Jump to content

BigArachnotron

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by BigArachnotron

  1. Hello Maurice. Initially what happened is that I received an alert from google stating my computer had a suspicious app, a situation that had never happened before, but I am starting to suspect it might had been an issue with a VPN service I was using as even this forum won't allow me to post with my VPN active. I have been working from home, so I need to use a VPN to connect to some services, but I was worried about a possible intrusion. If you do not think there is anything else to do, then I just want to thank you for time and assistance in this matter. Is it safe to remove all the scanners we have used thus far now? I have not received another alert since I started this thread. Once more, thank you very much for your help. Kind Regards.
  2. Hello Maurice. The zip file was not quarantined, and it was left as usual. I intend to go back to it as soon as I finish other projects as this an interesting subject. As far as scans, we have gone through MBAM, ADWCleanr, Kaspersky, ESET and one Custom Script through FRST. Is there anything else I can do? Once more, I appreicate your help with this matter and thank you. Kind Regards.
  3. Hello Maurice. This time it did find an item, but it was a zip file from a book I purchased years ago about malware, these are nothing but samples from PAKT / O'Reilly Education, and the file has resided in my backup drive for a long time now so I would not attribute this recent event to this file. That said you will find the scan log attached to this file. I will be awaiting further instructions, thank you again for your help. Best regards. report_2023.03.25_18.01.53.txt
  4. Hello Maurice. After a few hours I was able to download and run the scan. It did find one PUP. I cleaned all but the ones pre-installed since they are used for updates. I will be awaiting further instructions and once more I appreciate your time and help with this matter. Best Regards. AdwCleaner[S00].txt
  5. Hello Maurice. I am getting a 502 error and it is not allowing me to download the application. How do I proceed? Thank you once again for your answer.
  6. Hello Maurice. Here is the scan log as requested. I will be awaiting further instructions. Thank you for your time on this matter, I know you are incredibly busy, so I am very thankful for your assistance. Kind Regards. ESETScanlog.txt
  7. Hello. I was wondering if the previous file was useful or if anything else is needed. Thank you for all your help. Kind regards.
  8. Hello Maurice. Here is the file as requested. I appreciate your time in this matter. Kind Regards. Fixlog.txt
  9. Hello Maurice. I have uploaded the results as requested. I hope you can tell me if there is something iffy going on. I need to add that my internet when in and off as I was uploading these files, but the support tool was active. Can the support tool interrupt the internet connection or anything like that or that is something else entirely? Thank you for your assistance, I will be awaiting your response. Best Regards. mbst-grab-results.zip
  10. Hello. I have been running through some issues these past days and I cannot tell if malware is involved or something else. In order: Network issues that cause all connected devices to experience some form of lag or delay. I have not been able to make purchases using paypal including buying Malwarebytes for Android. Pc starts restarting with a BSOD telling me about some error regarding nvlddmkm.sys. Today I get a message from google telling me about a Device with suspicious app trying to access my account when I try to log in using as usual and my firewall log is full of hundreds, and in one instance, thousands of FW.WANATTACK drops. I am running a full scan of malwarebytes for windows, including a search for rootkits but nothing was found. Any suggestions?
  11. Hello. Essentially, I came here to report the same. I decided to delete the files, are these important, I could reinstall Visual Studio again anyways. I will leave the report just in case there is something interesting. Regards. MBAMreport0210.txt
  12. Hello. This application I have been using for some time was detected as malware by MB today. I am attaching the log because while it is likely it is a false positive, I rather be on the safe side and let you decide. Thank you for your attention. Best Regards. IsaacDetection.txt
  13. Hi. Sorry for the delay. The issue was fixed with the update. Thank you for your help, I disabled Fast Boot anyways as it also created other issues with DWM.exe Kind Regards.
  14. Hello Porthos. I have attached the requested information to this post. I hope it can be of assistance. Thank you for your reply. mbst-grab-results.zip
  15. Hello again. I am going to upload some screenshots of the issue in question. It is really making me uneasy seeing this for this week. I will be awaiting your response. Thank you for your time.
  16. Hello. I have been running into a problem this past week in which on startup, MB throws me alerts telling me that one or more layers of real time protection have been disabled. When I go into the notification center, all layers are active and I cannot be deactivated without the tamper password. Please advice, how do I know if Real Time Protection is really on? I only have the GUI to guide me, should I reinstall the application? I will be patiently awaiting advice, thank you for your support.
  17. Hello Cli. Do you need me to send over the .exe files for revision? I merely attached the scan report. I have not removed the files in question from quarantine, do information in the report say if these files are safe? Thank you for your answer. Regards.
