com ensighten.com website itself is not a concern. nexus.ensighten.com is not a website it's Ensightens Tag Management Platforms Tag Delivery Network (TDN) domain, users cannot rate that domain as a normal site for things like Trustworthiness and Child safety. Ensighten deploy JavaScript via the TDN, so it's involved in 'Online Tracking', but not directly by Ensighten, the tracking is done by the types of tags that are deployed by the client through the TMS tool. So Ensighten and the nexus.ensighten.com domain are not the risk in regards to Privacy or Tracking, Ensighten is just the CMS for JavaScript, the conduit for the tag code. Ensighten provides Solutions to help customers manage their Privacy concerns, provide explicit/implicit opt out options for users and to whitelist and blacklist specific types of tags.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.