Jump to content

Search the Community

Showing results for tags 'Malware'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. I had an old file saved from a game I wanted to create. It happens that I just installed Malwarebytes, analyzed my pendrive and detected that the .exe of the game is a threat. A virus/malware could be camouflaged there, or it's just a false positive. Since I have seen several that the same problem has happened to them. /Translator DeepL Virus Total: https://www.virustotal.com/gui/file/8b1c3bb3ed6f15e813a2a86eeea2823fcd56f9757e9dea31ddd9fc52e52cc171/detection
  2. Hello, Two days ago my computer was infected by some malicious malware. I ran malwarebyte, ESET scan, and some other antimalware programs. I was able to remove most of the malware, but I noticed that my command prompt opens and closes quickly every so often. I suspect that it has something to do with windows command processor because this program only appears on the start up manager of norton security, and does not appear on task manager. Furthermore, when I try to turn off the start up option for windows command processor, it keeps re-enabling itself. What do I do?
  3. recently i have been infected by a trojan, occamy.AA to be specific, mcafee caught some of it but i still have some adware and some PUPs on my laptop somewhere and some fake popups. ive scanned with malwarebytes, hitmanpro, mcafee, and tried using adwcleaner but nothing is coming up. Help? i have a dell inspirion 15 5000, am on Version 10.0.19043 Build 19043, windows 10, and have had this problem for about a week and a half.
  4. I need help removing cloudnet virus that keeps coming back, I've use Malwarebytes to quarantined 8 infected files but it keeps coming back after i restart. I've read other forums about this and they removed the files using FRST but i need a fixlist.txt. Here's my FRST.txt and Addition.txt from my scan. FRST.txt Addition.txt
  5. Everytime these files get deleted from the temp folder but as soon as I reboot, they come back after a while. I have McAfee antivirus installed, it detected these files and quarantined them. I then deleted them from the quarantine folder too. I checked for some unusual processes in the background but couldn't find any. I then installed Malwarebytes again as it has always helped me with issues like this in the past. But the same thing happens with Malwarebytes too, it detects the files, deletes them, but as soon as I reboot, they come back. The names of the files are always the same as you can see from the screenshot. Please let me know the steps I should take to get rid of this malware. That would be extremely helpful. Thank you. Malware.txt
  6. After every scan I find new pups and when I connect back to the internet, the malware comes back again. I've tried adwcleaner and rootkit remover too. It's just leaving. Please help. Short of a breakdown.
  7. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/24/21 Scan Time: 8:28 AM Log File: 3be969a0-bc59-11eb-ab32-704d7b8812bb.json -Software Information- Version: Components Version: 1.0.1292 Update Package Version: 1.0.40846 License: Premium -System Information- OS: Windows 10 (Build 19042.985) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 416895 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 12 min, 31 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Malware.AI.1789883970, C:\USERS\MIKE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\RealTemp GT.lnk, Quarantined, 1000000, 0, , , , , CA506D440C2458326E009E94F9CE6A9D, E4A8DC888FFA298F0FC5222F35834EF28E94635B1EFD581E84A5FB7358D2704C Malware.AI.1789883970, C:\PROGRAM FILES\REALTEMP\REALTEMPGT.EXE, Quarantined, 1000000, 0, 1.0.40846, 2FE3B1653D6248036AAF7642, dds, 01258883, 65A2C5F28207F5CB52D048BB5AE3F3B4, 47CF3475CDA1B1D94F640139F228D96FD80FB5794ED865C32BFCF388950A6711 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  8. I recently visited a site call scamadviser.com and have not a legit site. Some of what I have found propose it may just be a site that acts like what is says. Others say it gives you malware some say it's ok. I have ran a scan manually (twice) and have come up clean. I am ok?
