Jump to content

Search the Community

Showing results for tags 'malware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 417 results

  1. Hello, I found my computer as infected and working very slowly lately. I use the instructions from Staff on the same topic - Windows Defender Chekuem. Please find the files and advise on the future course of actions: malwarebytes_scan.txt AdwCleaner[C0].txt FRST64.txt Addition.txt Best regards, Mathew
  2. Hello, For several weeks now I have been attempting to clean my pc. I have already posted in the BSOD's subforum to combat all the crashes in my computer and although I have already solved a number of them, the largest threat is now malware of which I am pretty sure has infected my computer. For instance Malwarebytes won't run, not in safe mode, not in admin nor in admin and safe mode. Malwarebytes Chameleon will only run when directly downloaded from this website but it is only version 2.2 and as I attempt to install the latest version, it becomes inoperable. It simply won't start. I have updated all my drivers manually including my BIOS, which made the computer nice and quiet I have run FRST, DDS, Rkill and Roguekiller and attached all files below but I just cannot get Malwarebytes threat analysis. I also booted with Bitdefender which solved one infected item. FRST.txt Addition.txt Rkill.txt dds.txt attach.txt rk_C314.tmp.txt
  3. I have a Raspberry Pi set up to act as my DNS server on my network to block advertisements (Pi-Hole). It also tracks all DNS searches and has revealed that two domains are being accessed every 2 minutes by my Win7 PC - primewire.ag and 123netflix.com This happens even when the browsers on my PC are closed. I previously visited these domains using Chrome incognito mode so I thought they infected my PC. Malwarebytes and Avira find nothing. There are no suspicious add-ons to my browsers. I kept track of exactly when the Pi-Hole showed access to the two domains from my PC (every 2 minutes exactly). Ran Process Monitor (to show Network Activity) and Wireshark both as Admin. Opened Windows Powershell as Admin and typed: Then I waited and clicked enter on the command exactly when my PC was accessing those 2 domains. Checked Wireshark for the same time and found the packets being sent to the pi-hole to check the DNS of those two domains. Double clicked the packets and scrolled down to find the Source Port numbers: 57098 and 65208 Switched to Process Monitor and located the processes captured during the same time that was using those same Source Port numbers. Double clicked and now I had: the PID (1576), the Path (C:\Windows\system32), the Command Line parameters (-k NetworkService) and the process name (svchost.exe) Unfortunately, it’s the ubiquitous svchost.exe Switch to Windows Powershell and checked out the results from when I ran the tasklist command. PS C:\Users\MyPC> tasklist /svc /fi “imagename eq svchost.exe” Image Name PID Services ========================= ======== ============================================ svchost.exe 1576 CryptSvc, Dnscache, LanmanWorkstation, NlaSvc Now I have the Services behind svchost.exe. Then I went into the Registry and found the Registry Entries for each of the 4 Services and that gave me the DLL files and the file paths. They’re all under %SystemRoot%\System32: Ran system filechecker with command Scanned each file with MalwareBytes and Avira. Nothing found. Decided to check each service’s Display Name and Description: CryptSvc = Cryptographic Services = Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Dnscache = DNS Client = The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer’s name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. LanmanWorkstation = Server = Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. NlaSvc = Network Location Awareness = Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Now I’m stumped. Other than Blacklisting those sites on the Pi-Hole, any ideas on how to find out why they are being accessed every 2 minutes?
