Jump to content

Search the Community

Showing results for tags 'Windows'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Problem: Windows security center do not register malwarebytes, so it was, but disappear (i do not know when). What I already have tried to do: recheck option in malwarebytes settings with restart, reinstall malwarebytes. Also add logs to this message. mbst-grab-results.zip
  2. None of these files were previously detected, and I have reason to believe that they are false positives. I'm not certain what the registry key is for or if it is genuinely malicious. Scan results attached detections.txt
  3. just like the title says i just bought the license for premium but when i try to activated thru token or email it says Installation_token Not Found. (Any help would be appreciated kind stranger.)
  4. Hey I'm new, so I hope I spotted the right location for this following question: I checked my Windows Partition for maleware and was suprised, that some files are reported, which might be actually a false positive. I'm not sure about it though. All files are located at some subfolder in "Win Kit", which should be legit. The Folder itself is owned by the user System, if it matters. Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 09.09.21 Scan-Zeit: 12:13 Protokolldatei: 971536ea-1156-11ec-b63c-00155d9f235c.json -Softwaredaten- Version: 4.4.6.132 Komponentenversion: 1.0.1453 Version des Aktualisierungspakets: 1.0.44771 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 10 (Build 22000.176) CPU: x64 Dateisystem: NTFS -Scan-Übersicht- Scan-Typ: Benutzerdefinierter Scan Scan gestartet von: Manuell Ergebnis: Abgeschlossen Gescannte Objekte: 428119 Erkannte Bedrohungen: 17 In die Quarantäne verschobene Bedrohungen: 0 Abgelaufene Zeit: 1 Std., 4 Min., 53 Sek. -Scan-Optionen- Speicher: Deaktiviert Start: Deaktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 17 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\ASSESSMENT AND DEPLOYMENT KIT\IMAGING AND CONFIGURATION DESIGNER\X86\WPX.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, A7852E1037689A0B7E72BA0FB1087151, DC6B3F33F885DF5E129E4659C911E587042448A788CB9FDBF5FDC741F86A787F Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\ASSESSMENT AND DEPLOYMENT KIT\WINDOWS SETUP\X86\SOURCES\WPX.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, A7852E1037689A0B7E72BA0FB1087151, DC6B3F33F885DF5E129E4659C911E587042448A788CB9FDBF5FDC741F86A787F Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\UPDATEAPP.EXE, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, 6BDB234968BBB3F23DE160BDF4293F94, 738C171ACA2D232112CE097FC15CB72777A67F86DB1C9919429115FF1DFB4124 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\PARSEMANIFESTLITE.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, 81BBC7F98725F4CB7CFC919E97240E8A, B4BE46675225329802F82B05465A7C182825AE3A90B1184BF72E12EC546718AB Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\IMAGESTORAGESERVICE.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, D43C0C1BDA8A7F931BDAC7BB021A2DBE, 7897116D759400A6E4948E521109175581ED5AF530085A06D59697663F257D71 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\LOCBOOTPRESETS.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, FD2763E6B672AC8BAC9C5B4DE48F8BCE, 2F26ED4C9728F0B7F1311866856160D439A784BCB75FF399F61A7CE06C85EDC0 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\CBSCORE.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, 914A523E7171C1BB3EBCC5E9EDEC4CB9, 4C4B4B2EA869E8E07D4D18431BF862E89610975C730A4EA1BB806877585AB1E5 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\UPDATEDLL.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, CF6BE6E3E9116AAE007F4052DBDAA160, 78470CAB61A0E9E9712BCEFD21C4BFFFB7344B3855DE204F4649570B91492FED Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\WPX.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, A7852E1037689A0B7E72BA0FB1087151, DC6B3F33F885DF5E129E4659C911E587042448A788CB9FDBF5FDC741F86A787F Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\CONVERTDSM.EXE, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, 197C4AEBC1FFA20F3AF7153708DF20B3, 11B86A5ADA4F0F22BF8E5320557E1A719727314740ABD8A816A8CF5B09FEA222 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\UPDATEAPI.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, 75E1993BAEEBFFA0EFC8C6015938555C, C3C4AE7DDAC8883AF38A86BC41D07C14AA6EB738C81C6188AAC0955A9EE22D12 PUP.Optional.DotSetupIo.BundleInstaller, C:\USERS\LITTLEFREAK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\OLD_CACHE_000\F_0003DE, Keine Aktion durch Benutzer, 14615, 935457, 1.0.44771, , ame, , 9AAE14A44AC7006DDB8326B85453CA89, EAE92E26E46B62990316AA063123D65F2F1ABD2701B9272B5AFDF4BC877F6882 Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) The question of the day is: is my pc at risk/ should I intervene? Or are they a false positives as I believe? Thanks in advance for your help.
