tcloud

I can't think of anything i was doing unusual with the powerpoint -- just adding information and occasionally previewing it. I'm happy to stop McAfee ... actually looking for a reason to uninstall it as I have no intention of continuing to use it once the free year is up. Here is ARW folder: ARW.zip

I have not entered any exclusions thus far (dealing with a 99-year-old mother) and I've not had a chance to work on the powerpoint. (I had been working on it every day up until that happened, but situation has changed with my mother.) It's weird -- I noticed MWB had quarantined my local server (XAMPP) which I use every day. I never noticed any problem with it, even though MWB log said it had been quarantined. The RootsMagic .... I use it maybe once a week and never noticed it had been quarantined until I looked in the quarantine folder. I've never used the AxCrypt, only downloaded the executable thinking I might check it out some day. My own thoughts ? .... I suspect my new Dell XPS-8930 as there are hiccups. For one thing, it freezes at least twice a day for about 2-3 seconds. I can't help but wonder but what that doesn't cause problems for software. I'm using McAfee because it came with the Dell. Will probably go back to my Vipre when the year is up. I'm willing to help if I can.

Here is powerpoint 00-00 GEM-01.zip

thank you -- I've zipped all files into folder "MWB problem files"MWB problem files.zip

FYI, I got the data I posted from MWB > Notifications > Ransomware blocked ... on Report window, clicked "Advanced" and then export to txt So, there were no files for my initial query.

sorry, I don't know what files to zip, nor do I know what a virustotal report is ? Please tell me what files to zip (and where to locate them) and I'll be happy to submit them.

I see that it also quarantined my XAMPP apache service httpd.exe -- listed as "Malware.Ransom.Agent.Generic" AxCrypt-1.7.2976.0-Setup.exe -- listed as "Generic.Malware\/Suspicious"

Today, about 30 minutes ago, I was editing a PowerPoint presentation and a popup appeared declaring MB had detected Ransomware and had saved me from it. My presentation closed at the same instant, and attempting to restart it brought a window telling me that I'd need to find another app for this file. It removed my desktop icon and the executable for PowerPoint. My copy of Office is fully legal and nothing in it should be flagged as malware. When I was looking at the MB Quarantine, I noticed that several other programs I use had also been removed -- not sure what sin they committed. One was RootsMagic, a genealogy program that was also declared ransomware. Another was AxCrypt-1.7.2976.0-Setup.exe (Axantum Software AB AxCrypt File Encryption Software) ... not sure why it was quarantined. Don't remember the others. I found two logs for false ransomware quarantines -- PowerPoint and RootsMagic: -Log Details- Protection Event Date: 4/5/20 Protection Event Time: 3:43 PM Log File: 09c4ddae-777e-11ea-9374-402343bc1a84.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.859 Update Package Version: 1.0.21972 License: Premium -System Information- OS: Windows 10 (Build 18362.720) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 3 Malware.Ransom.Agent.Generic, C:\Users\tc\Desktop\PowerPoint.lnk, Quarantined, 0, 392685, 0.0.0 Malware.Ransom.Agent.Generic, C:\PROGRA~1\MICROS~2\root\Office16\POWERPNT.EXE, Quarantined, 0, 392685, 0.0.0 Malware.Ransom.Agent.Generic, C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE, Quarantined, 0, 392685, 0.0.0 (end) -Log Details- Protection Event Date: 3/9/20 Protection Event Time: 5:07 PM Log File: 51503484-6252-11ea-9cb4-402343bc1a84.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.835 Update Package Version: 1.0.20460 License: Premium -System Information- OS: Windows 10 (Build 18362.657) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 3 Malware.Ransom.Agent.Generic, C:\Users\tc\Desktop\RootsMagic.lnk, Quarantined, 0, 392685, 0.0.0 Malware.Ransom.Agent.Generic, C:\PROGRA~2\ROOTSM~1\ROOTSM~1.EXE, Quarantined, 0, 392685, 0.0.0 Malware.Ransom.Agent.Generic, C:\Program Files (x86)\RootsMagic\RootsMagic.exe, Quarantined, 0, 392685, 0.0.0 (end)

I just purchased a domain name and a hosting package so I could set up a sandbox site and it is blocked with the message "Website blocked due to malware" and another time "Website blocked due to adware". But this site only has an index.php page with no content in it yet other than an H2 tag with "Home" in it. I want this site to be visible to anyone -- I don't want everyone to have to unblock it. The domain is www[.]mytestsite[.]icu or mytestsite[.]icu (I haven't set up an .htaccess file yet).

problem has returned -- (and I'm not running grammerly) Windows 10 updated a couple of days ago then Windows crashed on me yesterday. This morning (5-12-2017) MWB reported Web Protection turned off. Rebooted and Malware Protection was off, but turned on without need for reboot. Checked the VIPRE file exclusions and modified all files to have full path I notice there is no "rules.ref" file anywhere on my C drive. believe it should be located - C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\rules.ref Since all has been good until this morning, I will wait to see if problem recurs before posting logs.

It can go for days before it fails. I'll report any issues when they occur. thanks

I stayed behind to do it .. didn't take long. The only file that was already excluded was mbam.exe It is a little perplexing that I could see none of the files in the system32\drivers folder from the VIPRE browse menu even though I could see them when I opened the folder in explorer. Then, after I entered the path directly into the file input field, there was no way to tell VIPRE to accept them, so I used the Return key and they now appear on the list. I hope that means it found the files.

thanks ... I thought I'd already done that. It's late now and I may not be able to attend to this until Monday, but I will take your suggestion. thanks again.

