Hndy

Malwarebyte lately has been blocking 'Daniel's XL Toolbox' from starting together with Excel, marking it as an exploit. The add-on for Excel is downloaded via https://www.xltoolbox.net/ Attached the detection .txt I think it's a false positive. Kind regards. Daniel's XL Toolbox.txt

Dear Maurice, Perfect, thank you very much for the well-explained tips and for your help!!! Much appreciated. I'm glad to say that I had already installed the malwarebytes browser guard on all machines. Love all your other tips as well! Again, thank you for your help and have a great new year's celebration! Kind regards.

Hi Maurice, I followed the steps above, and scanned the computer once again. This time, no malware. Attached the scan results. Is it save to sign back into our chrome accounts on this pc, or are there other steps that have to be done first? Thank you for your help. Kind regards. Scanresults_dec.txt

Hi Maurice, I planned to do it on all machines at once since the very last step in the link (LINK) posted by nasdaq earlier in the thread said: "If you use Chrome to log in to any Google service from any other computer, please follow these steps before turning on Chrome sync on those computers as well. Failure to do this will cause this problem to continually reoccur." If you think one machine at a time is better, I'll do that instead. Kind regards.

Hi Maurice, My family has not yet brought their laptops home. I expect the laptops tomorrow. Will keep you updated. Thank you for your interest and help! Kind regards

Dear Maurice, Thank you very much for your detailed explanation and for your help!!! Tomorrow evening, I will follow these steps again on this computer and on my family's laptops where Chrome is currently syncing the same accounts to ensure that the issue will get solved. Afterwards, I will export the report after quaranting the malware, and get back to you. Kind regards.

I have followed the steps on the computer I am on, but have seen that it should be done on all computers where the google account is signed into chrome. Since my family's computers are in different locations, I should collect them and repeat the steps tomorrow on all of them together. Will update.

Hi nasdaq, Thank you for your help! I will try out your solution immediately and will update you on the progress. I hadn't been able to answer earlier due to workload. Kind regards.

Dear all, Often, I keep finding PUP.Optional.MailRu in my scan results. It seems it resides from Chrome: Chrome\User Data\Default\Sync Data\LevelDB, Chrome\User Data\Profile 1\Sync Data\LevelDB, or Chrome\User Data\Profile 2\Sync Data\LevelDB. Even after deleting the quarantaine, it keeps returning after several days. Could anyone help me remove the strange malware(?) from my computer? Attached a .txt from the scan results today. MailRu.txt

After having had the program installed for over a half year, malwarebytes suddenly marked it as a generic malware. When trying to download the program again, it also blocks it from installing. It's a pomodoro timer, downloaded from GitHub. I don't believe it is a malware. Could someone look into it please? https://github.com/YetAnotherPomodoroApp/YAPA-2/releases/tag/v2.0.141 Downloaded via the above link.

Thank you all for your replies! That is very interesting!

Hi! Thank you very much for your reply! Interesting! A Malwarebytes scan does not return anything. It only popped-up as if blocking a site while I was playing a Steam game, and also not always. If it happens again, I will let you know whether Chrome was on or not and perform the steps you suggested.

Malwarebytes blocked websites that apparently originate from Steam.exe and Bittorrent.exe. I didn't imagine that to be possible. Could you help me with solving this? Attached the reports of the two detections. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 15/12/2019 Protection Event Time: 17:09 Log File: 437b5572-1f55-11ea-879d-00059a3c7a00.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.770 Update Package Version: 1.0.16212 Licence: Premium -System Information- OS: Windows 10 (Build 18362.535) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 37.49.227.202 Port: 59205 Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 13/12/2019 Protection Event Time: 23:02 Log File: 4c7d9098-1df4-11ea-951f-000000000000.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.770 Update Package Version: 1.0.16126 Licence: Premium -System Information- OS: Windows 10 (Build 18362.535) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Users\Daniel\AppData\Roaming\BitTorrent\BitTorrent.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 213.152.162.170 Port: 61637 Type: Outbound File: C:\Users\Daniel\AppData\Roaming\BitTorrent\BitTorrent.exe (end)