  5. Here's the Information. I really hope i don't have a virus in my computer , and it's possibly just a false Positive. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/24/21 Protection Event Time: 9:54 PM Log File: 9dbb789e-d51d-11eb-a8fa-1c6f655d1155.json -Software Information- Version: 4.4.0.117 Components Version: 1.0.1344 Update Package Version: 1.0.42185 License: Trial -System Information- OS: Windows 10 (Build 19042.1052) CPU: x64 File System: NTFS User: System -Blocked Malware Details- File: 1 Trojan.Crypt, C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe, Quarantined, 601, 949123, 1.0.42185, , ame, , B81EE7D3AC6D2AF9E931C8B79811C1AB, 6B85223B9156076F0B5D203551DBDB9AD604013AB7C1C991631A63000F300761 (end)
  6. I recently torrented software from a trusted uploaded on THAT website, and now something has access to my PC that shouldn’t possess it. Malware bytes and other anti malware software like adw and far are are being closed automatically. My free antivirus Avira is still working normally, and I’ve launched at least a dozen scans. It’s not reporting any further malware but I know it’s there. Notepad is among the software that auto closes as well. please advise, I do have a laptop nearby if that will help any. I’m ready at my phone to provide any necessary information.
  7. Just showed up on a scan. Haven't downloaded anything new or anything. Super weirded out by the 6 finds though. Exported the scan info below, would love opinions and help on what to do next. Potentially having malware on my PC freaks me out. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/8/21 Scan Time: 8:55 PM Log File: 65838a92-b07a-11eb-91d2-38d54710e326.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1292 Update Package Version: 1.0.40238 License: Premium -System Information- OS: Windows 10 (Build 19042.928) CPU: x64 File System: NTFS User: PromethiumPC\Promethium -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 342284 Threats Detected: 6 Threats Quarantined: 6 Time Elapsed: 2 min, 23 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 5 Malware.AI.1035458231, C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_32\PRESENTATIONCORE\AA9C1B7D97605C62DA47F787BF616815\PRESENTATIONCORE.NI.DLL, Quarantined, 1000000, 0, , , , , 59CC10239EA4A5A8004DABFD09DCF838, A6F04A14F72140B29C7DAD7F3C3F83B0297B4C0A45BDCFF18647707426BF66FD Malware.AI.1035458231, C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_32\PRESENTATIONCORE\AA9C1B7D97605C62DA47F787BF616815\PRESENTATIONCORE.NI.DLL, Quarantined, 1000000, 0, , , , , 59CC10239EA4A5A8004DABFD09DCF838, A6F04A14F72140B29C7DAD7F3C3F83B0297B4C0A45BDCFF18647707426BF66FD Malware.AI.1035458231, C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_32\PRESENTATIONCORE\AA9C1B7D97605C62DA47F787BF616815\PRESENTATIONCORE.NI.DLL, Quarantined, 1000000, 0, , , , , 59CC10239EA4A5A8004DABFD09DCF838, A6F04A14F72140B29C7DAD7F3C3F83B0297B4C0A45BDCFF18647707426BF66FD Malware.AI.1035458231, C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_32\PRESENTATIONCORE\AA9C1B7D97605C62DA47F787BF616815\PRESENTATIONCORE.NI.DLL, Quarantined, 1000000, 0, , , , , 59CC10239EA4A5A8004DABFD09DCF838, A6F04A14F72140B29C7DAD7F3C3F83B0297B4C0A45BDCFF18647707426BF66FD Malware.AI.1035458231, C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_32\PRESENTATIONCORE\AA9C1B7D97605C62DA47F787BF616815\PRESENTATIONCORE.NI.DLL, Quarantined, 1000000, 0, , , , , 59CC10239EA4A5A8004DABFD09DCF838, A6F04A14F72140B29C7DAD7F3C3F83B0297B4C0A45BDCFF18647707426BF66FD Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.1035458231, C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_32\PRESENTATIONCORE\AA9C1B7D97605C62DA47F787BF616815\PRESENTATIONCORE.NI.DLL, Quarantined, 1000000, 0, 1.0.40238, 8F961A44701714803DB7D6B7, dds, 01237109, 59CC10239EA4A5A8004DABFD09DCF838, A6F04A14F72140B29C7DAD7F3C3F83B0297B4C0A45BDCFF18647707426BF66FD Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  8. Trying to download an activation key and then suddenly my real time protection cannot be turned on. I managed to turn on windows defender but i cant turn on real time protection can someone help me?
