Jump to content

Search the Community

Showing results for tags 'malicious website'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. False Positive app.conectamedia.cl https://map.conectamedia.cl/index.php/clippingNews/view?id=17901178&email=197395&fromemail=1
  2. Hi, I have the free version of Malwarebytes, and at 19:02 today (UK time) I had five incidences of reports of an outbound connection to a compromised site, umekana(dot)ru. I'm really not very good with these things, but obviously this seems cause for concern. I'm scanning my PC (I run Windows 10) with Avast and Malwarebytes as I'm writing this. If anyone could help me figure out what the problem is and how to resolve it, and what threat my computer is under, I would much appreciate it. I imagine further information shall be needed. If so, please do guide me on how to find it and provide it. Likewise, for recommended solutions, I shall need some guidance as to how to go about them. Thanks for reading, Tom
  3. While browsing in Google Chrome I will occasionally encounter a distracting barrage of "Website blocked" popups. The message provides domain & IP information, etc. on the malicious site, but does not indicate which open tab in the browser is responsible. I would prefer to simply avoid sites which embed links to the malicious ones, but at this point I am reduced to a trial-and-error approach--tough when there are 30+ tabs open. Am I missing something? Does Malwarebytes/MBAM (Premium v.3.3.1) provide a way to view this information? If not, would you consider this as a possible feature to be added? Perhaps a function button such as "Identify Malware Source Page" on the popup window?
  4. I was typing in some malicious websites into Google Search (not the URL bar so I wouldn't actually GO to the site) to see if my SiteAdvisor would display an "X" next to the dangerous site, just to test it (I guess there are better ways to do this but I figured this way was safe). I typed it in like I did in the screenshot below. Malwarebytes then showed a notification for that website being blocked, even though I never actually visited it. Will typing a bad URL into Google Search actually harm my computer, or does Malwarebytes just show the notification to warn you not to visit the site or something? I did the same thing with google(dot)com and it didn't go to googles site... [EDIT] I also ran a scan and found nothing; nothing has been quarantined.
  5. Three days ago I started to see popups alerting me of outbound connection attempts being blocked by Malwarebytes. The details of the event showed the following: Domain:"N/A"; IP Address:"255.255.255.255"; Port:"68"; Type:"Outbound Connection"; File: "C:\Windows\System32\svchost.exe". I was stupidly logged in as administrator. I ran a Malwarebytes scan with the following results: -Scan Options-Memory: Enabled; Startup: Enabled; Filesystem: Enabled; Archives: Enabled; Rootkits: Enabled; Heuristics: Enabled; PUP: Detect; PUM: Detect; -Scan Summary- Type: Threat Scan; Result: Completed; Objects Scanned: 460248; Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected). I show nothing deleted, nothing quarantined. But the alerts appear to continue. This was on November 20th, when I observed 12 blocked connection attempts. Two days later I logged in again as an admin and observed 3 more blocked connection attempts. I then created a non-administrative user and logged back in. I haven't seen any more connection attempts, but I suspect that doesn't mean the issue's resolved. Can anyone provide assistance?
  6. Since 9/28/17, I have periodically getting reports that MW has blocked a malicious outgoing website. FRST.txt Addition.txt MWB Rep 11262017_1.txt MWB Rep 11262017_2.txt MWB Rep 11262017_3.txt
  7. I have installed Malwarebytes on windows web server. I can see continuing popup blocking of outgoing request to somain.pw domain. I found that every time IP is same. I don't know what is doing php application. Please let me know if you have any information about that activity. Below is the full log of blocking. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/18/17 Protection Event Time: 9:41 AM Log File: 00049726-b40a-11e7-b805-0e47fd9b6890.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3040 License: Trial -System Information- OS: Windows Server 2008 R2 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: 1afd00e88d3bc2053298e90d6c1a32e3.pw IP Address: 141.8.226.58 Port: [58147] Type: Outbound File: C:\Program Files (x86)\PHP\v5.6\php-cgi.exe (end)
  8. I've been getting Malicious Website outbound message via Malwarebytes. It stops them, but cannot remove the problem. Have updated MB and Norton Internet Security - they acknowledge an issue, but can't resolve it. Any ideas?
