redwolfe_98

hello. please add "stripe.rs-stripe.com" to the blocklist. i see lots of ads at the "bigleaguepolitics.com" website which are delivered via "stripe.rs-stripe.com". also, please make "malwarebytes security safe browsing", for "android", compatible with the "adblock plus browser" (for android) which is built on google's "chromium". the "safe browsing" protection works with the "chrome" browser (with android) but not with the "adblock plus browser", again, which is built on "chromium". the "malwarebytes security safe browsing", when used with the CHROME browser, was not effective at blocking ads at the "bigleaguepolitics.com" website which were being distributed via "stripe.rs-stripe.com." it's more important to me to have the annoying ads blocked by using the "adblock plus browser" rather than using "malwarebytes security safe browsing" with the "chrome" browser where ads are NOT blocked, at least not from "stripe.rs-stripe.com." i am glad to have the "malwarebytes browser guard" for my regular windows 10 PC, using it with the "chrome" browser. i know that it IS effective at blocking malicious URL's and malicious IP addresses. i was going to purchase a license for the "malwarebytes security" program, for android, except that its "safe browsing protection" does not work with the "adblock plus browser" (for android). please try to make the "malwarebytes security" program compatible with the "adblock plus browser" (for android). i will mention that "browser guard" did NOT block malicious URL's that were listed at "scumware.org": https://www.scumware.org/ (but it DID block malicious URL's and malicious IP addresses listed at "vxvault.net": http://vxvault.net//URL_List.php

i will just say that, for me, the only reason i will ever run JRT again is just to see what problems it causes, if i decide to do that..

i saw one thread where you said that, somehow, your forgot to include whitelisted items in JRT 8.0.4, another thread where you said that another legitimate program needed to be whitelisted, in a future-release.. until these problems are addressed, shouldn't JRT 8.0.4 be pulled? or, better yet, fix all of the problems with the program? why should it take weeks/months/years to address problems with JRT 8.0.4? https://forums.malwarebytes.org/topic/180514-jrt-removes-program-files-for-sage-50-canadian-2016-edition/

i don't think JRT is fit for public use, that it should only be run to see what problems it causes..

here is another case whre the windows-default "searchassistant" regkey seems to be being removed, if you look at the JRT scan-log that the person posted: https://forums.malwarebytes.org/topic/178891-wired-problem-with-jrt/ i don't know why you can't see that JRT shouldn't remove windows-default regkeys.. you say that you can't reproduce the problem even though everyone else does..

advancedsetup, i assume you ran JRT 8.0.2 and let it remove the regkeys, for testing?

i don't really care why my IE 6 won't open when the regkeys are removed.. the important thing is that the regkeys shouldn't be being removed, then there is no issue with IE..

and of course the "SearchAssistant" regkey shouldn't be being removed either..

so this means that the two toolbar-values that are being flagged by JRT are legitimate and that JRT shouldn't remove them..

i didn't catch that the second toolbar-value that you mentioned was the other one that is being flagged by JRT..

advancedsetup, thanks for looking into it.. at least y'all now know to stop removing the one regkey since it is a "default" regkey.. i just assumed that the "{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}" "value" didn't exist, by default, because, when i was reading about it, a couple of people said that they didn't have it on their computers..

i think the reason that IE 6 won't open after JRT removes the cited regkeys is because IE's GUI relies on them..

p.s. i did follow MS's advice to disable SSL3..

i don't know what the default cipher-strength is.. i just update IE 6 as the updates come out..

from what i have read, the "{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}" "toolbar"-value doesn't exist by default but is generated when IE's toolbar is customized in some way, such as be adding or removing buttons, or moving them around..

hello.. sorry for my "late" reply.. no, i don't get any error-messages when i try to open IE.. it just won't open.. and i didn't see anything in windows "event viewer".. from what i was able to find on the internet, one of the "toolbar" items is associated with managing the buttons in IE's "toolbar", which explains why it is used by "emusic", since the "emusic" adware adds a button to IE's toolbar.. however, the CLSID that is being flagged is not for emusic's toolbar-button, or else it would be flagged by "hijackthis".. (i remove all third-party toolbar-buttons, such as the one that was installed by the "paltalk" program).. the other toolbar-item that was flagged seems to be associated with IE's "tools"-menu.. i will leave it to malwarebytes to work things out, to figure out that the regkeys that are being flagged by JRT are legitimate and that they shouldn't be being removed (despite symantec's associating them with malware, and then everyone else's following suit).. advancedsetup, i really don't want to go to the trouble of removing the regkeys just to confirm that doing that will wreck IE, necessitating running ERUNT again, to fix the problem.. i have already been through that twice, once with JRT 8.0.0 and then again with JRT 8.0.2.. however, maybe i will do that, removing the regkeys, as you suggested.. i just haven't done it yet..