  9. Hello all! i need your help please! i brought it to myself, i downloaded a program from a site i didn't know, and it was a malware once downloaded and extracted windows defender detected trojan Win32 Yamacco.AA2B as show in the picture (1) and the problem is i clicked "allow" by mistake then the other one picture(2) trojan win32 Tilevn.A got dettected, i don't remember what i did there since as you see windows says restored or removed from quarantine! then i deleted that program i downloaded, i tried runing it but it was blocked and it said that it contain a virus, so it wasn't instaled i instaled malwarebytes, and started runnign a scan with it and with windows defender too, then defender detected the last one as shown in picture (3) trojan:html/phish!msr got detected and got blocked i clicked "remove" and went to the directory of the files infected it showed, and deleted them! so it was deleted but of course i allowed that one so i panicked! i wanted to know if it's really gone and that's why i'm hereand i did many things, i instaled microsoft safety scanner, and did a full scan with it many timesdid a full scan using windows defender too, and also windows deffender offline scan!many scans with multiple programs, eset online, malwarebyte, hitman pro, zemana,booted my pc on safe mode and did scan with malwarebyte again, none of them detected anythingwent back to normal booting did also a boot clean and some other forms of cleaning, a sfr scann on the command prompt, cleaned the cache disabled the system restoredid a cleaning that delets the browser cache and stuff with CCleaneri changed my emails passwords..i don't remember what other things i also did 0 threat found, i suffer from generalized anxiety and this virus thing made me panick hard lol i worried that infos from my pc were stollen since i had some passwords written in doc.txt filescomputer seems working fine nothing unusual no weird pop ups nothing out of the ordinaryso is it gone? am i safe? or a hard wipe and reinstaling windows is needed ? i wish i won't have to do this
  10. My PC came with preinstalled Windows 10 and I've got this PC for 2 years. It is ASUS laptop (Republic of gamers). I would check the model but I'm not home yet...so ill update that later. Windows Defender keeps telling me about this PUA. I have been scanning my PC all over again and tried clearing out temporary files and such but still shows the PUA as active,I have F-secure installed and as my main AV but I did a full scan with WD too after getting a blue screen while browsing internet. I know the Recovery folder is not even visible by default...I know I can't access it even when it is visible. Location of the PUA that Windows Defender notifications keeps telling about ---> containerfile: C:\Recovery\Customizations\usmt.ppkg file: C:\Recovery\Customizations\usmt.ppkg->\ICB\MachineSpecific\File\C$\Program Files (x86)\ASUS\GameFirst IV\Driver\tdi\i386\netfilter2.sys file: C:\Recovery\Customizations\usmt.ppkg->\ICB\MachineSpecific\File\C$\Windows\System32\drivers\netfilter2.sys I think it might be ASUS preinstalled program but I can't know for sure since I can't access the Recovery folder (and even if I could I think I still would not know for sure).The other netfilter2.sys was deleted (maybe) since it was no longer in it's folder. Win32 ASUS drivers folder (deleted by Windows Defender after full Scan)? Windows Defender keeps telling me about the PUA. I have tried deleting the detection history but it has no effect.The notification only appears with Windows Defender full scan. No other AV program will detect it (MalwareBytes, HitmanPro, AdwCleaner, F-secure, Windows Defender Offline scan/quick scan, Windows Safety Scanner). I would just like to get rid of it I don't care if the program is actually made/preinstalled by ASUS or not as long as deleting it has no effect on my PC/it's performance. Is netfilter2.sys important? What does it do and do I need it for my PC to work or will it have any impact on my PC's performance? Is the Recovery folder important and will deleting/altering it have severe harmful effects on my PC? Some people said they got blue screen and that their PC wont boot after deleting it. I have been told in Microsoft community, Microsoft Support, F-secure forums and else where that it is most likely a false positive but no one could confirm this for sure. Since F-secure never detected anything it should be false positive and nothing more yet I have not been able to use my PC without feeling paranoid over my accounts/safety. I'm just too paranoid about this. I don't want to do a system reset since getting F-secure back and installing all the 30+ games and other software that I have would be a pain. Can ASUS Backtracker get rid of the Recovery folder that (should?) be ASUS Recovery folder and not the Windows 10 itself since it was preinstalled? Can the netfilter SDK itself somehow be deleted or just delete its Recovery files since Windows Defender can't seem to get rid of it and other AVs don't detect it. Is here anyway to either get rid of it or confirm that it is actually not harmful? I can't check the original file since it got deleted and just the file in the Recovery folder remains. Also what is Win32/DefenderTamperingRestore? Got that notification after scanning the recovery folder with Windows Safety Scanner. No mention about the PUA tho and said that Win32/DefenderTamperingRestore was deleted. I did a Repair Upgrade from USB when trying to get rid of the notification so that might have caused this? If anyone has any suggestions or ideas on what I should do I would really appreciate it. (Sorry for having so many dumb questions and sorry that this is so long but I'm just really freaked out about this).