  9. This is a repost from this thread coming from a different board as suggested. --- Hello, Malwarebytes forum! Would like to report the existence of malware, of files coming out of the following URL: https://planetlemoncraft.com/ The website Planet Lemoncraft has been known for a long time for providing alternate download links for modifications for the game popular game Minecraft, which is hosted by themselves. Unfortunately for me, I was negligent in my vigilance this time and I downloaded one of the files from their server, called "Minecraft Forge", which is supposed to be an open source API for modders. Of course, the file that gets downloaded is not the actual "Minecraft Forge" as I soon discovered that the mod I'm looking for is hosted ONLY on the developers' official website ... but alas. It directed me to a site whereupon I got a "personalized" .msi file that is supposed to install the program. By personalized, I mean that no two downloaded files are alike. For instance, the attached file is called "minecraftforge_38876.msi", while when I downloaded one, it was called "minecraftforge_xxxxx.msi", with 'x' being any random number. It is worth noting that the actual Minecraft Forge installer does not come in an .msi file, but a .jar executable. I foolishly ran the file and went ahead with the installation. Upon completion, I got a Shortcut in my downloads folder called "MinecraftForge.lnk". Opening this takes me to a website whereupon another .msi is asked to be downloaded. At this point is when I stopped (or I was foolish enough to download it as well), when I got suspicious and looked at the new .msi file's certificates, which is certified for a "GanyMobile SAS" (or something like that) which should make it clear that it was malware. I immediately returned to my Downloads folder to purge all the files, but when I opened the folder, I see that the original .msi file has deleted itself upon running. I confirmed this by downloading another file from the same link (ridiculous, I know), which provided another personalized file, and when running the installer it automatically deletes itself (of course I didn't run the installer fully this time, I only opened it once to confirm that it auto-deletes itself upon running). Most troubling of all this is that Malwarebytes did not react to anything at all. I scanned the second downloaded file multiple times, as well as this one in the attachment, and I've gotten negative results. I even ran SpyHunter (suggested by a thread that suffered from this same issue) and found 0 results as well... I've had a manual look through %AppsData%, Program Files, and Common Files, and couldn't find anything that seems out of place. Perhaps I was lucky that I didn't get one that's packed with trojans, or there's an undetected trojan/keylogger sitting in my computer that will f**k my PC up for my carelessness. Please do have a look at the file attached as well as the downloadable .msi from the first link provided at the start of my post. I am aware that I am posting have posted this thread on the Newest Malware Threats board instead of the Newest IP or URL Threats. My current concern is with the status of my PC and whether it's currently susceptible to malicious activity or not, since I ran the suspected software. If I have indeed miscategorized the thread, then I apologize and I humbly request that this thread be moved to the other board instead of being deleted. Please do let me know how to proceed. Terribly anxious about the consequences of my error. I'm still hoping that it was a shortcut launcher and nothing worse... Thank you! -CrimsonSymphony (Attachments details can be found in the next page) The files attached are: FRST.txt Addition.txt minecraftforge_38876.rar - contains an .msi file similar to the one I downloaded minecraftforge.exe.rar - A .rar file containing the .lnk shortcut that was made upon the .msi file's completion (not 38876! do recall that the .msi auto-delete upon running) Screenshots 01 to 08 - Screenshots to help illustrate the description above. I did not take screenshots of the .msi file as I did not want to run it a third time. However, screenshots uploaded by others (for similar files downloaded from the same website) can be found in the Reddit links below. --- Please find results from the online virus scanners as suggested by the stickied thread of this board: VirusTotal - https://www.virustotal.com/gui/file/3da1a0b6a681f4d61cefd8f3a4806bf46336b053d19698e5eb86668dfb9663f8/detection Jotti - https://virusscan.jotti.org/en-US/filescanjob/ntknys4e8n VirSCAN - https://r.virscan.org/language/en/report/b75fc47a3b95ccb2fe212f25d6b0f498 --- A Reddit user u/Chengers had a look into this issue for a similar program (also for Minecraft) called Optifine, which is also "downloadable" from the deceiving URL mentioned earlier. He has written two in-depth posts about this which may come in useful for you guys: A dive into the fake Optifine variant "Planet Lemon Craft" and an analysis/write-up of what it actually does. - https://www.reddit.com/r/Optifine/comments/eo1hq5/a_dive_into_the_fake_optifine_variant_planet/ Hello all, The "Lemon Optifine" fake optifine exe has changed what it installs. I have just logged it with procmon and I need community help to filter through the ~13000 lines of logs to possibly make a .bat cure. - https://www.reddit.com/r/Optifine/comments/fus7vb/hello_all_the_lemon_optifine_fake_optifine_exe/ FRST.txt Addition.txt minecraftforge_38876.rar minecraftforge.exe.rar
  10. I'm working on a spamtrap project. I want to collect malspam and analyze malicious attachments. I have set up my analyzer but I have a big problem... how can I disseminate my honeypot e-mail addresses in an efficent way? I used to spread my e-mail accounts on fake data breaches on pastebin and post on forums but without results. Can you help me? Do you know better methods for spread quickly my email through malicious channels? Thanks.
