Jump to content

Search the Community

Showing results for tags 'Forum'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 7 results

  1. I just logged in to my account ,. Browsing the Forum’s sections and as of sudden an error admin page is pop-up . screenshot of admin install error is attached and upload failed issue . (not even able to uploads anything to forum)
  2. I have a question for both the forum members & the Malwarebytes team, Does Malwarebytes have a product that the general public can purchase, its a tune up your computer program tool, which goes through all the files on your computer and rectifies any faults with things like the registry, and other computer related issues that need to be resolved, like reinstalling missing files say for the CD player, or other similar issues ? I used to be a customer of AVG they had a program that I could download that could do all of this, I said goodbye to AVG to purchase Malwarebytes as I think its a far superior antivirus and Malware destroyer, but I don't want to now go back to AVG to purchase this product if Malwarebytes has its own product. ANYONE ???
  3. Hello everybody ... I have a suggestion. I am currently working on cracking some malware that has escaped identification by AVG real time, and subsequently by Malwarebytes, SpyBot, Superantispyware, ETES, Hitman. The initial tags were based upon what I knew at the time of first posting. However ... knowledge has been gained. I've tracked the source of the malware down to (I am almost certain) putrr18.com. Searching putrr18.com brings lots of malware reports, and how to get rid of it. It no longer identifies the domain name. Instead it uses IP addresses : 198.134.112.241 198.134.112.242 198.134.112.243 198.134.112.244 Either way, it might be best if the tags could be edited, to include the new tag search information. You can see the evolution of knowledge acquisition in my thread: What it shows, is that there could be reason for editing the tags, to home in on relevance. It's a thought RE the malware ... I haven't cracked it yet ... but good proress has been made. If anybody reading this, thinks that they can help ... we have the possibility to defeat malware that is currently defeating everybody. That would be a win ?
  4. Hello, How do I delete a forum topic I started? Thanks
  5. https://forums.malwarebytes.org/index.php?showtopic=125369 I was browsing the forums just about now and I saw the little shield thing on the google chrome URL Bar, and I'm wondering, what does it do/mean? I'm interested, because its on the MBAM Forums and I'm slightly paranoid about PC issues.
  6. I could use some help. I believe I have a trojan in the family of Zbot/Zeus on either my computer or Android phone (or both). I connect to the internet at home via wifi hotspot with my Android phone. I had a suspicion something was wrong and ran all the normal anti-virus/malware software which came up with a couple issues. After this I attempted to start an account with this forum and was denied access with the following: "Sorry, you don't have permission for that! [#1001] You are not allowed to visit this community." This looked suspicious so I checked to see if my IP was blacklisted. As I have a dynamic IP I checked the range in which my phone normally uses, 3 of the 5 were blacklisted with cbl.abuseat.org. The majority of reports showed: “This was detected by observing this IP attempting to make contact to a Zeus Command and Control server, with contents unique to Zeus C&C command protocols.” I then switched my PC off and left my phone on, checking the current IP. The same activity was reported later that evening by cbl.abuseat.org for my IP with only my phone on (full report follows). It should also be noted that three other IPs in the range ending 10-15 also showed activity around the same time (so not all my phone). From the report on cbl.abuseat.org it sounds like wiping the infected device is the best option for ensuring protection in future. I would like to know what others think. Is there a way to tell which device is infected? Maybe through logs on the phone and firewall on the computer? Is there anyway to know if my external hard drive is compromised (with my backupdata)? Any help is greatly appreciated. Example log from cbl.abuseat.org (with my IP address removed): CBL Lookup Utility: http://cbl.abuseat.org/lookup.cgi?ip=XX.XX.XX.12&.pubmit=Lookup IP Address XX.XX.XX.12 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet. It was last detected at 2013-07-25 11:00 GMT (+/- 30 minutes), approximately 3 hours ago. It has been relisted following a previous removal at 2012-05-04 10:38 GMT (447 days, 3 hours, 19 minutes ago) This IP is infected with, or is NATting for a machine infected with Win32/Zbot (Microsoft). This was detected by observing this IP attempting to make contact to a Zeus Command and Control server, with contents unique to Zeus C&C command protocols. Zbot is known by other names: Wsnpoem (Symantec) and most commonly as Zeus. Zbot/Zeus is a banking trojan, and specializes in stealing personal information (passwords, account information, etc) from interactions with banking sites through the use of "formgrabs". This was detected by a TCP/IP connection from XX.XX.XX.12 on port 16172 going to IP address 82.165.37.26 (the sinkhole) on port 80. The botnet command and control domain for this connection was "zadejola.com". Behind a NAT, you should be able to find the infected machine by looking for attempted connections to IP address 82.165.37.26 or host name zadejola.com on any port with a network sniffer such as wireshark. Equivalently, you can examine your DNS server or proxy server logs to references to 82.165.37.26 or zadejola.com. See Advanced Techniques for more detail on how to use wireshark - ignore the references to port 25/SMTP traffic - the identifying activity is NOT on port 25. This detection corresponds to a connection at 2013-07-25 10:56:24 (GMT - this timestamp is believed accurate to within one second). These infections are rated as a "severe threat" by Microsoft. It is a trojan downloader, and can download and execute ANY software on the infected computer. You will need to find and eradicate the infection before delisting the IP address. We strongly recommend that you DO NOT simply firewall off connections to the sinkhole IP addresses given above. Those IP addresses are of sinkholes operated by malware researchers. In other words, it's a "sensor" (only) run by "the good guys". The bot "thinks" its a command and control server run by the spambot operators but it isn't. It DOES NOT actually download anything, and is not a threat. If you firewall the sinkhole addresses, your IPs will remain infected, and they will STILL be delivering your users/customers personal information, including banking information to the criminal bot operators. If you do choose to firewall these IPs, PLEASE instrument your firewall to tell you which internal machine is connecting to them so that you can identify the infected machine yourself and fix it. We are enhancing the instructions on how to find these infections, and more information will be given here as it becomes available. Virtually all detections made by the CBL are of infections that do NOT leave any "tracks" for you to find in your mail server logs. This is even more important for the viruses described here - these detections are made on network-level detections of malicious behaviour and may NOT involve malicious email being sent. This means: if you have port 25 blocking enabled, do not take this as indication that your port 25 blocking isn't working. The links above may help you find this infection. You can also consult Advanced Techniques for other options and alternatives. NOTE: the Advanced Techniques link focuses on finding port 25(SMTP) traffic. With "sinkhole malware" detections such as this listing, we aren't detecting port 25 traffic, we're detecting traffic on other ports. Therefore, when reading Advanced Techniques, you will need to consider all ports, not just SMTP. Pay very close attention: Most of these trojans have extremely poor detection rates in current Anti-Virus software. For example, Ponmocup is only detected by 3 out of 49 AV tools queried at Virus Total. Thus: having your anti-virus software doesn't find anything doesn't prove that you're not infected. While we regret having to say this, downloaders will generally download many different malicious payloads. Even if an Anti-Virus product finds and removes the direct threat, they will not have detected or removed the other malicious payloads. For that reason, we recommend recloning the machine - meaning: reformatting the disks on the infected machine, and re-installing all software from known-good sources.
  7. Why can I not seem to be able to edit my forum post if I make a mistake in it? I want to remove a picture that I just put in a post, and replace it with one that doesn't contain the names of my friends...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.