  4. Hi Malwarebytes endpoint protection is blocking Malware.Exploit.Agent.Generic on a system roughly everyone 20 minutes but isn't removing it. Could someone please give me instructions on how to clean the system. Details of the detection are: Malware.Exploit.Agent.Generic Detection Data Detection Name: Malware.Exploit.Agent.Generic Action Taken: Blocked Category: Exploit Reported At: 02/28/2018 - 09:34:46 AM Scanned At: 02/28/2018 - 09:27:42 AM Type: Exploit Endpoint: David*****-PC.mslan.local Location: C:\WINDOWS\system32\cscript.exe C:\WINDOWS\system32\cscript.exe \E:vbscript \Nologo C:\WINDOWS\TEMP\m_aD138.tmp Group Name: *** *** Workstations Affected Applications: Cmd
  5. Hi. Nearly 1 weeks ago suddenly Malwarebytes(Trial) started to Pop-up me a message about a blocked webpage I never visited. It always happened when I used Firefox and I use uBlock Origin(nothing happened with chorme yet). Always the same page was blocked so I run malwarebytes, adwcleaner, ,win defender, eset, Zemana and neither found anything. Hitmanpro found some non dangerous tracking cookies and I deleted them. Still the pop-up continued. Once it stopped without Finding anything. Before the stop I run Ccleaner and clear everything however I dont know the last pop up was before or after the clear. My computer turned on slow so I deleted both eset and Malwarebytes and bit later installed Mba again. A week passed and during browsing the same page started to pop up once again. I run again malware, adwcleaner and they found nothing again. At last Hitmanpro found mbae64.sys as a suspicious item. Here is one of the log from Mba Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 17/02/2018 Protection Event Time: 16:26 Log File: db95b2bb-13f6-11e8-9f51-08606e7eb1ef.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3962 Licence: Trial -System Information- OS: Windows 10 (Build 16299.248) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Unspecified Domain: go.pub2srv.com IP Address: 78.140.191.74 Port: [51361] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe
  6. Hi, Having massive issues with my windows 7 laptop. I tried to login and it was stuck on the windows loading icon (>1 hour) before booting into a black screen showing just the mouse pointer which I could move around. Tried to boot it into safe mode but the exact same thing happened. I can get into the system recovery tool so tried a system restore but no matter what point in time I choose it fails. Trying to boot in to the last known good config also fails to produce a result. I can open the cmd prompt but don’t really know where to go from here. Considered downloading a win 7 iso image from them but as the product key on the back of the laptop comes up as (essentially) “this a pre installed key, please get in touch with your provider”. Please help!
  7. Hello, My computer has been infected by a nasty virus of some sort for over a week now. It has prevented me from using Malwarebytes, so instead I attempted to run SpyBot Search and Destroy but that program did not work at all. The specific problem I have been having with Malwarebytes is that it just will not open. So I tried to use the Chameleon program which runs, but will stop after it attempts to download "Mbam-setup" from the internet. I am connected to the internet, but it just is not working. I ran a check up using mbam-check and saved the .txt file if that can help anyone fix my situation. MalwarebytesCheck.txt PLEASE HELP
  8. I recently got a virus and removed around 500 malware using malwarebytes and adwcleaner, but there is still 37 stubborn malware still affecting my pc. I scan via malwarebytes and quarantine which prompts a reboot, however, those 37 malware are still on my pc due to the repeated action of "removal failed". Each time I rescan and attempt to quarantine, the malware just keeps reappearing and not being deleted. When I run adwcleaner, it says "no unwanted element found!". but there are still trojans on my pc. I have included my exported log: log.txt and my adwcleaner log: AdwCleaner[S5].txt
  9. A few days ago Malawarebytes Premium began blocking this outbound connection (see .png): Domain: drivethelife.com IP Address: 54.183.15.164 Port: 50817 Type: Outbound File: C:\Windows\System32\svchost.exe I checked processes running and found four files with this file name (see .png). Any suggestions on how to remove the correct file and get rid of this malware?
  10. Hello! My mom has a HP laptop running Windows 7 Pro. I believe it has been infected with virus/malware that causes every exe to run Windows Media Player. All the exe icons are also replaced with Windows Media Center icons. It is also impossible to run any exe from USB, as the same thing happens. I ran Farbar Scan (log attached). The Farbar RST that I used did not have the check box for "Addition.txt", so I am not 100% sure if all the needed info is attached. Please let me know if you need something more. Handful of Thank Yous... FRST.txt
  11. I recently started seeing this process on my task manager use a huge amount of resources (RAM, CPU, and GPU). I've tried using MBAM/Chameleon scans, MBAR scans, ADWcleaner, RKill, Hitman Pro, Zemata, and ESET but it reappears after every reboot. It will also not end the task from inside task manager and I cannot access the file location. Im the only user on this machine, and an admin by default.
