Jump to content

Search the Community

Showing results for tags 'malware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 377 results

  1. I've been trying to get rid of this persistent malware for the past 5 days, nothing has worked so far. I do a threat scan on malwarebytes and it finds between 137 and 142 different instances of this malware called Adware.Neoreklami.ChrPRST. I quarantine and delete it, then restart my computer as requested and it comes back. I've also used adwcleaner and it didn't get rid of it either. I've attached a copy of my scan from malwarebytes and FRST. scan.txt FRST.txt Addition.txt
  2. I've had this thing, (malware is my best guess) since june last year and all attempts to remove it from my system have failed. Even people i know working in fields that require moderate knowledge of malware/virus protection etc guided me throught different removal methods. Which sadly wasnt enough either. So after 3 lifetimes worth of removal guides,scans, support agents and programs u name it, It seemd when Malwarebytes was mentioned in all manners, it was always the top choice / unrivaled when it comes to malware removal. so took me this long to figure out asking for professional help her just might do it. Hope someone can help me out! Kind regards Kristian FRST.txt Addition.txt malwarebytes log.txt
  3. my computer works very slowly and any antivirus is blocked by some kind of malware, i run a lot of scans but not able to find the problem should i install win 10 from fresh i have a lot of docs, pictures and videos on my laptop harddrive what do you recomend? i am now connected from another laptop as mine doesn t allow me to connect to internet or i connect but very slow
  4. Hi guys. I recently started to notice that whenever I play a game, any game, I get a smooth 120 fps but then after a couple of minutes it drops to about 20 to 10 fps. I found out after some time what the problem was. When I opened task manager I could see that 2 processes are using like 90% of my gpu. They were called csrss.exe (Client Server Runtime Progress) and Desktop Window Manager. I did some research as to why they are doing this and some stuff I read said that it could be a bitcoin generator or something like that. It happens with every game I play. Csgo, Fallout4, you name it. The funny thing is when I am in game, I guickly alt tab to task manager and then for a good 2 seconds I can see these 2 processes use like 90% of my gpu, but then it immediately goes down to 1% after these 2 seconds. Can someone please tell me what the problem is and if it a malware?
  5. I have the same problem: Real-Time Protection will not turn on. I followed the suggestion above and attached the zip file. I am running Windows 10 64bit on my desktop. What do I need to do? Thanks- mb-check-results.zip
  6. A bunch of weird things is happening: Restarting at random points Also, now I noticed a way to get passed it, by clicking on the icon on macos but now it is not working. Mail seems weird with notifications fading I am on version macos 10.12.6
  7. Hello. I recently tried to download a file but it had malware. I already removed the program and ran Malwarebytes, but since then, my cmd has been popping up with this (I've attached the screen cap). There is also another window, but it only appears after I reboot my laptop. I frequently remove the quarantined files, but it doesn't affect this.
  8. I might be paranoid but better safe than sorry, right? Yesterday my email account through Comcast (username@comcast.net) got hacked and I lost a bunch of important emails. I'm afraid that while the account was under the control of someone/thing else I also got hit with malware and they deleted the email used to cover their tracks. Would you advise that I run a scan to see if there's something in there which shouldn't be? At this point, I'm not seeing any adverse effects but, like I said, I'm paranoid. Thanks
  9. Well I managed to get my first virus in a decade due to negligence and being tired. Having a hell of a hard time actually getting rid of it though. I've formatted and reinstalled windows twice now each time I've ran Malwarebytes once and it finds ~170 threats that I quarantine, then 2 "Registry Value" PUP's repeatedly keep popping up. I've traced the Registry Key path that Malwarebytes gives me to a corrupted folder that contains what is being generated but even after deleting those in my Registry it continues to generate those 2 small PUP's from somewhere else but I don't have super in-depth knowledge of Registry files so it's hard to find the origin source. As i've said this is my first virus in a decade and i've never had one this deep so at this point i'm at a loss on what my actions are. I've enclosed a couple files including my malwarebytes report of the two PUP's in question, and a screenshot comparing the Registry Key being created & location to the Registry Value path that Malwarebytes leads me on. I'm hoping to maybe get some feedback on what I could be looking for in my registry (or if someone can spot it in my brief screenshot) or if there are any trusted programs that can help the registry? Or is my only option trying to Hardwipe everything with DBAN? If I used DBAN would it absolutely necessary to DBAN even my external HDD? Literally any help or feedback is appreciated, thank you. Addition.txt FRST.txt updatePUP.txt
  10. My desktop PC has been infected by what I think is a malware called "Cloud Net" (This .exe is running permanently and refuses to be killed by task manager, it also appears at about the same time i noticed issues). When I run some EXE files (Especially anti-virus software like MalwareBytes, FRST and MBAR), the program closes them and then deletes the exe (This also happens with random programs like DS4Windows). I have no way to get rid of this since all Anti-Virus options are either blocked or deleted. I have no idea what to do now. Help! Also, I know i'm supposed to post my MalwareBytes and FRST results but i simply cannot run either of these programes since Malwarebytes gets blocked altogether and FRST gets closed and deleted.