  18. Hello Everyone. Yesterday I created a thread about a malware.ai detection that seemed like a false positive. I did rescan today and not only the same file was not longer detected as malware but suddenly 9 new items were marked as malware. I would like to send you these files for revision but I am not sure if I should take them off quarantine as these are plenty of detections and I have made no changes to the system until today so I am very suspicious that perhaps this could be the work of some sort of malware infecting executables. I am attaching the report below: I would like to make clear that I do recognize these files, I installed Putty to connect through SSH to my firewall. Thank you for your time. MB9Detection917.txt
  19. Hello. I am attaching a zip file that contains the log and the file in question for review. I suspect this could be a false positive but I would like to know if it is actually malware. Regards. openAL.zip
  20. Hi. I ran into the most peculiar thing the other day. Malwarebytes was updated and it ran a post-update scan as it is usual. This scan takes longer than manual scans and I have gotten used to it taking around 20 minutes. This time however it went over an hour and it got stuck on the file DCIM/@G/[Gibberish] (See the image below). I was afraid that my phone had been on the process of being encrypted so I popped the SD out of the phone. The scan continued and went after yet another file with similar termination and after an additional hour I stopped the scan, trying to figure out what had happened fearing it had been a ransomware. I went to look into the SD and found out some images and videos had been corrupted, in fact Windows asked me to repair the device, perhaps a silly thing to do because I am not sure if there is wormable ransomware these days but I needed to know if my files were safe. I found out some were corrupted but thankfully I have this information backed into my PC and Cloud Storage. The most peculiar thing however is that my backup on Google Drive shown some of the corrupted files from my SD too. After restart, I set a manual scan and nothing was found. I backed up my SD data, format the SD and reinserted it back into the phone. I ran another scan and nothing was found. I left the phone on but unconnected to the internet and after 24 hours it seems to be functional with no changes whatsoever, I have Glasswire in the device and after reconnecting to the internet, there was no new service trying to connect to a C&C server nor anything unusual. As far as I can tell it works as normal. I am not sure what had just happened since I do not have any new apps nor I use this phone to browse the internet, I mostly use this phone as a camera and app authenticator and no changes have been done in months. I need to trust this device, I was wondering if there is a way I could send you logs from this device in case something is out of the ordinary. I am currently using a SD from Adata, perhaps the information had been corrupted over time and I did not notice, the SD is about 3 years old now. I hope you can help me with this matter, thank you in advance for your help. Kind Regards.
  21. Hi. I was wondering if there will a future update for MB somewhere in the future to look for something like Pegasus. There is a tool already by Project Mobile Verification Tool https://mvt-docs.readthedocs.io/en/latest/index.html which is open source BUT it asks you to connect your probably infected device to a PC via USB which sounds risky, ergo, you give the attackers enough time to move a PC compatible payload. Could something alike be baked into Malwarebytes in a future update? I am still checking for more information but my guess is that Pegasus possibly uses innate system processes to exfiltrate information which makes it hard to identify through glasswire.
  22. Hello. I was trying to log in to Prime Gaming when Browser Guard threw me a message: Website blocked due to malware pattern Page blocked: https://amazon.com.mx/ap/signin?clientContext=131-8597339-3924623&openid.pape.max_auth_age=900&openid.return_to=https%3A%2F%2Fgaming.amazon.com.mx%2Fprime%2Fusamazonlogin%2Fmx%3Fconfirm%3DALWAYS%26returnUri%3Dhttps%253A%252F%252Fwww.amazon.com%252Fap%252Fsignin%253Fopenid.return_to%253Dhttps%25253A%25252F%25252Fgaming.amazon.com%25252Fhome%2526openid.identity%253Dhttp%25253A%25252F%25252Fspecs.openid.net%25252Fauth%25252F2.0%25252Fidentifier_select%2526openid.assoc_handle%253Damzn_respawn_desktop_us%2526openid.mode%253Dcheckid_setup%2526openid.claimed_id%253Dhttp%25253A%25252F%25252Fspecs.openid.net%25252Fauth%25252F2.0%25252Fidentifier_select%2526openid.ns%253Dhttp%25253A%25252F%25252Fspecs.openid.net%25252Fauth%25252F2.0%2526&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=amzn_respawn_desktop_mx_mx&openid.mode=checkid_setup&siteState=clientContext%3D139-1348008-8264257%2CsourceUrl%3Dhttps%253A%252F%252Fgaming.amazon.com.mx%252Fprime%252Fusamazonlogin%252Fmx%253Fconfirm%253DALWAYS%2526returnUri%253Dhttps%25253A%25252F%25252Fwww.amazon.com%25252Fap%25252Fsignin%25253Fopenid.return_to%25253Dhttps%2525253A%2525252F%2525252Fgaming.amazon.com%2525252Fhome%252526openid.identity%25253Dhttp%2525253A%2525252F%2525252Fspecs.openid.net%2525252Fauth%2525252F2.0%2525252Fidentifier_select%252526openid.assoc_handle%25253Damzn_respawn_desktop_us%252526openid.mode%25253Dcheckid_setup%252526openid.claimed_id%25253Dhttp%2525253A%2525252F%2525252Fspecs.openid.net%2525252Fauth%2525252F2.0%2525252Fidentifier_select%252526openid.ns%25253Dhttp%2525253A%2525252F%2525252Fspecs.openid.net%2525252Fauth%2525252F2.0%252526%2Csignature%3DHrcXuEpGedNnB7L7OmWtvTCNRboj3D&marketPlaceId=A1AM78C64UM0Y8&language=es_MX&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=amzn_gaming_prime&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0 Malwarebytes Browser Guard blocked this website because it may contain malware activity. I reduced the font to make the message smaller as both picture and straight text took some space. Could this be a false positive? I mean Amazon is targeted a lot. I'd let you decide. Thank you for your time. Kind Regards - BigArachnotron.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.