  9. I also having same problems. on English version The network driver are OK. No newer driver
  10. Hi all, Same story as everyone else, I suppose: Malware Bytes blocking lots of outbound malicious contacts to suspicious sites, so just trying to remove the source of all that. I've followed the instructions on the forum and run FRST. Logs attached. Any help you can offer is greatly appreciated! I ran all scans, so attached the FRST, Additional, and Shortcuts files. Many thanks! Addition.txt FRST.txt Shortcut.txt
  11. Hi Attached pop-up occuring constantly. IP' is not always the same. Is there something wrong with svchost.exe or ...?
  12. (My appologies for the length, if .) On my laptop (updated from Windows 7 -> Windows 10 about 6 months ago) runs since 3 months Anti-Malware Premium (AM) and Anti-Exploit Premium (AEx) – daily complete scans (I activated rootkit search) without any findings (except for the first day when the rather nasty “Amazon1ButtonApp,” sneakily installed via the Java installer, was detected and removed). AEx is displaying since its installation consistently “Blocked Exploit Attempts: 0.” Once in a while – maybe about 1 time in 2 weeks – does AM not initialise on starting the laptop (= icon does not appear in the bar). When I manually start it, the real-time protection is deactivated. [Screenshot 1]. Alternatively it does initialise on start, but the icon in the bar displays the red exclamation mark and opening the application shows the same result. (AEx instead is always running). Clicking the button in the top right (“Fix Now”/“Jetzt beheben”) to activate the full protection does nothing (means, it’s as if it was an image that I’d click, no message, no visual change at all). I run the same combination (AM + AEx) on my old laptop (which I barely use though) and ecountered the same problem once – however, a few days later on starting the machine everything seemed fine again. (I suspected some problem after an automatic update.) Anyway. What showed to work on my new laptop when the issue appeared was to close the account and change to the Admin account (all others are standard accounts) and click on “Malwarebytes Anti-Malware Notifications” in the start menu – it initialised with realtime protection and when I returned to the standard account: the same (= real-time protection active again). Just 5 days ago it happened again, and I decided to “cut the process short” by closing AM and re-starting it “as Admin” via the context menu. However, I got the message that the “anti rootkit dda driver” was not able to initialise. [Screenshot 2] A second related error message followed (sorry, no screenshot in this case, but basically saying the same). Restart of the laptop and going the described route via Admin account worked again. TWO DAYS AGO (please bare with me, still something new here) – I was using one standard account for various hours where AM’s realtime-protection was active, and then I changed to another standard account (no restart of the laptop) where the protection was suddenly displayed as DEACTIVATED. I decided to close it and start again as Admin via the context menu (with the goal to document the full process via screenshots). To my surprise it worked fine this time, HOWEVER: while AM ran a full-scan I used the time to serve in Firefox only to suddenly receive (never before seen) messages from AM that it’s blocking a malicious domain that Firefox tried to contact [Screenshot 3]. (I was visiting an absolutely unsuspicious website, and indeed checking different websites still resulted in that warnings). Besides these messages, the full scan by AM resulted in no detection of malware. Now I just remember that a day before Firefox had also thrown an error message that a security update failed and it didn’t succeeded in contacting the server. After a restart of my laptop with an again successfully initialised AM, no messages about malicious websites show up during surfing (in the same account on the same browser, also checked with the same URLs). This underpinned the suspicion that is displayed in my thread’s title. 2 QUESTIONS ON FARBAR (Recovery Scan Tool) 1.) I downloaded the 64bit version directly from the Bleepingcomputer URL. On starting it I received a warning from Windows that the publisher isn’t verified, when continuing the mentioned disclaimer didn’t appear. May any of that be an indication that the software was compromised on the machine? 2.) Should FRST be started in the admin role? Many thanks in advance!