  11. Hi, I started using ExitLag to connect games to the internet due to severe lag. However, whenever I start up ExitLag, I get the IP address blocked due to either malware or trojan. Is this a false positive or should I make sure this address is always blocked? Thanks for any information.
  12. Hello! I ran my scanner tonight before starting my work, and I noticed MBAM pipped on something in my Steam library, labeling the application launcher in my Star Wars Galactic Battlegrounds library as malware. The file it flagged was E:\STEAMLIBRARY\STEAMAPPS\COMMON\STAR WARS - GALACTIC BATTLEGROUNDS SAGA\GAME\PLAYER.EXE . I strongly suspect that this is a false positive, but I wanted to make sure of this before I begun working on my computer tonight. If I could get a tech, an expert, or staff member to look into this, I'd greatly appreciate it. I've included screens shots and the exported report down below. Thank you, and I hope to hear from someone A.S.A.P. -Sorr Star Wars.txt
  13. A friend of mine told me that the software was on but on total virus it detects it as a "Malware.Heuristic.1003" CL-Eye-Driver-
  14. Good morning everyone, This is my first post here and the truth is that I am very concerned about an APK that has been downloaded without asking and consent from a web page, to my mobile I will explain myself. I was browsing the internet and the website I was on had pop-up windows that I obviously constantly remove. One of them seemed harmless to me, but when it pop-up again for the second time, Chrome asked me if I wanted to download it again. I got very worried, download something again? I have not downloaded anything and also in the download directory there wasnt anything. As I was already afraid of the worst, I began to do tests with that page that managed to download an APK on my mobile without permission, I discovered that it was downloaded without requesting it and that it erased itself or disappeared in a minute. I want to make it clear that I didnt install the APK, but the fact that it disappeared / deleted by itself made me worry a lot. I supposed that the system itself could be the one that was deleting it but I downloaded another different and legitimate APK(I didn't installed) and it was not deleted. Therefore, there are only two options left, the apk is activated by itself without touching anything or the system detected that the apk was malicious and deleted it. My mobile is a redmi note 9 pro, it was not rooted, it was new one, to avoid problems I have decided to do a factory reset, but I am still worried about whether the virus is still there. I also analyzed the APK with virustotal, here I leave the analysis https://www.virustotal.com/gui/file/2778fb84d1db7bb27792cf3588090c76c0f8007cdcd89af3e00dd23deaed52b4/detection I used antivirus before the factory reset like avast, avg and malwarebytes, but it didnt find anything wrong. I insist that I didnt install the APK, is my phone in danger? the factory reset is enough? Should I flash it to avoid the problem as much as possible? The thing that realy bugs me is that the apk dissapeared after the auto download. Thank you very much for your attention and your answers And sorry for my bad english
  15. Hi all, I've been in quite the pickle. Yesterday morning I got a mcAfee notification pop up that said "we've scanned your download and it's safe!" or similar, and this was "rundll32.exe" now, I know this is a system file and I had not downloaded anything while this occured, I wish I had taken a screenshot. To be safe I did a lot of different processes. First, I did a scannow on system32, all clear, nothing unusual there, I did a Mcafee full scan and it detected nothing, and Malwarebytes did not either. When I tried Windows Safety Scanner, this baffled me- it found 5 infected files on my entire PC, but the conclusion at the end was that it had found no malware. Here's what it looks like when I search for rundll32.exe below of this post, I am at such a loss and I'm worried and I don't know why mcafee suddenly gave me the popup it does when one would download in real time and it'd scan, so something or other downloaded, and I'm concerned. Please let me know what I need to do, what I can send back, I would be endlessly appreciative of the help. Here's the search results, those search ones are probably from me frantically searching yesterday.