here is a "hijackthis" scan-log.. i also am including a screenshot if my IE's "about" since the hijackthis scan-log says that it couldn't detect which version of IE that i have.. hijackthis.txt

here are some frest FRST scan-logs, in case you want to see what is on my computer.. FRST.txt Addition.txt

IE 6 will not open after JRT removes the regkeys.. if i use "ERUNT" to restore my registry, then IE 6 will open again.. here are the "values" for the 3 regkeys that you asked about: HKCU "startpage" = http://www.google.com/webhp?complete=0&nord=1HKLM "startpage" = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=homeHKLM "SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmthe second two should be windows-default-settings.. the first one is what i set for my homepage.. i imagine that it is the other two "toolbar"-regkeys that are removed that are the problem.. i think the two toolbar-regkeys that are being flagged are legitimate, that they just happen to be used by some malware-variants and so they are erroneously being labelled as being "bad".. i have seen that happen before, where a legitimate regkey was erroneously labelled as being bad when it was used by a malware-variant.. i used JRT before malwarebytes got it and it didn't flag any of the regkeys that are being flagged, in the past.. incidentally, JRT build 8.0.0 flagged the same regkeys that are being flagged by build 8.0.2.. no malware has ever been detected on my computer which is one reason i would think that the regkeys that were flagged are false-positives..

when i run JRT it removes some regkeys which wrecks "IE 6" on my computer, running windows xpsp3.. here is the "scan-log": ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.2 (01.06.2016)Operating System: Microsoft Windows XP x86 Ran by user (Limited) on Mon 02/01/2016 at 2:09:27.64~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~File System: 0 Registry: 5 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\\{1E796980-9CC5-11D1-A83F-00C04FC99D61} (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\\{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} (Registry Value) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 02/01/2016 at 2:11:19.62End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~incidentally, when i run JRT, it prompts me to run it with administrator-privileges but i was running it from my windows user-account which has administrator-privileges.. (i only have one windows user-account and it has administrator-privileges).. (the JRT scan-log says it is running from a limited-user-account).. i don't need to be told that i need to install IE 8.. i hate IE 8 which is why it is not installed.. i only use "IE 6" when using microsoft's "windows update" and it works fine for that.. the regkeys that JRT is flagging are false-positives..

it is an avast-issue.. the avast program is trying to make connections to "su2.ff.avast.com" but "su2.ff.avast.com" does NOT resolve to an IP address and therefore the connection is redirected to the "92.242.140.21" IP address which is being flagged by the MBAM program.. y'all need to take up this issue with avast.. tell avast that the avast program is trying to make connections to "su2.ff.avast.com" but "su2.ff.avast.com" does not resolve to an IP address and, so, the connection is redirected to the "92.242.140.21" IP address which is flagged by the MBAM program..

hey bob.. 'sorry for my late reply.. files attached..

tetonbob, i didn't follow your instructions exactly.. i extracted the "mbar" files within "sandboxie", where i knew "mbar.exe" would not run automatically, causing a BSOD.. then i moved the extracted files to my harddrive.. then i tried running "mbar", but, as soon as i launched the "mbar.exe" file, i got a BSOD.. then i booted into "safe mode" and ran "mbar", and it ran successfully! since "sandboxie" was new, on my computer, i thought that maybe there was a conflict with it, so i completely disabled it, where its drivers and services were not running, and tried running "mbar" again, but i got another BSOD.. so "sandboxie" wasn't the problem.. then i tried completely disabling the "avira" program, disabling all of its services and drivers, and, THEN, "mbar" ran successfully! so, apparently there is a conflict between the latest version of the "mbar" program and the "avira" program.. i am using the latest version of the avira program, the premium version, build 14.0.7.468.. i am attaching the two new mini crash-dumps that were generated..

i think "malwarebytes" should add a feature to MBAE where it flags keylogging-trojans when they try to gain "low-level keyboard access", in order to be able to log keystrokes.. i am thinking that it wouldn't be hard for malwarebytes to add that feature to MBAE, and having it would be a real benefit.. in my own experience, i have only seen one legitimate program that tries to gain low-level keyboard access, and that was the "paltalk" program (and blocking it from gaining "low-level keyboard access" didn't prevent the program from functioning normally, at least not as far as i could tell..the program was still usable)..