Kajisight
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Kajisight
-
-
What operating system are you using? There is a delay in many cases of IP alerts. If you navigate away from the page too quickly, you won't get an alert. I've experienced this myself on my own system
OS: Windows XP Home Edition
I tried going to "http://iptest.malwarebytes.org/" to test it, the log shows it blocked it but I never saw an alert. I even left it trying to open the page for a minute just in case.
-
Hello.
Open Malwarebytes' Anti-Malware and click the 'Protection' tab. Tick the following option:
Show tooltip balloon when malicious website is blocked
That should get those balloons to start appearing again. By default that option is selected, so someone must have disabled it at some point
Just checked it's already ticked.
-
I just recently started using the protection module, an for some reason the tooltip balloon never appears when it blocks something. I can see in the log that it did block something, it just never warns me.
-
I just updated to 2907, the loop looks like it's gone.
-
Thanks for the fast reply.
-
I have database version 2905 and when I click update it downloads an then says "The database was successfully updated from version 2905 to version 2905.". If I click update again it does same thing, is this just my pc or is there something wrong?
-
I started picking this up today also. I ran a full scan yesterday and nothing, today 15 items and counting. I only visited a few pretty well trusted forums today, so it didn't seem likely, then I checked in here. Since it looked suspicious I aborted and will run in "Developer Mode" as soon as I've posted.
Thank you so much for replying, knowing I'm not the only one made me feel better. Anytime a scan picks up something my heart skips a beat lol.
-
I just right clicked actskin4.ocx an scanned it with MBAM but it found nothing, why would the quick scan find it but not the manual file scan?
-
i just ran a quick scan and it found 19 infections, I then ran the scan in the developer mode.
Malwarebytes' Anti-Malware 1.41
Database version: 2880
Windows 5.1.2600 Service Pack 2
9/30/2009 10:15:29 PM
mbam-log-2009-09-30 (22-15-27).txt
Scan type: Quick Scan
Objects scanned: 92798
Time elapsed: 1 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\TypeLib\{90f3d7b3-92e7-44ba-b444-6a8e2a3bc375} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\Interface\{4921908c-7090-4d37-a6b3-fc447f08378a} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\Interface\{750fc67c-0311-4391-9864-a2efed49bd28} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\Interface\{f3fc950c-7583-4377-bad8-efbeaa33273c} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142
5241869142325712067181869192068269413014739]
I uploaded the actskin4.ocx file to VirusTotal, here's the link to the results.(Only 1 scanner on VirusTotal found something, it was eSafe that detected "Win32.Flooder.IM.VB." Since just 1 at VT found it, it prolly is a FP?)
-
Updated and then restored the file that was in quarantine, an scanned after doing that and it all came up clean. Thanks for the quick replies guys, you guys are so fast when it comes to fixing FPs.
-
I have the same problem. This is FP
Thank you for posting! I feel so much better knowing I'm not the only one, should we wait for a reply before we let MBAM take it out of quarantine an back to where it was.
-
I scanned my computer with MBAM and it found nothing, I had Database version: 1708 at the time and it found nothing. Then I clicked update after the scan an let it up so scanned again an it found this.
Malwarebytes' Anti-Malware 1.33
Database version: 1709
Windows 5.1.2600 Service Pack 2
1/30/2009 1:16:40 PM
mbam-log-2009-01-30 (13-16-40).txt
Scan type: Quick Scan
Objects scanned: 50705
Time elapsed: 3 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\beep.sys (Trojan.Patched) -> Quarantined and deleted successfully.
I let MBAM remove it an let it reboot like it said. After the reboot I scanned again and it found nothing, should I be clean now if it's not a FP?
-
Trend Micro Housecall 6.5 is saying C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe is infected with JOKE_AGENT.
-
Updated to the newest version and everything is fine now. You guys are really fast when it comes to fixing FP, keep up the great work.
-
-
Sorry that I didn't read the "Before reporting" thread before posting the above, I will post what it told me to.
Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2
10/4/2008 7:58:19 PM
mbam-log-2008-10-04 (19-58-17).txt
Scan type: Quick Scan
Objects scanned: 44833
Time elapsed: 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Blake\Local Settings\Temp\_is3.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_is4.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_is5.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_is6.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_is7.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_is93.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_isF7.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_is1.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_is11.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_is1C.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_is1D.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_is2.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
C:\Documents and Settings\Blake\Local Settings\Temp\_is23.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172
12517361917211717222022222223222425353918382519361726171717172020373525353638222
0
22202334182323341726382538371724171717172535193736362320212117172334172639392423
1
72139393722222022173939182236252321212117172535212320252520392517212422212122202
2
20233419192334171825353638382536201724171717172535212317363539]
-
I updated to DB 1229 and ran a quick scan an found this.
Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2
10/4/2008 7:32:38 PM
mbam-log-2008-10-04 (19-32-36).txt
Scan type: Quick Scan
Objects scanned: 44708
Time elapsed: 1 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Blake\Local Settings\Temp\_is3.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_is4.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_is5.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_is6.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_is7.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_is93.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_isF7.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_is1.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_is11.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_is1C.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_is1D.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_is2.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Blake\Local Settings\Temp\_is23.exe (Rogue.Installer) -> No action taken.
I uploaded each file to VirusTotal an they all came back clean, since they all came back clean should I just ignore it?
Tooltip Balloon Not Appearing
in Malwarebytes for Windows Support Forum
Posted
Sorry that it took me a while to reply, I changed the value in the registry and the tooltip now appears when stuff is blocked. I feel a lot safer now since it's able to tell me now right when it blocks something, thank you so much for the help.