gen-hackman

Hello Still blocked since.............

I know the numeric signature is not recognized by trustprovider but it's the only way I found to sign py tools without pay lol ^^

Hello Thanks a lot

Hello Malware community Malwarebytes detects my tool as malware https://www.cjoint.com/c/JDBnTPJPDdj numeric signature is not ercognized by Trust Provider but it's the only free solutioon I found to sign my tools ^^ (Symantec timestamp) Is something possible to do to bypass it ? Best Regards g3n-h@ckm@n QuickDiag.7z

Hello, Malwarebytes extension for firefox blocks this link : moz-extension://bfdafadf-fba6-464d-89c6-d751b12d3c68/app/eventpages/block.html?referrer=www.aht.li&url=https%3A//www.aht.li/3213847/AdsFix.exe&host=www.aht.li&type=scam&subtype=suspiciousDownload&tabId=35&filename=AdsFix.exe&rules=specific it's OVH cloud for my tools real link : https://www.aht.li/3213847/AdsFix.exe Eplanations : https://translate.google.fr/translate?sl=fr&tl=en&u=https://genhackmantools.wordpress.com/adsfix/ Thank you to do the best Best Regards g3n-h@ckm@n

hello tu supprimes et recrées la clé via script : [-HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains] [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains] ""=""

ok thanks I give you the log by MP

okay I'll do that so I don't understand why It scans winsxs folder , it takes some time and I have never saw some infections in this folder in 10 years desinfecting ^^

Ok I 'll delete some lines in the log that I do not want to show

sorry I uninstalled Malwarebytes , I'm gonna reinstall, do a new complete scan and give you the log when it'll be ended the datas , as I remember aren't displayed in the log, only keys and values

If forgot to says it's detects my Program ProcessClose like a malware too it's in download in 10 sites or more ( sosvirus , toolslib, majorgeeks, etc..... ) https://www.google.fr/search?ei=196IW8SmKMyalwSymaHICA&q=ProcessClose+g3n-h%40ckm%40n&oq=ProcessClose+g3n-h%40ckm%40n&gs_l=psy-ab.3...11896.20665.0.21317.12.12.0.0.0.0.262.1754.0j10j2.12.0....0...1c.1.64.psy-ab..0.7.1023...0i19k1j0i22i30k1j33i160k1.0.x6Yoz-wt7qU I attach the file. ProcessClose.zip

Hello Malwarebytes detects HFS.exe like a malware analysing my Computer in it's last version, but it's 100% legit , it comes from Rejetto Http File Transfer ( Allows to transfer a file giving a link in http from PC to PC without Server, I use it for a long time.(perhaps it's cause we have to open a port in the box to make it work it's detected like this.....) http://www.rejetto.com/hfs/ In Virustotal analysis, Malwarebytes says it's Clean..... (zip containing the file attached) ====== it detects too as a Dns.unlocker but these IPs are "Free" OPEN DNS and local IP connection to my box [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]~[DhcpNameServer] : 212.27.40.240 212.27.40.241 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82eba569-60eb-4390-9f4d-45fec09da1b1}]~[DhcpNameServer] : 212.27.40.240 212.27.40.241 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b51955e3-93cb-4826-ac4f-741fec48fcd4}]~[DhcpNameServer] : 192.168.42.129 The value "NameServer" was detected too like a dns.unlocker but I looked in the registry at this place and there's nothing written in this value , no data. ISP: Free SAS Organization: Free SAS AS Number: AS12322 Free SAS 192.168.42.129 => Local ===== And like said My friend rubised in the other topic, detects cjoint.com like Fraud, but here's some examples to show you that's a really a false positive https://quttera.com/detailed_report/www.cjoint.com https://sitecheck.sucuri.net/results/www.cjoint.com And from the Kaspersky VirusDesk : Le lien https://www.cjoint.com est sain Ce lien est sain conformément aux données de réputation de Kaspersky VirusDesk. does mean in english : The link https://www.cjoint.com is healthy This link is healthy according to Kaspersky VirusDesk reputation data. ===== a Last thing : while analyzing my computer, malwarebytes takes very much percents of my processor , I cannot do anything other, it makes my computer going very slow almost static, the browsers pages cannot refresh correctly cause all the processor is taken by Mbam here's an example (png attached) , and sometimes it goes over 80% of the processor hfs.zip

Thank you very much have fun

Hello my tool is taken for a ransomware like you can see on these pictures : If you want to do some tests it's downloadable here : https://toolslib.net/downloads/viewdownload/20-adsfix/ Thanks to do what you can Best Regards, g3n-h@ckm@n

hello MBAE doesn't support TOR .... it's normal ?

ok thanks for the reply

hello does MBAE Auto-updates ? here's a screen confirming that it works correctly https://dl.dropboxusercontent.com/u/22950063/MBAE.PNG

thx

here it is ! http://cjoint.com/?CFgwtc3YqZi inside the zip , there are the file detected and the log of real time protection

ok i found it i sent you that

where can i find the log for the detection in real time ?

you sent me where we can't post == the detection is made in the real time protection , not in the scan

ok I'll do

hello I come back to you to say that Malwarebytes puts in quarantine C:\Program Files\AutoIt\AutoIt3.exe detected like a trojan.Inject

ok sorry mbam was not updated thanks