  11. I have this problem, whenever I try to download my AMD drivers for my graphics card the Rx 480, my computer crashes during the display install. I thought that it might have been Malwarebytes thinking that what I was installing was malware, so I turn off Malwarebytes to install my drivers. It crashed anyway but I realize that Real-Time (web) Protection will not stay on and when I started up my computer, Real-Time (web) Protection and malware protection was off. I'm assuming that when I shut it down and tried to download the drivers that is when I got an infection and I need help to get rid of it. another thing that happened is that malware said that rootkit scanning was shut off Addition_04-03-2018 09.25.30.txt FRST_04-03-2018 09.25.30.txt mb-check-results.zip
  12. I opened a link from a Google result and saw command prompt open and close twice. I could not see what was going on. I want to make sure my computer was not infected with Malware. I have downloaded Malwarebyte and run the scan. I also ran FRST per suggestion on other thread. I am including log files for Malwarebyte as well as FRST.txt and Addition.txt. Please review and let me know if my computer is infected. Thank you for your help. Addition.txt FRST.txt MalwarebyteScanResults.txt
  13. I think I have some malware on my computer, I lose administrator privilege to files, sometimes other network adapters show up and i have had other devices show up on my network. I have tried different scans and nothing shows up. Also, many devices show they have migrated to my computer and I dont undrstand it at all Any help with this would be greatly appreciated and I have attached the scans for you. FRST.txt malwarebytesresults.txt
  14. Hi: I have two computers, one Windows 10 Pro 64 bit and one Windows 7 64 bit. Both were infected with Trojan.Inject.BED somehow and antivirus that discovered it was IT Brain which is based on Bitdefefnder antivirus. I was able to successfully remove the virus from the Windows 7 computer using rkill, jrt, adwcleaner, malware bytes, (did not find anything at all), susperantispyware, (onlny found tracking cookies), and Combofix, (ultimately removed the infection permanently). The virus did not come back on reboot on the Windows 7 computer but it does come back on the WIndows 10 computer because I cannot run Combofix on it because it is not compatible. On the WIndows 10 computer I have ran all of the above, (except Combofix), plus Dr. Web Cure It, Hitman Pro, RogueKiller, Internet Complete Repair, (flushes DNS, winsock, etc), ZHP Cleaner, (useless), Spybot Search & Destroy, Hijack This, TDSSKiller, KVRT, Emsisoft Emergency Kit, plus a bunch of others but to no success. I have included the FRST and addition logs from Farbar. I have also included the Combofix Log Files from the successfully cleaned Windows 7 computer if that helps. Please help. I do not want to have to reload as this computer is fairly new and recently set up. Addition.txt FRST.txt ComboFix.txt ComboFix-quarantined-files.txt
  15. I've been struggling with malware that keeps coming back to my Windows install. This Windows install is not clean because I haven't had the need to use it since I use Debian as my main OS This is the second time I do a Windows restore since everytime I try to clean dlls the system breaks down I've used malwarebytes, spybot search and destroy and I get a clean analysis so I tried to use boot up recovery disks, sfc /scannow and lastly "Unhack me" where I could see the suspicious files but manually since the programs above trust all "Trusted installer " signed files and processes, after that I used SVChostanalyzer and Security Task Manager and realized suspicious instructions inside of wininit.exe, services.exe, lsass.exe ,one of them being a on purpose BSOD when you kill a certain process so that the rootkit can backup itself, another being a programmed memory.dmp creation instruction and as usually many instances of svchost.exe are not a good sign. I uploaded two of these files to Hybrid-Analysis (online sandbox analyzer) ; svchost.exe Which showed header timestamps into the future (2050) and forged Microsoft signatures Inside of lsass.exe I found TCP connections an Ip which seems to be part of Akamai-Technologies I already know that the best option is to make a clean and secure install in this partition but I wanted to know if this is could possibly be work of an enteprise stealing data or just maybe someone who is playing with tools and tunneling this to that Ip, I would gladly receive any counsel, comment or help for this issue if there was any to kill this malware without the cleanup. Thanks svchost.txt lsass.txt
