Jump to content

Pidd

Honorary Members
  • Posts

    75
  • Joined

  • Last visited

Everything posted by Pidd

  1. Received the same block just minutes ago, came here straight away to see what's up. I would like to know what's causing this as well.
  2. I've had no similar issues or blocks happening, and we just cleared the cache and cookies through a fix. I think I'm fine, no plans on revisiting that link. I barely click links my friends send me.. Thanks for everything again! I'll go ahead and remove FRST later tonight.
  3. I think you might be correct @AdvancedSetup. Log attached! mwb_block.txt
  4. I'll check them out, thanks! MWB did however not like the second link, immediately made a block..
  5. I don't think so. Apart from that blocked threat, nothing out of the ordinary has been going on. And that definitely shouldn't be a problem anymore. I'm assuming all logs looked fine? If you're good, I'm good! If nothing else, you can go ahead and close the thread. Thanks again for all the help and making sure my computer is clean! Cheers!
  6. Alright Kevin, I ran them both. Logs attached! A little fyi though, while I was logged out from my accounts/sites I didn't necessarily have to retype all my passwords.. Which was one of my worries running the fix. I do hope everything is fine. Thanks! Fixlog.txt msert.log
  7. Hi Kevin, I'm back - thank you for your patience. Not super keen on running that fix though, so I'd rather pass. My PC hasn't been acting strange, and all my logs appear to be fine. Unless it's a very hard recommend from you. Do I still proceed with the Safety Scanner? Have a good day!
  8. Thanks Kevin! Fresh logs attached. Hope they look good as well. Just a heads up, if I don't answer in time please don't lock the thread yet. I won't have access to my computer until Tuesday starting tomorrow. FRST.txt Addition.txt
  9. Hi Kevin, No more than the initial one block. And yes, I very much intend to uninstall it. I haven't opened it since the block and don't trust it anymore. Even if it turned out to be a false positive. Thank you! EDIT: I just uninstalled it. Nothing weird happened. When I checked the firewall settings, it still shows up though. Together with other uninstalled apps/games, so it doesn't seem to be out of place. Is there a way to remove it completely? Or maybe it doesn't matter. Still seems to be allowed in my public network, which is the one I'm using.
  10. There you go, logs attached. Thanks for helping me, I'm out for the day - good night! Zemana_report.txt
  11. Oh, I did end up finding it and I uploaded it to virustotal. I copy'd the link to my earlier reply. Or is this another step? Sorry for the many questions!
  12. Hi Kevin, What does it do? Just tbought I'd ask before running it..
  13. Thank you @AdvancedSetup! I'm assuming it's safe to uncheck it :) Have a good night/day, and I'll wait for Kevin to get back to me with my actual problem. I do appreciate you stepping in clearing Office thingy, made me slightly less worried!
  14. Hi Kevin, I can't find Program Files under my C:. There's only been the one block yes, but the firewall rules have been there for a while. I haven't opened the program since the block happened. When we're done here and/if things are looking OK, I feel like uninstalling it is the way to go. Let me know how I can find the plugins.dat file you're after, and I'll scan it and get back to you! EDIT: found the file under C:\Programs. Link: https://www.virustotal.com/gui/file/ed704ca7b587bb8829d4115f3e98e85cdcd5e8cc53388ca35bcd2e492c6d9f43 EDIT2: All of a sudden MWB made an entirely different block just now. I opened a word document of mine (completely legit Office 365). What even is this? What does it mean? Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/17/21 Protection Event Time: 12:21 PM Log File: 0b4dbeb1-17a1-11ec-96b3-244bfede9b26.json -Software Information- Version: 4.4.6.132 Components Version: 1.0.1453 Update Package Version: 1.0.45016 License: Premium -System Information- OS: Windows 10 (Build 19043.1237) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, ComSpec=C:\Windows\system32\cmd.exe, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Word Protection Layer: Application Behavior Protection Protection Technique: Exploit Office WMI abuse blocked File Name: ComSpec=C:\Windows\system32\cmd.exe URL: (end)
  15. Alright, logs from FRST and AdwCleaner attached. The logs from MWB can be found in the first post. Thank you! AdwCleaner[S00].txt FRST.txt Addition.txt
  16. Just ran the AdwCleaner. The scan took like 3 seconds and didn't find any PUPs or adware, but flagged Samsung SmartSwitch as a preinstalled program. I use this to update and backup my phone, and don't want to get rid of it. Do I leave it unchecked and press quarantine to continue?
  17. Simply rename FRST64 to "uninstall", am I remembering this correctly? I'll get you the FRST and AdwCleaner logs most likely tomorrow.
  18. Thanks for getting back to me, Kevin! Please see the question about FRST in my post. Can I use my current one, and does it matter that I've used it before? Also, approximately how long does the AdwCleaner scan take?
  19. Hi, I would very much appreciate some assistance in checking if everything is OK. Yesterday MWB warned me of a blocked website (see attached reports). The only time I've seen something similar (outbound) was earlier this spring when there was a false positive on Discord. Naturally I'm a bit worried. I've scanned with MWB and Windows Defender, and they both came out clean. So far it has only happened once, and I haven't noticed anything strange on my PC. In regards to logs from FRST (if needed). I already have it on my desktop from earlier this year (FRST64) alongside a Fixlog and the folder FRST-OlderVersion, as well as a folder on my C:. Should I simply rename FRST64 to FRST64English and run it, or do I need to download it again? Thank you and have a good day or night! Regards, Peter mwb2_2021.txt mwb_2021.txt
  20. Sounds good Kevin, thanks! Should I go ahead and remove it, or are we using it to remove the block in the fw? Could do that manually though, I guess. Have a good weekend!
  21. I don't think we have to do any final scans. Do you? Pretty sure there was never any infections, and we know the problem now which has been solved. I would however like to re-allow airdc and remove FRST again. I haven't touched it since we last ran it. There's a folder on C: and on my desktop I have FRST64, Fixlog and FRST OlderVersion. Same procedure as last time, just rename FRST64 to Uninstall? Cheers!
  22. Hi Kevin, Alright, ultimately, and finally, some good news! I exchanged the router to a different model, but experienced the same issue. I think there was something wrong with the Asus interface, because I couldn't even reach the configuration despite everything looking good on my and my ISP's end. Either way, I got my hands on a router from my ISP which worked straight away. After that the blocks appear to have stopped! This was mid day on Tuesday, so basically two whole days with no blocked threats which feels pretty damn good haha.. Without jinxing anything, only some clean up is left to do before we can finally close this thread :)
  23. Hi Kevin, So the router arrived yesterday, but new problems have appeared.. It might be something wrong with it. Can't connect to it. I've received help from both my ISP and where I purchased it, but we can't seem to get it to work. Need to exchange it, I'll update you when a new one hopefully is up and running.
  24. Ordered the Asus RT AX-55 just now. Will be in stock next week, so unfortunately not much I can do until then. Hopefully my computer will survive the blocks for another week.. Just wanted to let you know!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.