Jump to content

Hyena

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

1 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. It's a pretty unhelpful update but after reaching the bottom of the list, now with everything turned back on, the annoying block pop-up just seems to have... stopped? My theory at the moment is when you disable things in msconfig, they remain 'stopped' even once you enable them again, until whatever program is run again. So I'm guessing it must be one of the stopped programs that hasn't been reactivated yet - which doesn't really narrow it down for me as there's about 15 or so. Either way, touchwood, I guess it's fixed... kind of? :P
  2. Sorry for the slow update, had to be away from the comp all weekend. I'm about halfway down the list of possible programs it could be so far - It's very much looking like it must be one of the ones still blocked, as I haven't seen the pop-up for over a day since stopping them. The slow part is just checking each one- because the damn pop-up doesn't always show up instantly, so I'm having to run the comp for a few hours at least before moving on each time. Hopefully I'll be updating again in a day or two saying I've finally found the bugger! :D
  3. Done and done. Sure enough once I enabled everything again and came out of clean boot the pop-ups have started again.
  4. I believe I do add that extension myself... but pretty sure it didn't seem that great so I deactivated it. Hoping just removing it from the extension list will be enough to clear it completely? No problem doing that. ~ and yeah, it's pretty frustrating! Working through a list would've been a little tedious but at least it's a pretty standard process of elimination! As of right now, I still haven't had the website block pop up once all day... which is good but I also get a nagging feeling it'll just randomly show up again at any moment.
  5. So I reboot the comp again in clean boot last night - Left it running about three hours - No block pop-up. Then today I left it running about six hours, with chrome open- No block pop-up. Been using it 3-4 hours since then with chrome open/browsing, using chat programs etc as normal- No block pop-up. Really not sure what to make of it. Right now it looks as if everything is fine/fixed but that wouldn't explain why it did suddenly start popping up again last night.
  6. Bah and there it goes popping up again 😑 Still in the clean boot - I do have chrome open and have been browsing idly for the last 20min or so. No idea what would trigger it to suddenly pop up again like that.
  7. Hi again Kevin, Just running the clean boot now - disabled everything except MB and so far haven't seen any sign of the usual warning pop-up about that site, so that's a good sign! Usually it pops up the second I've rebooted and then constantly every 10-15mins or so afterwards. I'll stay on this clean boot for another 30mins or so, see if I see any sign of it but so far so good.
  8. Not quite sure I understand the question exactly. I've got an android phone that goes through the same wifi as the comp?
  9. No kidding! Thanks for sticking at it! Here's the history log. It always seems to block it in batches - 2-3 times at a time. MB_History_Report.txt
  10. Hi again, Here's the log from running RogueKiller again. RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19042) 64 bits Started in : Normal mode User : Stixx [Administrator] Started from : C:\Users\Stixx\Downloads\RogueKiller_portable64.exe Signatures : 20210407_080335, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2021/04/12 00:32:06 (Duration : 00:03:45) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Adw.Gen (Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|Weather -- [%_Stixx_appdata%\Weather\Weather.exe] -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{790F574A-91AA-400B-BB81-1BF5F5863A14}D:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe -- [D:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{0BC28CFC-CC4F-40D3-A8FA-77022325BA0E}D:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe -- [D:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{233E1206-77BA-4335-A43D-8438A25A7379}D:\programdata\wargaming.net\gamecenter\wgc.exe -- [D:\programdata\wargaming.net\gamecenter\wgc.exe] -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{A96882FD-85D0-4B24-9F8A-4A05812381BA}D:\programdata\wargaming.net\gamecenter\wgc.exe -- [D:\programdata\wargaming.net\gamecenter\wgc.exe] -> Deleted [Tr.Gen (Malicious)] 0031 -- %SystemRoot%\INF\usbhub\0031 -> Deleted => boot -- C:\Windows\INF\usbhub\0031\boot -> Deleted [PUP.HackTool (Potentially Malicious)] Scripts -- %SystemRoot%\schemas\Scripts -> Deleted => activator.bat -- C:\Windows\schemas\Scripts\ACTIVA~1.BAT -> Deleted I did that last night before bed - But annoyingly, first thing that pops up when I turn the comp back on today? That same Malwarebytes notification :D
  11. Hi again, I believe it flagged up eight things in total, here's the full log. RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19042) 64 bits Started in : Normal mode User : Stixx [Administrator] Started from : C:\Users\Stixx\Downloads\RogueKiller_portable64.exe Signatures : 20210407_080335, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2021/04/11 20:13:48 (Duration : 00:03:34) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> O4 - Run [Adw.Gen (Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|Weather -- C:\Users\Stixx\AppData\Roaming\Weather\Weather.exe --anbfs (missing) -> Found >>>>>> O87 - Firewall [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{790F574A-91AA-400B-BB81-1BF5F5863A14}D:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe|Name=Wargaming.net Game Center Renderer|Desc=Wargaming.net Game Center Renderer|Defer=User| (D:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe) (missing) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{233E1206-77BA-4335-A43D-8438A25A7379}D:\programdata\wargaming.net\gamecenter\wgc.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\programdata\wargaming.net\gamecenter\wgc.exe|Name=Wargaming.net Game Center|Desc=Wargaming.net Game Center|Edge=TRUE|Defer=App| (D:\programdata\wargaming.net\gamecenter\wgc.exe) (missing) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{0BC28CFC-CC4F-40D3-A8FA-77022325BA0E}D:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe|Name=Wargaming.net Game Center Renderer|Desc=Wargaming.net Game Center Renderer|Defer=User| (D:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe) (missing) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{A96882FD-85D0-4B24-9F8A-4A05812381BA}D:\programdata\wargaming.net\gamecenter\wgc.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\programdata\wargaming.net\gamecenter\wgc.exe|Name=Wargaming.net Game Center|Desc=Wargaming.net Game Center|Edge=TRUE|Defer=App| (D:\programdata\wargaming.net\gamecenter\wgc.exe) (missing) -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Tr.Gen (Malicious)] (folder) 0031 -- C:\Windows\INF\usbhub\0031 -> Found [PUP.HackTool (Potentially Malicious)] (folder) Scripts -- C:\Windows\schemas\Scripts -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  12. Hi Kevin, Thanks so much for the quick reply and help. Followed all steps without an issue so I'll attach all logs. Only thing I did notice was Adwcleaner did catch two files which is good but after the reboot Malwarebytes still popped up with block notifications about that website again. I'll have to wait and see if it pops up again, as it had been doing. Think I attached all the logs you requested but if I missed anything, let me know and thanks again! AdwCleaner[C03].txt MB_Log.txt MB_ScanReport.txt msert.log
  13. Only recently got Malwarebytes and loving it so far but every ten minutes or so it flags a website, saying it has blocked it. The website in question is one I've never visited so I'm happy to just block it for good. I'm sick of MBs constantly telling me it's blocked the website, is there any to get rid of it for good? I'm guessing something has infected the computer/browser that's causing this notification to keep popping up? Every time I run a full scan it says nothing detected - yet the notifications for this website continue to pop up as blocked every 10-15minutes like clockwork Any help would be really appreciated! Addition.txt FRST.txt MB_Log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.