  12. So recently avast told me that it blocked a malware from a certain website which is called the malware JS:Miner-C now avast said it has blocked it after that i scanned a full check of malwares and eventually avast did found it so i delete and remove now im also running a manual check like checking tasks,processes, and services now in the details in task manager when i check it theres 2 csrss.exe running even though there is only 1 user i check the properties theyre both identical starting from date created and extension etc now i check system 32 and to my relieve theres only 1 csrss.exe now 2 part question and also before everything i already scan with malwarebytes but the program said no issues were found remind you that the malwarebytes scan is before avast scan and both of the scan is on normal boot instead off safe mode 1) Is My Possibility of Infection still high? and if so what is the best methods u can do to eliminate this miner? 2) Is Anyone have an idea of the severity of the malware like does it steal my credentials? or does it expose me to other malwares? if anyone can answer this i say Thank You in Advance
  13. Hi, This morning we had an employee open a phishing email and subsequently open one of the two attachments that came with it. When they opened it nothing appeared to happen, so far as they could tell, but they got in touch with us here in the IT department as it seemed odd to them. As soon as we saw the email we could see that it had flags all over it. Anyway we have ran scans and been in touch with our email spam filter guys and they came back to us saying that it was phishing for credentials and possibly more. The laptop is now disconnected from any network and all logins have been changed that the end user would have used. What can we do now in this situation as we ran it through virustotal.com and it showed as not being caught by anything and also only appearing today? Any help you can bring to us here would be very much appreciated.
  14. Please help me remove malware from www.allofmyinterest.com
  15. Please help me get my website back in safe browings list www.allofmyinterest.com the web folder is empty, why am I getting this error still
  16. I had this issue 2 or 3 weeks ago. Malwarebytes constantly popups blocking a few different (what appears to be) adware issues, such as drivethelife and onclickads. There's a 3rd one that shows up sometimes but much more rarely. My Avast antivirus couldn't find any issues, and running a scan on my lifetime license MWB gives a message that there are no threats found. I have a temporary license on HitManPro and it seems to find tracking cookies but nothing to do with adware (from what I can tell). I uninstalled Malwarebytes and reinstalled it but lost my license key for about 10 days. During this time, I had no popups about these infections. I restored the key yesterday and started getting these constant annoying popups. I verified my installed programs and see nothing that seems related. All installed programs are normal Microsoft and other regular updates to my apps. I see nothing that seems related in my running processes, either. So how do I get rid of these popups? If there really is an infection (despite Malwarebytes telling me there isn't one), how do I get rid of it? Please help ASAP. I can't focus on my work with these popups annoying me constantly.
  17. I recently used my friends flash in my laptop, after that I found some malware named exactly like my files so I tried to delete them but they came back again. after sometime it started infecting my other files my applications don't run their size turned into 0 KB. I tried to scan with avast, AVG and Malwarebytes but NO THREATS FOUND. I tried with windows defender the threats are found and I THINK deleted but my files size are still 0kb plz...... help......me....!!!!! sorry about my bad English....