  16. A few hours ago for no apparent reason my laptop began moving slowly. In particular downloading and opening downloads takes a very long time. I have run my Malwarebytes Premium Antivirus, Adwcleaner, Microsoft MSERT Security check but to no avail. Could you kindly investigate this? My laptop is an Inspiron 5570 I am using Windows 10 and Chrome Browser. Thank you
  17. Hello, I saw that Malwarebytes was involved in the discovery of the new Silver Sparrow malware, but was wondering if Malwarebytes Mac version can detect it? I couldn't find any references to Silver Sparrow on the Malwarebytes site. Here is the reference article: https://redcanary.com/blog/clipping-silver-sparrows-wings/ Thanks!
  18. Actually I was using an app from a third party site. Scanned it with Malwarebytes and it didn't detected anything, Neither with the apk nor with the installed app. Today I scanned the apk with virustotal and it is showing me 3 detections. Here is the result: https://www.virustotal.com/gui/file/8d8271e6dfbb750d2a1e61e4cfd4b15a443c517ad13598340d940a64f47c64c5/detection I don't really understand what are these detections. Are these detections very serious? Actually I didn't gave the app any permissions by myself. Is it possible that due to these detections/malware in app it might have got access to my camera/storage by itself ? I was using this app from a while that's why I am very much panicking due to this. Really need your help.
  19. Nothing much to say here. A malware added exclusions to my Windows Defender that I cannot remove. I do not know how to fix it, but I have seen a solution with FRST64 however I dont know how to do it. Please help me.
  20. About 2 weeks ago I downloaded Internet Download Manager patch from a suspicious site and after that I have been noticing COMSurrogate process taking up about 20% of CPU usage in task manager. I ran Malwarebyte and it detected 2 malware, one registry item called MSDLLHelper under HKU\S-1-5-21-2376670492-3024356693-3209832367-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSDllHelper and a program call DLLHost.exe under C:/User/danny/Appdata/Roaming/DLL/Dllhost.exe. I have since uninstalled Internet download manager and quarantined the malwares but every time I boot up my PC this 2 malware will show up again and I had to quarantine and delete them again. Is there any way to remove them for good and prevent them from spawning again? I understand I need to attach some logs and the fix scripts from other posts are user specific, please assist me with the process, thanks. Screenshot is attached below.
  21. Hello, I'm glad this forum exist. I've already had virus problems in the past, so I'm really cautious now. But recently i've been on websites for streaming (www12.9anime.to). And suddenly my search query are redirected to Bing through Charmsearching.com. I don't have any extensions in my browser that is abnormal. I don't have any clue why it has been installed since I didn't download anything. How did it happen ? I've read that this malware sells your data for identity thief, and I'm really worried since my browser is chrome and multiple Google account are connected to it. What are the risks ? Malwarebytes don't detect anything with a scan ! Thank you for your help.