  11. Hello all, first time poster. I have started coming across weird networking/firewall issues after prolonged use of my computer (I leave my computer on for the most part.) I'd say after about 2-3 days of being on, these issues will suddenly start occurring. Such issues include - OBS Studio will not authenticate with Twitch to provide API elements (The chat and stream info windows will not appear, resuilting with the error: failed to authenticate with twitch) Loading webpages taking a longer time than before... about 10 seconds to load up a google search page. Microsoft Remote Desktop Protocol (RDP) will not work period - either via the internet or locally to my home server. My computer can ping my home server, but the server cannot ping my computer from command prompt.... despite my computers DHCP-assigned static IP showing up when using arp -a. Windows Defenders Firewall WILL NOT load (Although I hear that MBAM may set the Windows Defender processes to be Manual rather than automatic so that may explain this) When creating sessions in games like Monster Hunter World, the session takes F O R E V E R to load. Likewise, using Splashtop (my work's remote access software) to remotely access client computers also can take a prolonged time than normal. Restarting the computer resolves all these issues and everything works as normal. Me being in IT, I thought a networking issue might have been causing this (Specifically thinking that port 443 was being blocked or something) but after running several port checks, updating my routers firmware, updating my LAN driver on my pc ect I determined that the issue is isolated to my system. Then I found this post on Bleeping Computer (Hopefully link sharing is not against the rules here..): https://www.bleepingcomputer.com/forums/t/716117/cannot-open-windows-firewall/ And noticed all the similarities between me and this poster's issues - specifically that we both have MBAM Premium. After finding this revelation, I have come here to seek help on the matter. I am running Windows 10 1909 with MBAM Premium 4.1.0.56. I apologize if this issue has been posted before but it is kind of difficult searching up this topic..
  12. Hi, today i found on task manager that "Antimalware Service Executable" is using 90% of my cpu, what can i do? Thank you
  13. Hello , I have a very persisting spreading screen virus on my asus windows 10 laptop ( and others) By my knowledge it only messes with my screen ( makes it reddish gloomy and seems to slightly pulsate) but it doesn’t freeze your computer or such or searches for information, to my knowledge. I have the same issue on multiple pc’s and 2 macs ... they have AlL anti virus protections Malwarebytes , clamxav on macs and also malwarebytes free version and f-secure on pc , the latest windows updates , And standard and administrative accounts... tried with several anti virus programs but none seem to recognize this.... the virus spreads from even connecting an external device without opening anything. From Mac to windows ???? it presumably originated from a malicious torrent file Downloaded years ago. And has gotten on every computer in my house via usb connection. I know from trying On the macs that erasing your drive and reinstalling the operating system Doesn’t solve the alterations . Even booting to an other drive with a clean system gives no good result. The infection on my latest windows pc comes from the ext. ssd connected to that infected Mac ..,, I have tried on the windows to go to a restoration point . But that doesn’t do anything. I am going to try to restore my laptop to original factory settings . But I hoped that I could find a Different thoroughly solution from my malwarebytes antivirus here at the help forum? I have posted on the forum before but then Mac related. And have been told that a virus doesn’t work like this on a Mac . I do not really know if it would be categorized as one . But I know these screen alterations spread so that must be some kind of coding or such. are there any steps I can take before trying to reStore my pc to factory settings ? I didn’t make a backup yet as the pc is a month old . I do have a recovery drive from my windows fully updated. And have enabled the windows restore at start of boot. with kind regards jonas
  14. Our work from home computers cannot access Outlook anymore since MB is blocking the same exploit that I see posts about from 2-3 years ago. We can't get into delete the offending email as "Contacting Server" pops up and then MB crashes the program. It is now happening throughout all the desktops of our visual & graphic media teams. I see a MB post from April 2017 that is a known issue and you are working on it. Its 2020 and I can't find the answer for why its happening in 2020 or how to stop it as we crash or the block kicks in from MB. Help is appreciated.
