Search the Community

Hello, I have a system running Win 10 and Malwarebytes Home Pre. It appears when I am on the Yahoo email page I randomly get redirected to securessl-dl.com, which is immediately blocked by Malwarebytes. A full scan of the system has not found any malware or other issues. Win Defender and Kaspersky scan also does not find anything. This is the report: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/8/19 Protection Event Time: 7:25 AM Log File: 74f317e2-1340-11e9-b068-94c6916e2bf1.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.508 Update Package Version: 1.0.8678 License: Premium -System Information- OS: Windows 10 (Build 17134.472) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: PUP Domain: securessl-dl.com IP Address: 18.235.178.113 Port: [63289] Type: Outbound File: C:\Program Files (x86)\Internet Explorer\iexplore.exe (end) Anybody see anything like this? Thanks, Larry

Hey all, I have a plugin for Internet Explorer that I need to run in order to watch legal video streams. Unfortunately, I can't run it while Malwarebytes is running because the browser crashes and Malwarebytes gives me the reply you can read in the attached file. Can anyone explain how to exclude this addon so I can watch the video streams? I don't want to exclude IE altogether because I don't want to be exposed to malware. Thanks! error.txt

Hi Team My websites like https://www.changehomepage.net/, https://www.commerce-microsoft.com/, https://www.fixfirefoxerror.com/, https://www.incredimailsupports.com/, https://www.microsoft-number.com/, https://www.thunderbirdsupport.com/ are now malware free. All the information given in the websites are true and very useful. Kindly white-list these websites ASAP. Thanks & Regards Ron Weasley

Same problem here. Any results? ---------------------------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/27/18 Protection Event Time: 8:21 AM Log File: 06c7bc0a-3187-11e8-8fa3-40b03415914b.json Administrator: Yes -Software Information- Version: 3.4.4.2398 Components Version: 1.0.322 Update Package Version: 1.0.4490 License: Premium -System Information- OS: Windows 10 (Build 15063.966) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: Internet Explorer (and add-ons) Protection Layer: Application Hardening Protection Technique: Attempt to execute VBScript blocked File Name: C:\WINDOWS\system32\VBScript.dll URL: (end) Already tried --> FRST64, AdwCleaner, Sophos Virus Removal Tool with no results, zie logfiles att. Disabled all add-ons in IE with no results Is there an solution for this? Regards, AvL FRST.txt Addition.txt

Every time I open a new page in Internet Explorer I get a Malwarebytes pop up that tells me "Exploit automatically blocked". This happens for every page including blank pages since 9/17/17 and is getting really annoying! Below is the report text, any help would be appreciated. -Log Details- Protection Event Date: 11/17/17 Protection Event Time: 10:07 AM Log File: 02064c3e-cba9-11e7-a8f9-0250f2eb72f3.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3282 License: Premium -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: Internet Explorer (and add-ons) Protection Layer: Application Hardening Protection Technique: Attempt to execute VBScript blocked File Name: C:\WINDOWS\system32\VBScript.dll URL: (end)

Hello all, My moms laptop HP Pavilion g7-1117cl is running slow especially while on Internet Explorer 11. The most she uses it for is on Pogo.com games. i have run the following items: tweaking registry cleaner CCleaner ATF cleaner TFC windows defender microsoft security essentials malwarebytes super antispyware Also did a check on drive c disk defragmenter and it is 2% fragmented. I also did a disk cleanup and no real improvements have been made. I uninstalled IE 11 and restarted the computer, it went back to IE 8, the games on Pogo and all websites loaded great and fast. I reinstalled updates for IE 11 and it went back to the slow speeds. Also it is now showing drive E as 0 bytes full and 0 bytes space available. Autorun doesnt pick up on one cd that we have tried so far. The laptop is windows 7 home edition 64 bit. I did run the threat scan and have posted the log below for malwarebytes. Any help is appreciated and would like to thank-you in advance. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/6/17 Scan Time: 4:45 PM Log File: threat scan log.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2523 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: joy-HP\joy -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 349942 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 17 min, 58 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)

