Jump to content

Search the Community

Showing results for tags 'malware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 359 results

  1. I think I have some malware on my computer, I lose administrator privilege to files, sometimes other network adapters show up and i have had other devices show up on my network. I have tried different scans and nothing shows up. Also, many devices show they have migrated to my computer and I dont undrstand it at all Any help with this would be greatly appreciated and I have attached the scans for you. FRST.txt malwarebytesresults.txt
  2. Hi: I have two computers, one Windows 10 Pro 64 bit and one Windows 7 64 bit. Both were infected with Trojan.Inject.BED somehow and antivirus that discovered it was IT Brain which is based on Bitdefefnder antivirus. I was able to successfully remove the virus from the Windows 7 computer using rkill, jrt, adwcleaner, malware bytes, (did not find anything at all), susperantispyware, (onlny found tracking cookies), and Combofix, (ultimately removed the infection permanently). The virus did not come back on reboot on the Windows 7 computer but it does come back on the WIndows 10 computer because I cannot run Combofix on it because it is not compatible. On the WIndows 10 computer I have ran all of the above, (except Combofix), plus Dr. Web Cure It, Hitman Pro, RogueKiller, Internet Complete Repair, (flushes DNS, winsock, etc), ZHP Cleaner, (useless), Spybot Search & Destroy, Hijack This, TDSSKiller, KVRT, Emsisoft Emergency Kit, plus a bunch of others but to no success. I have included the FRST and addition logs from Farbar. I have also included the Combofix Log Files from the successfully cleaned Windows 7 computer if that helps. Please help. I do not want to have to reload as this computer is fairly new and recently set up. Addition.txt FRST.txt ComboFix.txt ComboFix-quarantined-files.txt
  3. I've been struggling with malware that keeps coming back to my Windows install. This Windows install is not clean because I haven't had the need to use it since I use Debian as my main OS This is the second time I do a Windows restore since everytime I try to clean dlls the system breaks down I've used malwarebytes, spybot search and destroy and I get a clean analysis so I tried to use boot up recovery disks, sfc /scannow and lastly "Unhack me" where I could see the suspicious files but manually since the programs above trust all "Trusted installer " signed files and processes, after that I used SVChostanalyzer and Security Task Manager and realized suspicious instructions inside of wininit.exe, services.exe, lsass.exe ,one of them being a on purpose BSOD when you kill a certain process so that the rootkit can backup itself, another being a programmed memory.dmp creation instruction and as usually many instances of svchost.exe are not a good sign. I uploaded two of these files to Hybrid-Analysis (online sandbox analyzer) ; svchost.exe Which showed header timestamps into the future (2050) and forged Microsoft signatures Inside of lsass.exe I found TCP connections an Ip which seems to be part of Akamai-Technologies I already know that the best option is to make a clean and secure install in this partition but I wanted to know if this is could possibly be work of an enteprise stealing data or just maybe someone who is playing with tools and tunneling this to that Ip, I would gladly receive any counsel, comment or help for this issue if there was any to kill this malware without the cleanup. Thanks svchost.txt lsass.txt
  4. So thank god for my older brother finding out about the crytomining drive by going on now effecting millions of people. I was one of them as my computer would start up launch chrome in background and will cause HDD usage to 100%. I used adwCleaner and found the PUPs. I actually said screw it and uninstalled Chrome entirely and Im now using Firefox. Now I did try and using aswMBR to scan and did see something show up in gold in some sorts saying somelike "memory lockup" for a driver or something and then it BSOD in in regular and safe mode. This is making me feel uneasy and I did make a scan with Farbar and wanted to know if you guys see something that sticks out like a sore thumb. Thanks guys!!! FRST_13-02-2018 02.12.54.txt Addition_13-02-2018 02.12.54.txt Shortcut_13-02-2018 02.12.54.txt
  5. Hello, I found my computer as infected and working very slowly lately. I use the instructions from Staff on the same topic - Windows Defender Chekuem. Please find the files and advise on the future course of actions: malwarebytes_scan.txt AdwCleaner[C0].txt FRST64.txt Addition.txt Best regards, Mathew
  6. Hello, For several weeks now I have been attempting to clean my pc. I have already posted in the BSOD's subforum to combat all the crashes in my computer and although I have already solved a number of them, the largest threat is now malware of which I am pretty sure has infected my computer. For instance Malwarebytes won't run, not in safe mode, not in admin nor in admin and safe mode. Malwarebytes Chameleon will only run when directly downloaded from this website but it is only version 2.2 and as I attempt to install the latest version, it becomes inoperable. It simply won't start. I have updated all my drivers manually including my BIOS, which made the computer nice and quiet I have run FRST, DDS, Rkill and Roguekiller and attached all files below but I just cannot get Malwarebytes threat analysis. I also booted with Bitdefender which solved one infected item. FRST.txt Addition.txt Rkill.txt dds.txt attach.txt rk_C314.tmp.txt