  16. So thank god for my older brother finding out about the crytomining drive by going on now effecting millions of people. I was one of them as my computer would start up launch chrome in background and will cause HDD usage to 100%. I used adwCleaner and found the PUPs. I actually said screw it and uninstalled Chrome entirely and Im now using Firefox. Now I did try and using aswMBR to scan and did see something show up in gold in some sorts saying somelike "memory lockup" for a driver or something and then it BSOD in in regular and safe mode. This is making me feel uneasy and I did make a scan with Farbar and wanted to know if you guys see something that sticks out like a sore thumb. Thanks guys!!! FRST_13-02-2018 02.12.54.txt Addition_13-02-2018 02.12.54.txt Shortcut_13-02-2018 02.12.54.txt
  17. Hello, I found my computer as infected and working very slowly lately. I use the instructions from Staff on the same topic - Windows Defender Chekuem. Please find the files and advise on the future course of actions: malwarebytes_scan.txt AdwCleaner[C0].txt FRST64.txt Addition.txt Best regards, Mathew
  18. Hello, For several weeks now I have been attempting to clean my pc. I have already posted in the BSOD's subforum to combat all the crashes in my computer and although I have already solved a number of them, the largest threat is now malware of which I am pretty sure has infected my computer. For instance Malwarebytes won't run, not in safe mode, not in admin nor in admin and safe mode. Malwarebytes Chameleon will only run when directly downloaded from this website but it is only version 2.2 and as I attempt to install the latest version, it becomes inoperable. It simply won't start. I have updated all my drivers manually including my BIOS, which made the computer nice and quiet I have run FRST, DDS, Rkill and Roguekiller and attached all files below but I just cannot get Malwarebytes threat analysis. I also booted with Bitdefender which solved one infected item. FRST.txt Addition.txt Rkill.txt dds.txt attach.txt rk_C314.tmp.txt
  19. I have a Raspberry Pi set up to act as my DNS server on my network to block advertisements (Pi-Hole). It also tracks all DNS searches and has revealed that two domains are being accessed every 2 minutes by my Win7 PC - primewire.ag and 123netflix.com This happens even when the browsers on my PC are closed. I previously visited these domains using Chrome incognito mode so I thought they infected my PC. Malwarebytes and Avira find nothing. There are no suspicious add-ons to my browsers. I kept track of exactly when the Pi-Hole showed access to the two domains from my PC (every 2 minutes exactly). Ran Process Monitor (to show Network Activity) and Wireshark both as Admin. Opened Windows Powershell as Admin and typed: Then I waited and clicked enter on the command exactly when my PC was accessing those 2 domains. Checked Wireshark for the same time and found the packets being sent to the pi-hole to check the DNS of those two domains. Double clicked the packets and scrolled down to find the Source Port numbers: 57098 and 65208 Switched to Process Monitor and located the processes captured during the same time that was using those same Source Port numbers. Double clicked and now I had: the PID (1576), the Path (C:\Windows\system32), the Command Line parameters (-k NetworkService) and the process name (svchost.exe) Unfortunately, it’s the ubiquitous svchost.exe Switch to Windows Powershell and checked out the results from when I ran the tasklist command. PS C:\Users\MyPC> tasklist /svc /fi “imagename eq svchost.exe” Image Name PID Services ========================= ======== ============================================ svchost.exe 1576 CryptSvc, Dnscache, LanmanWorkstation, NlaSvc Now I have the Services behind svchost.exe. Then I went into the Registry and found the Registry Entries for each of the 4 Services and that gave me the DLL files and the file paths. They’re all under %SystemRoot%\System32: Ran system filechecker with command Scanned each file with MalwareBytes and Avira. Nothing found. Decided to check each service’s Display Name and Description: CryptSvc = Cryptographic Services = Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Dnscache = DNS Client = The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer’s name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. LanmanWorkstation = Server = Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. NlaSvc = Network Location Awareness = Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Now I’m stumped. Other than Blacklisting those sites on the Pi-Hole, any ideas on how to find out why they are being accessed every 2 minutes?