  13. Hi, all, I opened Chrome today and Malwarebytes notified me that it blocked an outboud Malicious Website Protection, Domain, to docs.ironbeast.io I've never heard of this website/service and it only happens when I use Chrome. It just started about a few hours ago after booting my computer. I've tried many things to fix this and the problem only occurs with Chrome. Here's what I've done: Uninstalled Chrome Ran scans with Malwarebytes (treat detections as malware and with rootkits) and my AV protection Ran and used Rkill (?), Adwcleaner, and JRT following another post on weird outbound Chrome Set my DNS to Google (yet another post from a different article on here) AV and Malwarebytes did not detect any infections and the Adw cleaner, etc., removed some old registry values that were not associated with Chrome. After all this, I reinstalled Chrome and went to a website and the same message appeared docs.ironbeast.io was blocked. I've attached the Malwarebytes log file. Researching around, it seems the outbound IPs associated with this are through Amazon..http://www.techsupportforum.com/forums/f320/malware-suspicious-site-1054890.html -- the IPs in the log are apparently associated with Amazon. Any thoughts or solutions? Is this unsafe? Not a computer expert, but I won't use Chrome for now. log.txt
  14. I am getting persistent attacks from a website and need help stopping this. I do have Malwarebytes, the paid version. Addition.txt FRST.txt
  15. The program has been continuously giving warnings about a website (f.asdfzxcv1312.com). Do I need to do something? The message is that a malicous outboud website has been blocked. Thanks! Log.txt
  16. Hi there, I have had some issues in the last couple of days with DNS unblocker. After reading some guides on how to remove it, I have been unsuccessful. Though it does not show up in my program list or as a Firefox addon. I have however managed to get Malwarebytes Premium installed and now it prevents those annoying links, but does come up with a warning in the bottom right, every minute or two saying: Blocked outgoing Malicious Website Domain: m55.dnsqa.me IP: 82.163.143.92 Port: 65504 Type: Outbound Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe I have found that typically the same alert comes up each time, with a different port number. (e.g. 59515 & 58170) I downloaded and ran the Farbar recovery Scan Tool and my logs are attached. Any help in resolving this issue would be greatly appreciated! Kind Regards, Fearqq Addition.txt FRST.txt
  17. Hi all, I run a web server with a number of sites hosted on it. I have recently installed MalwareBytes and it keeps logging a number of ip addresses of malicious websites attempting to connect to my server. Although I believe that MalwareBytes is stopping such connections from doing any harm, I have, nevertheless, added the IP address's range to a blocking inbound rule on the web server's native firewall (Windows Server 2012). Despite this, MB keeps bringing up alerts of access attempts from the same IP addresses. Isn't the firewall supposed to block the connection before it even gets to the point where it is detected by MB? The firewall's rules appear to be working because when I added a friend's IP address to a rule, she could not access any of the sites on the server until I removed her IP again. Thank you
  18. Hi all, I run a web server with a number of sites hosted on it. I have recently installed MalwareBytes and it keeps logging a number of ip addresses of malicious websites attempting to connect to my server. Although I believe that MalwareBytes is stopping such connections from doing any harm, I have, nevertheless, added the IP address's range to a blocking inbound rule on the web server's native firewall (Windows Server 2012). Despite this, MB keeps bringing up alerts of access attempts from the same IP addresses. Isn't the firewall supposed to block the connection before it even gets to the point where it is detected by MB? The firewall's rules appear to be working because when I added a friend's IP address to a rule, she could not access any of the sites on the server until I removed her IP again. Thank you
  19. Hi, I keep getting pop ups from Malwarebytes telling me that it had blocked an outgoing threat from a malicious website. It has been happening for a week. My FRST & Addition logs are attached, as well as my Malwarebytes daily protection log for 10-12-15... Thank you, Marie Addition.txt FRST.txt 10-12-15 daily protection log.txt
