Ready912

Thanks for letting me know and for the quick reply, much appreciated!

Hi , I had MBAM detect an ASUS file as malware. I let MBAM quarantine and remove. Can someone please verify this? Any further action I need to take? I've copied the report below, and attached the log file. Thanks! Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/15/22 Scan Time: 12:00 AM Log File: 98e5d15c-03f2-11ed-9eb2-04922614ec1b.json -Software Information- Version: 4.5.10.200 Components Version: 1.0.1709 Update Package Version: 1.0.57249 License: Premium -System Information- OS: Windows 10 (Build 19043.1826) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 308579 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 7 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 Malware.AI.2180662197, C:\PROGRAMDATA\ASUS\ASUS KEYBOARD HOTKEYS\ATKOSD2HELP.DLL, No Action By User, 1000000, -2114305099, , , , , D5108BB8A3C1BCD5BB0D1646037CF6F2, A5DFA5F3E0A3407251B1166D525F8581131796FC51F90FBEFCCC0843C630B418 Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.2180662197, C:\PROGRAMDATA\ASUS\ASUS KEYBOARD HOTKEYS\ATKOSD2HELP.DLL, No Action By User, 1000000, -2114305099, 1.0.57249, 5E40D9DBC147C6DC81FA43B5, dds, 01859125, D5108BB8A3C1BCD5BB0D1646037CF6F2, A5DFA5F3E0A3407251B1166D525F8581131796FC51F90FBEFCCC0843C630B418 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) 98e5d15c-03f2-11ed-9eb2-04922614ec1b.zip

Issue has been resolved. I tried cleaning the installation as suggested in the other forum, but issue didn't go away until I also disabled the Excel Macro 4.0 abuse prevention which is on by default in MB. Restarted Windows, then issue went away.

I think there might be a FP with encrypted Excel files with today or last night's update. Starting today I was unable to open any of my password protected Excel files that I use daily, including my backups downloaded from the internet or other external drives. However I am able to open them on OneDrive and Google Drive without issue. When attempting to open the file an error in Excel pops up saying there is a problem with some of the content in the file and asks to attempt repair. After clicking Yes, it says the file was unrepeatable and corrupt. Excel files without a password can be opened without any issue. After spending an hour with Microsoft office support, the representative temporarily turned off Malwarebytes and everything was back to normal. I could then open files that are password protected. The rep said that MB was stopping the files from being opened and detecting encrypted Excel files as malware. I then created two brand new files one password protected and one without, to test with MB on. Issue reappeared. "PasswordTest" is the password for the test Excel file attached. I'm on MB 4.5.9.198, update package 1.0.56033. Component package 1.0.1699; Office 365 version 2205 build 15225.20204 Windows 10 Home Version 21H1; OS build 19043.1706; Experience Pack 120.2212.4170.0 Thanks! fpreport-excel.txt FP-Excel.rar

It was flagged in the Browser Guard, when I visited the site upon it loading up in Firefox. I do have Malwarebytes Premium installed as well, but it didn't flag anything.

Hi I was visiting https://wonderpens.ca/ and Browser Guard flagged/blocked "code.jquery.com" on the site as malware. Can you help check if the site has been indeed compromised or is if it's a false positive? Thanks!

Thanks again Dashke for all info and help, it's very much appreciated! 🙂

Also forgot to ask, if I need to do anything on my own PC to ensure it is safe after having been on that website (I did not enter any info on the website)? I ran MB and Windows Defender, both say my PC is clean.

Wow! Thanks so much for the response Dashke, I'm so glad I checked with you guys first! Maybe this is a more general question. But with this kind of issue, I'm assuming they can steal any info someone enters on that website (name, address, email, etc.)? Does that also mean info Paypal transactions can also be taken?

Additional info: hxxps://yupik.com/ Happens when I look in the cart or go to the checkout page. MB browser guard also picks it up as malware too. Don't know if the site is safe or compromised. Thanks in advance.

I was using Firefox today at an online store I usually visit and MB popped up saying Blocked website with category as Hijack. Category: Hijack Domain: amastybootstrap.online IP Address: 193.38.54.88 Port: 80 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe What does this mean and what should I do? Is Firefox or my PC compromised?

Thanks for the update! Much appreciated!

Tried today, and seems like everything is fine, but definitely Browser Guard had flagged something from Amazon.ca as malware on Saturday as seen in the spike from the graph.

I just finished trying it out on my wife's laptop (running Windows as well) and I was able to load up Amazon.ca's website with both Chrome and Firefox. Went to Amazon's Customer Service link and then Browser Guard kicked in and flagged the site as having a Trojan. Not to long after it was flagged on Chrome as well.

Hello, I tried visiting Amazon.ca this morning and I get the message from Browser Guard: Website blocked due to trojan Website blocked: www.amazon.ca Malwarebytes Browser Guard blocked this website because it may contain malware activity. We strongly recommend you do not continue. I am getting the same result from Chrome and Firefox where I have Browser Guard installed. I have no problems visiting Amazon.com, and yesterday the .ca site was fine. Any ideas what's going on, and does that mean Amazon.ca's site is compromised? Thanks!