  20. Hi Malwarebytes endpoint protection is blocking Malware.Exploit.Agent.Generic on a system roughly everyone 20 minutes but isn't removing it. Could someone please give me instructions on how to clean the system. Details of the detection are: Malware.Exploit.Agent.Generic Detection Data Detection Name: Malware.Exploit.Agent.Generic Action Taken: Blocked Category: Exploit Reported At: 02/28/2018 - 09:34:46 AM Scanned At: 02/28/2018 - 09:27:42 AM Type: Exploit Endpoint: David*****-PC.mslan.local Location: C:\WINDOWS\system32\cscript.exe C:\WINDOWS\system32\cscript.exe \E:vbscript \Nologo C:\WINDOWS\TEMP\m_aD138.tmp Group Name: *** *** Workstations Affected Applications: Cmd
  21. Hi. Nearly 1 weeks ago suddenly Malwarebytes(Trial) started to Pop-up me a message about a blocked webpage I never visited. It always happened when I used Firefox and I use uBlock Origin(nothing happened with chorme yet). Always the same page was blocked so I run malwarebytes, adwcleaner, ,win defender, eset, Zemana and neither found anything. Hitmanpro found some non dangerous tracking cookies and I deleted them. Still the pop-up continued. Once it stopped without Finding anything. Before the stop I run Ccleaner and clear everything however I dont know the last pop up was before or after the clear. My computer turned on slow so I deleted both eset and Malwarebytes and bit later installed Mba again. A week passed and during browsing the same page started to pop up once again. I run again malware, adwcleaner and they found nothing again. At last Hitmanpro found mbae64.sys as a suspicious item. Here is one of the log from Mba Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 17/02/2018 Protection Event Time: 16:26 Log File: db95b2bb-13f6-11e8-9f51-08606e7eb1ef.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3962 Licence: Trial -System Information- OS: Windows 10 (Build 16299.248) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Unspecified Domain: go.pub2srv.com IP Address: 78.140.191.74 Port: [51361] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe
  22. Hi, Having massive issues with my windows 7 laptop. I tried to login and it was stuck on the windows loading icon (>1 hour) before booting into a black screen showing just the mouse pointer which I could move around. Tried to boot it into safe mode but the exact same thing happened. I can get into the system recovery tool so tried a system restore but no matter what point in time I choose it fails. Trying to boot in to the last known good config also fails to produce a result. I can open the cmd prompt but don’t really know where to go from here. Considered downloading a win 7 iso image from them but as the product key on the back of the laptop comes up as (essentially) “this a pre installed key, please get in touch with your provider”. Please help!
  23. Hello, My computer has been infected by a nasty virus of some sort for over a week now. It has prevented me from using Malwarebytes, so instead I attempted to run SpyBot Search and Destroy but that program did not work at all. The specific problem I have been having with Malwarebytes is that it just will not open. So I tried to use the Chameleon program which runs, but will stop after it attempts to download "Mbam-setup" from the internet. I am connected to the internet, but it just is not working. I ran a check up using mbam-check and saved the .txt file if that can help anyone fix my situation. MalwarebytesCheck.txt PLEASE HELP
  24. I recently got a virus and removed around 500 malware using malwarebytes and adwcleaner, but there is still 37 stubborn malware still affecting my pc. I scan via malwarebytes and quarantine which prompts a reboot, however, those 37 malware are still on my pc due to the repeated action of "removal failed". Each time I rescan and attempt to quarantine, the malware just keeps reappearing and not being deleted. When I run adwcleaner, it says "no unwanted element found!". but there are still trojans on my pc. I have included my exported log: log.txt and my adwcleaner log: AdwCleaner[S5].txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.