  7. I have a Raspberry Pi set up to act as my DNS server on my network to block advertisements (Pi-Hole). It also tracks all DNS searches and has revealed that two domains are being accessed every 2 minutes by my Win7 PC - primewire.ag and 123netflix.com This happens even when the browsers on my PC are closed. I previously visited these domains using Chrome incognito mode so I thought they infected my PC. Malwarebytes and Avira find nothing. There are no suspicious add-ons to my browsers. I kept track of exactly when the Pi-Hole showed access to the two domains from my PC (every 2 minutes exactly). Ran Process Monitor (to show Network Activity) and Wireshark both as Admin. Opened Windows Powershell as Admin and typed: Then I waited and clicked enter on the command exactly when my PC was accessing those 2 domains. Checked Wireshark for the same time and found the packets being sent to the pi-hole to check the DNS of those two domains. Double clicked the packets and scrolled down to find the Source Port numbers: 57098 and 65208 Switched to Process Monitor and located the processes captured during the same time that was using those same Source Port numbers. Double clicked and now I had: the PID (1576), the Path (C:\Windows\system32), the Command Line parameters (-k NetworkService) and the process name (svchost.exe) Unfortunately, it’s the ubiquitous svchost.exe Switch to Windows Powershell and checked out the results from when I ran the tasklist command. PS C:\Users\MyPC> tasklist /svc /fi “imagename eq svchost.exe” Image Name PID Services ========================= ======== ============================================ svchost.exe 1576 CryptSvc, Dnscache, LanmanWorkstation, NlaSvc Now I have the Services behind svchost.exe. Then I went into the Registry and found the Registry Entries for each of the 4 Services and that gave me the DLL files and the file paths. They’re all under %SystemRoot%\System32: Ran system filechecker with command Scanned each file with MalwareBytes and Avira. Nothing found. Decided to check each service’s Display Name and Description: CryptSvc = Cryptographic Services = Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Dnscache = DNS Client = The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer’s name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. LanmanWorkstation = Server = Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. NlaSvc = Network Location Awareness = Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Now I’m stumped. Other than Blacklisting those sites on the Pi-Hole, any ideas on how to find out why they are being accessed every 2 minutes?
  8. Hi Malwarebytes endpoint protection is blocking Malware.Exploit.Agent.Generic on a system roughly everyone 20 minutes but isn't removing it. Could someone please give me instructions on how to clean the system. Details of the detection are: Malware.Exploit.Agent.Generic Detection Data Detection Name: Malware.Exploit.Agent.Generic Action Taken: Blocked Category: Exploit Reported At: 02/28/2018 - 09:34:46 AM Scanned At: 02/28/2018 - 09:27:42 AM Type: Exploit Endpoint: David*****-PC.mslan.local Location: C:\WINDOWS\system32\cscript.exe C:\WINDOWS\system32\cscript.exe \E:vbscript \Nologo C:\WINDOWS\TEMP\m_aD138.tmp Group Name: *** *** Workstations Affected Applications: Cmd
  9. Hi. Nearly 1 weeks ago suddenly Malwarebytes(Trial) started to Pop-up me a message about a blocked webpage I never visited. It always happened when I used Firefox and I use uBlock Origin(nothing happened with chorme yet). Always the same page was blocked so I run malwarebytes, adwcleaner, ,win defender, eset, Zemana and neither found anything. Hitmanpro found some non dangerous tracking cookies and I deleted them. Still the pop-up continued. Once it stopped without Finding anything. Before the stop I run Ccleaner and clear everything however I dont know the last pop up was before or after the clear. My computer turned on slow so I deleted both eset and Malwarebytes and bit later installed Mba again. A week passed and during browsing the same page started to pop up once again. I run again malware, adwcleaner and they found nothing again. At last Hitmanpro found mbae64.sys as a suspicious item. Here is one of the log from Mba Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 17/02/2018 Protection Event Time: 16:26 Log File: db95b2bb-13f6-11e8-9f51-08606e7eb1ef.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3962 Licence: Trial -System Information- OS: Windows 10 (Build 16299.248) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Unspecified Domain: go.pub2srv.com IP Address: 78.140.191.74 Port: [51361] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe
  10. Hi, Having massive issues with my windows 7 laptop. I tried to login and it was stuck on the windows loading icon (>1 hour) before booting into a black screen showing just the mouse pointer which I could move around. Tried to boot it into safe mode but the exact same thing happened. I can get into the system recovery tool so tried a system restore but no matter what point in time I choose it fails. Trying to boot in to the last known good config also fails to produce a result. I can open the cmd prompt but don’t really know where to go from here. Considered downloading a win 7 iso image from them but as the product key on the back of the laptop comes up as (essentially) “this a pre installed key, please get in touch with your provider”. Please help!