  18. Hello there, One of my machines using running on Windows Vista SP2 has a semi-serious problems, even i cannot name it. This is the final chance for me to figure out whether i'm safe or not. Here is the issue. I came across a malware a few years ago which is infected my machine through a non-secure JAVA web applet. After this infection, i immediately took some actions and tried neutralizing malware and cleaning as well, i also used Malwarebytes 1.x and 2.x series. After some years have passed, i still noticed that the nasty and non-existent registry entry of this malware is still visible by regedit, and GMER. I had no abnormal activity since then, and tried numerous rootkit removers listed below with following results: - GMER: Shows hidden driver service highlighted red but unable to remove / disable because it's not existed in fact (IMHO). - Sophos Anti-Rootkit: No malware is found, system is clean. - BitDefender Anti-Rootkit: No malware is found, system is clean (scan took very short though, not sure why). - Kaspersky TDSS Remover: No malware is found, system is clean. - Rootkit Hook Analyzer: No malware is found, system is clean. - Symantec TDSS Fix Tool: No malware is found, system is clean. -...and finally Malwarebytes Anti-Rootkit BETA along with Malwarebytes Premium (3.3.1) edition: System is clean, no malware is found. Although almost all of major removers say that the system is clean, i'm so picky that i have no idea why regedit and GMER display the presence of malware (PragmaXXXXX - random numbers), especially regedit shows error immediately when i click on this key as if it does NOT exist, but i can't do anything even i try a lot of methods including running regedit under SYSTEM account, running offline registry editor using recovery disc, and using command prompt. It seems a kind of very strange glitch in registry file, and it cannot be removed there eventhough the entry (PramaXXXXX) is shown. I'm attaching all the screenshots that would help on describing the issue, along with FRST log, addition.txt log and MBAM Anti-Rootkit log file. I'd be so grateful if there is any additional steps to take other than formatting the whole drive, as i have a lot of documents and installations with senstive configurations. Thanks in advance! Addition.txt FRST.txt system-log.txt
  19. Hello I need some help getting rid of an unwanted malware that took over the search engine on my chrome. It seems to be from yahoo but it is a malware. Reading other posts I saw that I needed to post my own topic so here I am. I will attached a screenshot of this nightmare thanks in advance.
  20. Hi, I recently installed malwarebytes back in October. I had someone help me clean up my laptop and was good to go up to now. My computer turns on, it is slow to load. However, when I try to open up any documents, it completely freezes. Ctrl+Alt+Delete doesn't work to pull up task manager. When this started happening, I went to malwarebytes to start a scan. It got stuck in "scanning" in the middle and just stayed in that one spot "scanning". I force closed my laptop, turned it back on and opened Malwarebytes first this time. The dashboard showed that web protection was off. When I went to turn it back on, it switched back off immediately. Then I got a pop up that I wasn't protected. I then tried to do another scan and Malwarebytes was frozen. It wouldn't even close. I had to force close the laptop again. The only thing that works to a degree is my internet and I am afraid to use it for anything because I know my laptop is not protected. How can we fix this?
  21. Hi all, In the past weeks I have had a surplus of different BSOD's. 0x00000024 - ntfs.sys 0x00000001 - tcp1p.sys (2 times) 0x0000003B - Ironx64.sys 0x0000007E - at1kmdag.sys 0x0000007F I am unable to run malwarebytes, neither as an admin nor in safe mode nor from the file itself. When I change the name of the executable file it immediately says that MBAM stopped working. I removed it just now and the file mbshlext.dll remains. I am unable to open sysnative bsod collection app even if I disable my Norton security. I have been able to scan with FRST and the files are attached. I have run chdsk and scannow in cmd and there is nothing wrong here. It mostly crashes on high performance games like Elder Scrolls Online or Rust, but also sometimes randomly. I have updated all my drivers and cleaned out all the hardware to rule out overheating, fans are working fine as well. I have already cleaned the registry with Eusing Free Registry Cleaner. Addition.txt FRST.txt
  22. Hello, I have a problem everytime i start my pc ad.fly popup shows on my default browser I've ran a full scan on malwerbytes,kaspersky,uninnstalled cracked games and utorrent,unninstalled suspicious programs,disabled suspicious startup programs,tried other browsers,set other default browser. I've tried almost everything. Could you help me somehow.
  23. Hello, I recently logged into my computer and malwarebytes said it was out of date. I had to turn off the self-protection module to update and then malwarebytes was removed from my computer. I have since reinstalled it, but it will not boot unless I am in Safemode(which I currently am). I ran Rkill along with malwarebytes and they have both detected nothing, but I cannot understand what would cause the program not to function otherwise.
  24. Hello! So I completed multiple scans of malwarebytes antimalware to get rid of a trojan malware that's been copying files everywhere, and I've now come up with the result of the internet being blocked when safe mode is off, and windows defender doesn't seem to work. A file or two comes up on every new scan, but doesn't seem to be going away. The file attached is the latest scan, which caught a few files. Looking at task manager on regular boot, an application called "Spine" seems to come up a lot, and any change I got at deleting it ended up in it replacing itself with every reboot. Help with this would be greatly appreciated! Thank you! log.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.