Not sure when it began, but I get error "Real-Time Protection layers turned off" after several hours of using computer. A log of when the failures occurred is below. I'm running Malwarebytes Premium, ver. 3.0.6.1469. I'm also running VIPRE Internet Security 2016 and SpyWare Blaster and Windows Defender is disabled. =============== I noticed that some others with similar problem are using VIPRE. My version is AntiVirus Internet Security 2016 -- Belarc Advisor lists -- Virus Protection: ThreatTrack Security VIPRE Malwarebytes Software Versions: ThreatTrack Security - VIPRE version 9.3.4.3 ThreatTrack Security - VIPRE Internet Security version 9.3.4.3 ThreatTrack Security - VIPRE SBVIPRE_PREMIUM_EN ThreatTrack Security - VipreEdgeProtection.exe version 2.3.4.7 (64-bit) =============== I began a log of the failures, but not immediately after they began. Note that the computer is turned on before 07:00 every day, so you can see how long it ran before the protection failed. 2017-03-23 Getting popup message saying Malwarebytes Real Time Protection is turned off. Can't turn it back on unless disable antivirus and reboot. Actually, don't need to turn off AV, just reboot and it's back on. rebooted 15:17 ... let's see how long before error message appears. ... running Scan ... complete 15:22 installed Belarc Advisor, got system details and uninstalled -- now restarting 16:00 -- restart (no date, probably 3-24) 14:12 -- attempt to uninstall Belarc Advisor 8.5c again and rebooted. 15:24 -- MWB still appears to be okay 17:00 (app.) installed Office 2016 after an hour or so with Microsoft tech support ... MWB still seems okay 2017-03-30 - 16:18 Real-Time Protection layers turned off One or more Real-Time Protection layers are turned off. Turn on all ... -- Web Protection turned off -- hangs with "Starting" 2017-04-02 -- not sure when, noticed at 16:25 reooted -- then 14:35, same as above -- Web Protection turned off -- hangs with "Starting" rebooted -- 16:40 -- all protection enabled 2017-04-04 -- Web Protection turned off -- not sure when, noticed at 16:25 2017-04-05 -- 14:30 had removed Win7GamesForWin8-Setup.exe with Revo and restarted .Rensomware Protection: Prevents ransomware from encrypting your files 15:45 -- noticed protection off again -- ransomware again 15:52 - after reboot, all protections okay 2017-04-17 10:00 -- no problem observed 00:44 (Monday morning) problem -- Web Protection turned off 2017-04-19 08:50 -- Web Protection turned off 2017-04-19 sometime between 1900 and 22:20 -- Web Protection turned off 2017-04-20 18:26 -- Web Protection turned off 2017-04-22 14:24 -- Web Protection turned off MB-CheckResult-.txt FRST.txt Addition.txt 2017-04-22 mwbytes-scan-report.txt logs.zip

I updated MBAM from 1.4.6 to 1.51.0.1200 and now it won't run -- details below: I downloaded and installed Able RAWer RAW Image Editor: http://webmessengertutorials.com/able-rawer-free-raw-image-editor_22435.html When I ran it, ZoneAlarm warned me that an executable named 0.87181453043776.exe ... was trying to access the trusted zone and internet to contact: http://92.38.233.191 ... I denied it access. I found the executable in my Local Settings/Temp directory and ran MalWareBytes on the file (0.87181453043776.exe) and -- I believe -- it identified it as a Trojan.Dropper. I then deleted the file. (I also ran TDSSKiller.exe and it might be that application that provided the Trojan.Dropper identification.) TDSKiller identified windows/system32/drivers/sptd.sys as a potential threat because it was locked. I have Daemon Tools Lite installed -- so I uninstalled it and removed the registry keys that were locked. ** sptd.sys is removed from my system -- could that be the problem? I downloaded the update to MalWareBytes (1.51.0.1200.) (I was running version 1.46) -- and now MalWareBytes will not run at all. ** I still have the logs from when I ran MBAM last June it they would help. I looked on-line for this problem and found several solutions -- beginning with renaming the setup file and the application file to fool apps that might be inhibiting it, including installing to a different directory -- no change, still won't run. I followed the solution posted at: http://spywarehammer.com/simplemachinesforum/index.php?topic=10307.0 - run TFC.exe (temp file cleaner) - reboot - run Rkill.scr - run MBAM ... still won't run. I read a thread on this forum ( http://forums.malwarebytes.org/index.php?showtopic=87029 ) recommending running MBAM-clean, disabling my anti-virus/firewall, install a fresh download of MBAM and run it. I followed those instructions -- still won't run. System information: XP-Pro v. 5.1.2600, SP-3 Build 2600 Board: Intel Corporation D865PERL AAC26719-209 Bus Clock: 200 MHz BIOS: Intel Corp. RL86510A.86A.0085.P19.0406281350 06/28/2004 2.80 GHz Intel P-4 8 KB primary memory cache 512 KB secondary memory cache Hyper-threaded (2 total) 2 GB RAM 640.14 Gigabytes Usable Hard Drive Capacity 313.07 Gigabytes Hard Drive Free Space AntiVirus -- ZoneAlarm Extreme Security Antivirus Version 9.3.037.000 Any suggestions very much appreciated. thanks, Tom