  15. I recently opened a Microsoft Word document i was sent my someone who i didn’t know very well. When i opened it my mind began racing as to why he would want me to open this... that’s when i got to googling and found out about “Malicious Macro’s”. That’s when i decided to have a look at my Task Manager, there i found a file called “Launch” in my Start-Up. I disabled it right away and then began finding more and more suspicious things running that i knew were not previously there. One was called “Coordinator.exe”. As i started digging more clicking on “Open-File-Location” i found a folder full of at least 100 python scripts... in my panic i deleted almost everything i suspected to be malicious... i found dozens of DAT files and text documents which are mostly appearing in Temp folders in Users>Local>Temp and Windows>Temp. The DAT files are all just named a random assortment of characters and the text documents are all called the name of my PC and then random numbers, these text documents are being dumped into Temp hour after hour and contain a sort of Log looking thing? However i don’t know what it is logging... I also found a file called “ZoomInfoContactContributor” blah blah blah.. I believe this to be a part of the malware as i have never used Zoom before. I did a google search and found that it could be malware, you can see it for yourself here: https://www.hybrid-analysis.com/sample/0ac026cc1f7a108f5fd908f7703d8af1d14735cff2556f230f902990321563b7?environmentId=120 although i could not really make sense of it. I have also done a MalwareBytes scan (with Rootkits box checked) and it found 0 Threats in an 8 hour scan... So what i want to know is... did i disrupt this malware in my tangent of deletion? or could it still be present somewhere undetected? Thanks in advance.
  16. i know my computer is infected because each time I enter chrome it has two new extensions with strange names like "sleepy science", "wild medicine", "unusual community" and such. I scanned with malwarebytes and adwcleaner but both said that there are no detections. What can I do to stop getting this extensions?
  17. Hi, I want to delete the malwarebytes trial version from my system. When i follow the normal method through control panel it doesnt get uninstalled, a dialogue box appears but then nothing happens. So i downloded mb check and I have attached the file below. What should i do now? mb-check-results.zip
  18. Good morning everyone, I'm new in this forum, I really hope you can help me. Yesterday I've find something strange in the behaviour of the PC: Windows Defender doesn't find any problem but when I open its history it crashes. I've find the name of the maleware before the last crash (Trojan:PowerShell/Mountsi.A!ml). Running MalwareBytes I've found some malewares so I eliminate them but the problem is still there! Thanks.