Hi My MWB management server has emailed over a notice about an exploit on a client.. but I can't see particularly what it was unhappy about. The user was trying to use IE to navigate to a URL we use each month.. the user didn't log into the website behind the URL and closed the browser. Could someone tell me what the anti-exploit took exception to? Below is message and attached are the MWB Server log for that client; certain details redacted.. Alert Time: 7/24/2017 12:27:14 PM Server Hostname: SECURITY0 Server Domain/Workgroup: ****************** Server IP: 192.168.100.101 Notification Catalog: Client Description: Exploit threat detected, see details below: 7/24/2017 12:25:09 PM MIR-HR 192.168.100.47 Exploit attempt blocked BLOCK cmorley Internet Explorer C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Attacked application: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE; Parent process name: iexplore.exe; Layer: Application Hardening; API ID: 900; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra: Total count: 1. SecurityLogs - MIR-HR.csv

Dear Malwarebytes, I would like to report a critical issue with MBAE 1.09.2.1384 and Internet Explorer 11 with the latest updates. Internet Explorer 11 will randomly freezes when launched. Please see attached screenshot for reference. Thanks.

So recently I tried to download a file, as stupid as I am, I visited a untrusted website and downloaded a file, that file then keeps opening random tabs with ads in it from internet explorer etc.. I have done every scan possible but they just cant find it! I'm running a 64bit operating system please help me fast!

I keep encountering a crash when I click on google search results in IE 11 on windows 10 14393 and 15063. When I go to click a search result, IE brings up a message saying IE has crashed and is restarting. but a new tab opens but instead of going to the address I clicked the link to, it opens as an internal address about:blank. It does this on most search results, but not all of them. I posted the error events from the event log below. MBAE64.dll is the culprit. I don't know why only google search results seem to be affected. other browsing actions complete successfully. Faulting application name: iexplore.exe, version: 11.0.15063.0, time stamp: 0x7e29c811 Faulting module name: mbae64.dll, version: 1.9.2.211, time stamp: 0x58d2a5ae Exception code: 0xc0000409 Fault offset: 0x000000000003501b Faulting process id: 0x4d4c Faulting application start time: 0x01d2c061c30429c1 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll Report Id: 13b0806b-7a34-43b4-ae25-a4bbd277597c Faulting package full name: Faulting package-relative application ID: - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2017-04-28T20:56:30.159783400Z" /> <EventRecordID>3327</EventRecordID> <Channel>Application</Channel> <Computer>ChrisSolomon-PC</Computer> <Security /> </System> - <EventData> <Data>iexplore.exe</Data> <Data>11.0.15063.0</Data> <Data>7e29c811</Data> <Data>mbae64.dll</Data> <Data>1.9.2.211</Data> <Data>58d2a5ae</Data> <Data>c0000409</Data> <Data>000000000003501b</Data> <Data>4d4c</Data> <Data>01d2c061c30429c1</Data> <Data>C:\Program Files\Internet Explorer\iexplore.exe</Data> <Data>C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll</Data> <Data>13b0806b-7a34-43b4-ae25-a4bbd277597c</Data> <Data /> <Data /> </EventData> </Event> logs.zip Addition.txt FRST.txt MB-CheckResult.txt

MWAB is not honoring whitelisted websites, and continues to block (business critical) java apps from running on those sites. If web protection is completely disabled, sites work fine. Version: 3.0.6.1469 Component Package: 1.0.96 Update Package: 1.0.1666 Windows 10 Enterprise

Hi When Internet Download Manager (IDM) from http://www.internetdownloadmanager.com is installed, and when trying to use "Download with IDM" right click menu item in Internet Explorer 11, your new feature (Application Hardening) blocks VB script in a static html page stored on local drive. Specifically it blocks C:\Program Files (x86)\Internet Download Manager\IEExt.htm and C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm files, and it names this action as blocking an exploit May you please clarify when it became an exploit, and how it can be exploited? How a malefactor can use this exploit on a customer computer? These script files are a part of IDM distribution, and they call ActiveX components, which were installed by IDM installer during IDM installation. It’s not possible for a malefactor to change these VBscript files or ActiveX components without administrative rights. If he has such rights, he will not need to modify or use these scripts and files. Regards, Charles Jones Tonec Inc.