  11. Hello, My computer has been infected by a nasty virus of some sort for over a week now. It has prevented me from using Malwarebytes, so instead I attempted to run SpyBot Search and Destroy but that program did not work at all. The specific problem I have been having with Malwarebytes is that it just will not open. So I tried to use the Chameleon program which runs, but will stop after it attempts to download "Mbam-setup" from the internet. I am connected to the internet, but it just is not working. I ran a check up using mbam-check and saved the .txt file if that can help anyone fix my situation. MalwarebytesCheck.txt PLEASE HELP
  12. I recently got a virus and removed around 500 malware using malwarebytes and adwcleaner, but there is still 37 stubborn malware still affecting my pc. I scan via malwarebytes and quarantine which prompts a reboot, however, those 37 malware are still on my pc due to the repeated action of "removal failed". Each time I rescan and attempt to quarantine, the malware just keeps reappearing and not being deleted. When I run adwcleaner, it says "no unwanted element found!". but there are still trojans on my pc. I have included my exported log: log.txt and my adwcleaner log: AdwCleaner[S5].txt
  13. A few days ago Malawarebytes Premium began blocking this outbound connection (see .png): Domain: drivethelife.com IP Address: 54.183.15.164 Port: 50817 Type: Outbound File: C:\Windows\System32\svchost.exe I checked processes running and found four files with this file name (see .png). Any suggestions on how to remove the correct file and get rid of this malware?
  14. Hello! My mom has a HP laptop running Windows 7 Pro. I believe it has been infected with virus/malware that causes every exe to run Windows Media Player. All the exe icons are also replaced with Windows Media Center icons. It is also impossible to run any exe from USB, as the same thing happens. I ran Farbar Scan (log attached). The Farbar RST that I used did not have the check box for "Addition.txt", so I am not 100% sure if all the needed info is attached. Please let me know if you need something more. Handful of Thank Yous... FRST.txt
  15. I recently started seeing this process on my task manager use a huge amount of resources (RAM, CPU, and GPU). I've tried using MBAM/Chameleon scans, MBAR scans, ADWcleaner, RKill, Hitman Pro, Zemata, and ESET but it reappears after every reboot. It will also not end the task from inside task manager and I cannot access the file location. Im the only user on this machine, and an admin by default.
  16. So recently avast told me that it blocked a malware from a certain website which is called the malware JS:Miner-C now avast said it has blocked it after that i scanned a full check of malwares and eventually avast did found it so i delete and remove now im also running a manual check like checking tasks,processes, and services now in the details in task manager when i check it theres 2 csrss.exe running even though there is only 1 user i check the properties theyre both identical starting from date created and extension etc now i check system 32 and to my relieve theres only 1 csrss.exe now 2 part question and also before everything i already scan with malwarebytes but the program said no issues were found remind you that the malwarebytes scan is before avast scan and both of the scan is on normal boot instead off safe mode 1) Is My Possibility of Infection still high? and if so what is the best methods u can do to eliminate this miner? 2) Is Anyone have an idea of the severity of the malware like does it steal my credentials? or does it expose me to other malwares? if anyone can answer this i say Thank You in Advance
  17. Hi, This morning we had an employee open a phishing email and subsequently open one of the two attachments that came with it. When they opened it nothing appeared to happen, so far as they could tell, but they got in touch with us here in the IT department as it seemed odd to them. As soon as we saw the email we could see that it had flags all over it. Anyway we have ran scans and been in touch with our email spam filter guys and they came back to us saying that it was phishing for credentials and possibly more. The laptop is now disconnected from any network and all logins have been changed that the end user would have used. What can we do now in this situation as we ran it through virustotal.com and it showed as not being caught by anything and also only appearing today? Any help you can bring to us here would be very much appreciated.