  20. Hi, I upgraded to the newest version of Malwarebytes when the program prompted me to, about 2 weeks ago I beleive. Either way since then I notice that whatever websites are blocked are blocked permanently OR until I turn off Malicious Website Blocking (webproxy). For example, I got to website a.b.com and it is blocked. I add a.b.com to the web exclusions list, which should take effect immediaetly, without any restarting of the program or anything, and then go to a.b.com once more and it is still blocked. I use firefox, so I go and delete all the web cache and temporary files from firefox AND close the program, ending task on webprxy.exe within Task Manager. Then I restart Malwarebytes and firefox. I try a.b.com once more and it is still block. I check the exclusiosn and yes a.b.com is STILL in the exclusions list. OK, so I turn of web exclusions, a.b.com now loads with njot troubles. Gettng frustrated I do all the above steps again except I do not restart malware bytes or firefox...instead I reboot my system letting windows startup do what it does with malwarebytes. When I load up Firefox and go to a.b.com it is still blocked. I turn off Malicous Website Protection and the site loads with no issues, I turn on Malicious Website Protection, check the exclusiosn and a.b.com is still in the exclusiosn list but the website is blocked, and around and around and around I go. Whats the point of putting this in your program when it is clearly non-functional on some systems? So, for now I cannot use this fucntion of Malwarebytes-I like this function but it HAS to have a working exclusions list. I have not experimented much but I have the folliwngin system: Windows 10-all updates applied Vipre Anit-virus Firefox using noscript and adblock (a.b.com has been allowed full script functionality within noscript and in fact the symptoms only occur when Malicous Website Protection is enabled within Malwarebytes) And to make matters worse, Malwarebtes now shows a BIG RED EXCLAMATTION mark on it and Windows Security Center reporst and issue with Malwarebytes. OK, now before some gung ho youngster starts yelling VIRUS,VIRUS,VIRUS-uuummm no. I have more than 30 yeras experience protecting from and getting rid of malware and virii. This system is clean, period-other than the windows 10 virus currently infecting it there is NO virus or malware on this sytem. BUT, jst cause, I also scanned the system with two online virus/malware scanners and a third offline scanner from within a linux Live USB...AND if that doesn't seem like enough well, I loaded my harddrive into my USB external toastter and hooked it up to my laptop whihc is running windows 7/Linux Mint(dual boot) and use BOTH of thsoe operating syustems to scan the hard drive while it was mounted but not the system disk So, WHEN can I expect the Malicious Websiute blocking exclusions list to work proerly? Thank You, John
  21. Having had weird problems with intermittent failure to collect email on my Windows 7 (64 bit) PC from one of my POP3 accounts for quite a while I was delighted to discover today that the cure was to disable 'Malicious Website Protection' in MalwareBytes Anti Malware 2.1.8.1057. When the problem is present even DNS lookup on the server fails with a timeout. I think the problem might be triggered by the unsually large result of a DNS lookup for the domain name in question and/or by the fact that my DNS server returns IPv6 results as well as IPv4 results. Here is the result of nslookup when it is working right: C:\>C:\>nslookup outlook.office365.comServer: dd-wrtAddress: 192.168.11.1 Non-authoritative answer:Name: outlook-emeawest.office365.comAddresses: 2a01:111:f400:8800::2 2a01:111:f400:8829::2 2a01:111:f400:9850::2 2a01:111:f400:5096::2 2a01:111:f400:8028::2 2a01:111:f400:5174::2 2a01:111:f400:9428::2 2a01:111:f400:503c::2 132.245.194.242 132.245.196.34 132.245.212.98 132.245.27.34 132.245.228.2 132.245.229.130 132.245.226.34 132.245.195.162Aliases: outlook.office365.com lb.geo.office365.com outlook.office365.com.g.office365.com C:\> My router at 192.168.11.1 is set to use OpenDNS at 208.67.222.222 and 208.67.220.220.
  22. I have been working to rid my computer of malware. I have been able to get to a good spot with a lot of help from other posts. But I still get the occasional malicious website blocked popup. I was hoping you could help me completely remove any malware on my comp. I've attached the files from Farbar Recovery Tool. I recently went through the steps found in this post and it helped remove the constant popup, to now just the occasional. Hope that helps. Thanks in advanced!
  23. Dear all, I read in other posts that other people are also having this problem. I went on and downloaded all recommended software, did all the scans and now you can find the logs attached. I ran a scan today with MB (database v2014.12.08.01) but it didn't find anything, and somehow I can't find the scan log inside the program. I also have HitmanPro, and it detected the file and quarantined it once, but it keeps popping up as malicious website blocked on MB. Attached the logs. Thank you for your time and help! Addition.txt AdwCleanerR0.txt FRST.txt HitmanPro.txt MB Daily Protection.txt TDSSKiller.txt
  24. Dear all, I read in other posts that other people are also having this problem. I went on and downloaded all recommended software, did all the scans and now you can find the logs attached. I ran a scan today with MB (database v2014.12.08.01) but it didn't find anything, and somehow I can't find the scan log inside the program. Thank you for your time and help! Addition.txt AdwCleanerR0.txt FRST.txt MB Daily Protection.txt TDSSKiller.txt
  25. I have a malware called nra.lilychinolcom that Malwarebytes show a popup that the site has been blocked. However when I run a scan the malware is not found. The malware only to work when using either Firfox or Internet Explorer. The malware keeps redirecting me to other sites wanting fix my computer. Can you help me with this problem.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.