  22. Last time on Sunday, January 24th, 2021, I was taken along for my research to find a better program to make my videos, yet, I was found on torrent website and download the pirated versions for adobe Photoshop and adobe after-effects. Then I have a Chance to Install it, but no one seems to appear. Where’s the Installation pop-up, where’s a language Install selection, none of It doesn’t have their options to work. I was trying to use a crack to Install the program, but It wasn’t an Installation or a setup.exe, But It went turning out to be a hoax. And my entire C drive Is filling up over 132GB to 109GB. That Is one of the most dangerous malware That I would like to show to you as proof. https://www.file.net/process/set-up.exe.html This Is the Set-up.exe. Using with Hyphen, but not altogether with setup.exe. One of the most dangerous Malware causes to filling up the C: Drive Infected. And It did try to fool those people themselves, Including me. I Had a chance to restart my computer, Using the whole scan and deleting the set-up.exe, But It doesn’t work since they kept filling up my C drive. However, Moving the files over to the HDD Drive such as Toshiba, Seagate, and the Others, for instance, Does It have a chance to move a lot safer? That might be one problem: The malware connects In between the files infection. Because moving over Wasn’t a great idea for the virus. Because once your files move over and connect to the other laptop systems, It would Infect to fill your C: drive than before & I’ve seen everything, a lot worse and worried. I can’t remove the hidden virus and hidden files to stop it. If anyone could help me, I would glad to set things right. .
  23. Hello all! i need your help please! i brought it to myself, i downloaded a program from a site i didn't know, and it was a malware once downloaded and extracted windows defender detected trojan Win32 Yamacco.AA2B as show in the picture (1) and the problem is i clicked "allow" by mistake then the other one picture(2) trojan win32 Tilevn.A got dettected, i don't remember what i did there since as you see windows says restored or removed from quarantine! then i deleted that program i downloaded, i tried runing it but it was blocked and it said that it contain a virus, so it wasn't instaled i instaled malwarebytes, and started runnign a scan with it and with windows defender too, then defender detected the last one as shown in picture (3) trojan:html/phish!msr got detected and got blocked i clicked "remove" and went to the directory of the files infected it showed, and deleted them! so it was deleted but of course i allowed that one so i panicked! i wanted to know if it's really gone and that's why i'm hereand i did many things, i instaled microsoft safety scanner, and did a full scan with it many timesdid a full scan using windows defender too, and also windows deffender offline scan!many scans with multiple programs, eset online, malwarebyte, hitman pro, zemana,booted my pc on safe mode and did scan with malwarebyte again, none of them detected anythingwent back to normal booting did also a boot clean and some other forms of cleaning, a sfr scann on the command prompt, cleaned the cache disabled the system restoredid a cleaning that delets the browser cache and stuff with CCleaneri changed my emails passwords..i don't remember what other things i also did 0 threat found, i suffer from generalized anxiety and this virus thing made me panick hard lol i worried that infos from my pc were stollen since i had some passwords written in doc.txt filescomputer seems working fine nothing unusual no weird pop ups nothing out of the ordinaryso is it gone? am i safe? or a hard wipe and reinstaling windows is needed ? i wish i won't have to do this
  24. Hello, I keep getting a Malwarebytes notification for the following (see images and text file below). Any help would be greatly appreciated. I downloaded a game save file, which in retrospect was pretty stupid, and now I get this notification every hour or so. I've run Malwarebytes and Kaspersky Total Security scans and found nothing. Any help would be greatly appreciated. I blocked out the IP address because I'm not sure if that is mine or whoever my computer is trying to connect to and didn't want to just give that out to the internet. Thanks, John malwarebytes report export.txt
  25. To anyone who can assist! I have come across an issue with my internet being increasingly slow. Upon further investigation, and using Malwarebytes excellent detection software, i have found that malware (pup bikiniland, pup ask) being continually being reinstalled and present every time i reopen chrome. I have tried resetting the "account sync" for Chrome per the instructions of the post that solution regards, to no avail. Attached are multiple scans done that were outlined in the post created indicating how to inquire for assistance. "scan.txt" indicates a scan done without the rootkit scan function enabled, and "root.txt" indicates a scan done with the rootkit scan function enabled. Blessings! Ryan S. FRST.txt scan.txt root.txt Addition.txt
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.