  18. Please help me remove malware from www.allofmyinterest.com
  19. Please help me get my website back in safe browings list www.allofmyinterest.com the web folder is empty, why am I getting this error still
  20. I had this issue 2 or 3 weeks ago. Malwarebytes constantly popups blocking a few different (what appears to be) adware issues, such as drivethelife and onclickads. There's a 3rd one that shows up sometimes but much more rarely. My Avast antivirus couldn't find any issues, and running a scan on my lifetime license MWB gives a message that there are no threats found. I have a temporary license on HitManPro and it seems to find tracking cookies but nothing to do with adware (from what I can tell). I uninstalled Malwarebytes and reinstalled it but lost my license key for about 10 days. During this time, I had no popups about these infections. I restored the key yesterday and started getting these constant annoying popups. I verified my installed programs and see nothing that seems related. All installed programs are normal Microsoft and other regular updates to my apps. I see nothing that seems related in my running processes, either. So how do I get rid of these popups? If there really is an infection (despite Malwarebytes telling me there isn't one), how do I get rid of it? Please help ASAP. I can't focus on my work with these popups annoying me constantly.
  21. I recently used my friends flash in my laptop, after that I found some malware named exactly like my files so I tried to delete them but they came back again. after sometime it started infecting my other files my applications don't run their size turned into 0 KB. I tried to scan with avast, AVG and Malwarebytes but NO THREATS FOUND. I tried with windows defender the threats are found and I THINK deleted but my files size are still 0kb plz...... help......me....!!!!! sorry about my bad English....
  22. Hello there, One of my machines using running on Windows Vista SP2 has a semi-serious problems, even i cannot name it. This is the final chance for me to figure out whether i'm safe or not. Here is the issue. I came across a malware a few years ago which is infected my machine through a non-secure JAVA web applet. After this infection, i immediately took some actions and tried neutralizing malware and cleaning as well, i also used Malwarebytes 1.x and 2.x series. After some years have passed, i still noticed that the nasty and non-existent registry entry of this malware is still visible by regedit, and GMER. I had no abnormal activity since then, and tried numerous rootkit removers listed below with following results: - GMER: Shows hidden driver service highlighted red but unable to remove / disable because it's not existed in fact (IMHO). - Sophos Anti-Rootkit: No malware is found, system is clean. - BitDefender Anti-Rootkit: No malware is found, system is clean (scan took very short though, not sure why). - Kaspersky TDSS Remover: No malware is found, system is clean. - Rootkit Hook Analyzer: No malware is found, system is clean. - Symantec TDSS Fix Tool: No malware is found, system is clean. -...and finally Malwarebytes Anti-Rootkit BETA along with Malwarebytes Premium (3.3.1) edition: System is clean, no malware is found. Although almost all of major removers say that the system is clean, i'm so picky that i have no idea why regedit and GMER display the presence of malware (PragmaXXXXX - random numbers), especially regedit shows error immediately when i click on this key as if it does NOT exist, but i can't do anything even i try a lot of methods including running regedit under SYSTEM account, running offline registry editor using recovery disc, and using command prompt. It seems a kind of very strange glitch in registry file, and it cannot be removed there eventhough the entry (PramaXXXXX) is shown. I'm attaching all the screenshots that would help on describing the issue, along with FRST log, addition.txt log and MBAM Anti-Rootkit log file. I'd be so grateful if there is any additional steps to take other than formatting the whole drive, as i have a lot of documents and installations with senstive configurations. Thanks in advance! Addition.txt FRST.txt system-log.txt
  23. Hello I need some help getting rid of an unwanted malware that took over the search engine on my chrome. It seems to be from yahoo but it is a malware. Reading other posts I saw that I needed to post my own topic so here I am. I will attached a screenshot of this nightmare thanks in advance.
  24. Hi, I recently installed malwarebytes back in October. I had someone help me clean up my laptop and was good to go up to now. My computer turns on, it is slow to load. However, when I try to open up any documents, it completely freezes. Ctrl+Alt+Delete doesn't work to pull up task manager. When this started happening, I went to malwarebytes to start a scan. It got stuck in "scanning" in the middle and just stayed in that one spot "scanning". I force closed my laptop, turned it back on and opened Malwarebytes first this time. The dashboard showed that web protection was off. When I went to turn it back on, it switched back off immediately. Then I got a pop up that I wasn't protected. I then tried to do another scan and Malwarebytes was frozen. It wouldn't even close. I had to force close the laptop again. The only thing that works to a degree is my internet and I am afraid to use it for anything because I know my laptop is not protected. How can we fix this?
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.