  19. I have been using KMSpico to keep my windows activated for a long time now, and i never got any issues, but tonight i realized that the windows was deactivated, so i went to use KMSpico again but it got insta deleted, even if the windows defender is not activated, so as i tryed to get to the quarantine mode or something, i realized that a lot of information did not appear to me, and when i tried to check de history of protection, windows defender just closes whitout opening anything
  20. Hi all, First time with this type of trouble and I've come across this forum via a Google search which I had started reading through this thread here: I will try to do my best here in understanding and communicating with the everyone and your knowledge. Thank you in advance for any help. I'll try and keep this simple and broken down into what I know. To start I am running Windows 10 on a Cyberpower PC that I purchased about 3 months ago. As briefly as I can be I use this PC strictly for iRacing and use only a limited number of applications that run along with it. I use Chrome as a web browser which is pretty much just familiarity and a preference. This whole adventure started when the command prompt opened on me in the middle of a race. I noticed in the task bar following this race that Internet Explorer and Chromium were there. Not thinking too much of it as this was the first time it happened I unpinned them and continued what I was doing. This happened again several hours later and I got to investigating this Chromium deal. I am now familiar with what it is and how it works and I also learned more about Electron and how it operates some of the apps I use such as Discord and Simracingapps. More familiar with how this all comes together I continued with trying to get these apps removed. Im almost positive I had uninstalled Chromium via the command prompt and a hidden folder in This PC>Windows(C:)>Users. I also took a second look at SAntivirus which is my fault for not noticing sooner and I found out all about that.. I followed instructions to remove SAntivirus by rebooting in "Safe Mode with Networking". The following step is to download and install Malwarebytes. As there seems to be no way to connect via WI-FI in this mode (which is currently all I am able to use) I downloaded on my Surface and tried to install but it still needs to download during this time so I could not do so. I went on to the next steps as they were 2 more removal softwares so I figured leaving one out would be just fine. These were HitmanPro and then Adwdefender. Following the instructions to reboot after the Adwdefender scan all I booted to was a black screen. I restarted using the power button on the tower out of frustration at this point with this already being a 4 hour headache. When I powered back on I navigated back to where I was given the options that included "Safe Mode with Networking" and others. Since I was familiar with that one during this process I chose it. Boot to black screen. Reset again and believe I chose the startup troubleshooting after finding it and chose some type of boot recovery. This is where i was starting to see red so I cant remember exactly and I dont want to really do much else on here using that route unless instructed to do so. But that sounds about right. This went through and finished and the pc booted and I am at my desktop and logged in. Now whatever it did to recover gave me a sigh of relief but now I have the apps that I originally started this process to try and remove(Chromium and SAntivirus)back again along with 2 or 3 others that I have decided not to use and had previously uninstalled. All I want is Chromium off of my computer for good. I'm sick of saying the word. I'm sick of looking at it. SAntivirus Realtime Protection Lite off my computer for good. I'm already planning on being more vigilant for these things as the SA snuck in thetr on me. Also using all three of these softwares in the future to help me do thst... if Malwarebytes doesn't hang up on installing that would be great too. Seems I'm at a point here where I can try this all again with some of your help. Thank you for your time, Ryan
  21. Hi, I am writing on behalf of a friend who asked me for help, but I don't know how to help him, in practice from today on his PC starts "sppsvc" and makes the cpu reach 30%, I suppose windows is cracked, but he the pc took it like this, so how could it be solved? Thank you
  22. is it a virus? print : https://i.imgur.com/jG1Q9tf.png Error Mensage : Acess to protected memory was blocked App or Windows process blocked : WinSat.exe Blocked by : controlled folders Can anyone help me?
  23. Hello, I made my first computer about 5 months ago, I activated the Windows with kmspico. For the first 2 weeks everything worked fine: Windows update, Windows defender etc. But then problems started to occur: I stopped getting the update, the Windows defender stopped working and the computer started acting strange, sometimes it would shut down or restart or lose the signal from gpu. I would just like to try to fix the windows update and the windows defender because I do not feel safe while using this computer. Even though I know reinstalling Windows will be the best option, I do not wont to lose all the data and files, first I want to try to fix it. I started looking at this post: https://forums.malwarebytes.com/topic/241381-kmspico-installed-problem-with-windows-10/ but i figured out the post was closed so i decided to open my topic. Thanks in advance.
  24. Hello, I had issues with my Malwarebytes updating. The error windows that pops up with, "An error has occurred." I uninstalled Malwarebytes and deleted the Malwarebytes folder under Programs. I downloaded and installed the mb.support tool and clicked "clean". After my my computer rebooted, I accepted the re-install for Malwarebytes. The install fails and the error windows that pops up with, "An error has occurred." and "Malwarebytes for Windows installation was aborted." I don't have a license, I use the free version for my pc. I have extracted and attached the logs. Please review the attached file and get back to me, thank you for your support. mbst-grab-results.zip
  25. An Unknown computer named TERRY-PC appeared on our Mbam device list. Neither my partner nor myself have given access to a third party. After searching the name it would appear to be in some way connected with Microsoft Win 10 admin operations. But how could it appear on my Mbam device list without being registered and obtaining access by password? Or are devices operating on the computer simply reflected in the Mbam device list? Unclear about that. Next question concerns security. Can a user on a shared Mbam account hack the online data of other users? Ty in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.