KEL1

The "Block Penetration Testing attacks WAS NOT TURNED ON. Also, a second topic for me on this issue was opened by Maurice Nagger,. If you look at it you will see what has taken place over the last day. I really don't want to have two topics to address the same issue. Maybe they can be combined somehow. That would be great!

Maurice, XXX is back and has contacted me about my other topic on this same issue. Is there anyway you can work together and address this on only one topic? Thanks!

Here is a MWB Scan that was just run... Also there were 2 Detection History Logs created today. The indicaExploit Blocked part 2 (9-5-2023).txtExploit Blocked part 1 (9-5-2023).txtScan Report 9-5-2023.txtted a different path from the previous ones.

OK...here is the Avast Targeted Scan on the C drive log. Targeted Scan.txt

Do you want me to run an Avast Full System Scan or a Targeted Scan on the C drive?

Followed your Instructions. Attached is the Fixlog that was generated. Fixlog.txt

Tried to run FRSTENGLISH. It was flagged by AVAST as a threat, infected with IDP.ALEXA.53 and Quarantined. (see attachments) What should I do next? Ignore AVAST , remove it from Quarantine and create it as an exception in AVAST? Please let me know what I should do next. Thanks. (Note: will not be upgrading this PC to Windows 10 at this time. Thanks for asking)

ESET scan log attached. ESET Scan Log 9-4-2023.txt

Attached are the results of running Microsoft Safety Scanner. It also reported that it had removed PUABundler:Win32/PiriformBundler msert.log

Are you asking me to DO a Microsoft Safety Scanner run?

Hello Maurice, Thank you for contacting me. I was only commenting on the topic by LanDroid ,(Blocked: sysnative\cmd.exe ..... \crytography\v MachinGuid ...) I did not mean to create any confusion. I already have an open topic on this issue of my own. https://forums.malwarebytes.com/topic/301888-exploit-payload-process-blocked-quarantined-but-nothing-in-quarantine/ Please take a look at it and see how you would like to proceed. On My Original Topic …. (EXPLOIT Payload Process Blocked & Quarantined but nothing in Quarantine??, ID 1586966), PORTHOS contacted me and had me attach some logs from the MWB SCAN and PROTECTION Logs. Porthos also commented: Exploit protection has become very aggressive in order to block the current exploits. I am waiting for @Arthi to return from the long holiday to advise us. Yours is not the only report like this. In addition to the information on my original topic I have followed your instructions through step 7. Download and run the MalwareBytes Support Tool and attaching the logs generated to this topic. I will wait for your instructions before taking any further steps. mbst-grab-results.zip

Thankyou for your reply. Attached are 3 logs: 1- Block of cmd.exe 2- Quarantine of cmd.exe 3- Block of MachineGuid Blocked cmd exe 9-4-2023.txt Blocked MachineGuid 9-4-2023.txt Quarantined cmd exc 9-4-2023.txt

I am also having the same issue. I started a new topic because I had not seen yours. This started for me 8/31/2023. Messages List these as the Blocked & Quarentined , but nothing is listed in the Quarantine c:\WINDOWS\sysnative\cmd.exe c:\WINDOWS\sysnative\cmd.exe C:Windows\sysnative\cmd.exe \c C:\WindowSystem32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography \v MachineGuid Wish I could be of some help. Hopefully an answer will be provided!

Beginning on 8/31/2023 MWB Started frequently executing “ EXPLOIT Payload Process Block”. Message says: Expoit Blocked Exploit attempt detected and blocked. It is no longer a threat. Open quarantine to learn more. This is documented : Under the BELL(Notifications) there is a note documenting it. Under Detection History: Nothing is listed under Quarantined Items Under History there is a list of items that state the date the time and that something was blocked and quarantined. It happened : Logging into GMAIL Logging into Bank site 5 Other times since 8/31/2023 that I am not sure of what was happening. If the time listed for each item are correct, one I was not even using the computer at the time. MWB Version: 4.6.1.280 Update Package Version: 1.0.7.4843 Component Package Version: 1.0.21187 Messages List these as the Blocked & Quarentined: c:\WINDOWS\sysnative\cmd.exe c:\WINDOWS\sysnative\cmd.exe C:Windows\sysnative\cmd.exe \c C:\WindowSystem32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography \v MachineGuid I ran all PC Scans to detect Malware and found none. Is this a false negative situation? Or am I missing something? Can you please help? Thankyou.

I am experiencing the same issue today July 27,2022. The internet is up and working fine. As others have mentioned in other posts it seems to be the ability to connect to the update servers. This seems to be an on going issue. Any idea if there will be a fix ?