Jump to content

Search the Community

Showing results for tags 'trojan'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 120 results

  1. I was downloading arma3 off steam when i got this alert that outbound connection to 157.185.146.129 was stopped because it was malicious. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/27/20 Protection Event Time: 8:12 PM Log File: e040960e-7088-11ea-bbe9-d89ef39c01cc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.854 Update Package Version: 1.0.21476 License: Premium -System Information- OS: Windows 10 (Build 17763.1098) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Steam\steam.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: steam.naeu.qtlglb.com.cdn20.com IP Address: 157.185.146.129 Port: 80 Type: Outbound File: C:\Program Files (x86)\Steam\steam.exe
  2. hello, this is the alert of malwerbytes, what can i do to deleat this problem? alert2.txt
  3. Hi, the title says it all, i have ran several full system scans with rootkit detection installed and have found nothing atall. i have also just 100% wiped my whole PC and the problem still occurs. i cant figure out what program it is because as soon as i start up task manager it goes away almost instantly.
  4. MWerth

    Tuxboot

    Dear MB Staff and Community: Thank you so much for all of your hard work on MB software. I really appreciate my MB premium subscription for my family and business. Can you please tell me if Tuxboot for installing Clonezilla is safe to use? MB is blocking it from installing on my USB drive so that I can clone my hard drive for recovery and transferring to a new drive. Here's the error in MB: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/18/20 Protection Event Time: 10:35 AM Log File: a993106a-6925-11ea-ba50-c81f661e41ca.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.848 Update Package Version: 1.0.20946 License: Premium -System Information- OS: Windows 10 (Build 18362.720) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Users\Michael Lee\Downloads\tuxboot-0.8.2.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: free.nchc.org.tw IP Address: 140.110.240.80 Port: 80 Type: Outbound File: C:\Users\Michael Lee\Downloads\tuxboot-0.8.2.exe (end) Can you please let me know if Tuxboot and Clonezilla are safe? If they are safe, how do I set up MB to allow Tuxboot to create my bootable USB Drive? I got a recommendation for Clonezilla from this website: https://www.ubackup.com/articles/clonezilla-windows-10-0708.html Thank you so much and have a great day. Sincerely, Michael Werth
  5. Hello, recently I downloaded a game by torrent with its updates, I passed the Nod program to verify that they had no virus, leaving the analysis clean, but with Malwarebytes I detected malware in the installer of an update, look for the same multi-sided installer and everyone gives the same analysis with the program, reviewing videos on and I could see that the installer works likewise in forums, but I would still like to doubt whether it is a virus or a false positive; I attach the history of detection of the program, the archive and the analysis in virustotal. Thanks in advance for the answer. Virustotal : https://www.virustotal.com/gui/file/5bc6fdab315d943e2d91be577b3af1093bc298516932e4a534eafb53cef781c7/detection Setup.rar 123.txt
  6. Hi. A few minutes ago I got a notification that malwarebytes had blocked svchost.exe trying to access a foreign website. My guess is that's not supposed to happen. This is the first time I have gotten that notification. I have tried a threat scan but it is not detecting svchost.exe as malware of a trojan or anything the like. I have included the .txt of the report. Thanks in advance malwareb.txt
  7. Ok, so I feel like I'm going insane. Like every third click on Chrome either gives me a Pop-up ( Usually something pornographic) or an add. When googling something, I receive a dozen of ads and sites which appear above what Im searching for. This is what I've tried to do thus far: *Run Adwcleaner *Run Malwarebytes ( And malwarebytes pro) *Run Spybot, and two others I dont remember the name of atm. *Boot in safe mode and repeat all of the above. *Went into Programs and Features to see if there were any programs I don't remember installing. *Checking google chrome extensions and afterwards reinstalling it. *I've tried disabling Pop-ups in Google Chrome settings, and got myself an extension called uBlock which is supposed to block pop ups. Feel like I've tried everything at this point. Please help!
  8. Hello Everyone. I'm hacked with multiple hacking ways. A Malware infected to my Laptop with both svchost.exe and explorer.exe infection. I have deleted this for tenth times but its still downloading or creating itself. It was a hack tool for Point Blank (Its a online fps game). I downloaded it from www.sepok-cit.com . This site has too many good reviews and i believed them. Already I Tried a few ways to delte this sh*t from my computer but none of them worked. I TRIED: 1) Deleting its files (hidden files named as spoolsvc.exe , svchost.exe and explorer.exe) 2) Deleting it via regedit (from HKEY_LOCAL_MACHINE's windows and windows NT folders) 3) Killing it with RogueKiller 4) Deleting this with MalwareBytes 5) Deleting it with Kaspersky 6) Deleting it with Avast But none of them worked. I Tried also disabling Windows Update from services.msc . Its deleted in each steps i wrote but its reinstalling (or recreating idk what it does) itself everytime i reboot my laptop and SHOWING IN TASK MANAGER WHEN I LAUNCH POINT BLANK (game that i want to hack). POINT BLANK LAUNCHER is TRIGGER of it. Its origin location is Windows/Resources and Windows/Resources/Windows. PLEASE HELP ME. IM LOSING MY MIND!!!
  9. Hello. This file is getting reported by MalwareBytes as a virus, and the results of VirusTotal as well, but, people don't seem to mind it on forums, is it really a trojan or it's inoffensive? Normally cracks don't do this much suspicious activity. So i'm really on the fence if i'm being fooled or people really don't care. (https://www.virustotal.com/gui/file/2843bc660722205fb5aaedf41b73a3243f1c0880b90eba576e7b9ad54c06c437/detection) I can't tell, so, please, if someone could help me i would be grateful for it. OS Is W10 64 bits. BaldrSky.7z
  10. I have spent the last several days attempting to remove a virus (actually many viruses) from my father's work computer. Somehow while trying to do so I ended up getting the nasty one on my school laptop as well. The symptoms initially began with our networking drivers being disabled, so we could not connect to our wifi. When we would click on the taskbar icon to reconnect it would show we did not even have hardware to connect to wifi. My dad was a multi-device license for malware bytes, but I can not detect any of the known issues on either of our devices. I have an older version of the Bitdefender Rescue CD and ran that. It found several viruses and was able to remove all but one threat on on both of our devices: Gen.Trojan.Heur.FU.gu2@ayKPMkoi I believe this one downloaded the other malware we were able to remove, however I can not find a way to remove this particular virus. How may I clean both of our devices? It is worth noting Malwarebytes premium could not detect any threats in safe-mode either.
  11. Hey Malwarebytes team/forum. Recently I've been receiving notifications from Malwarebytes saying that it has blocked an inbound connection. Great! that means it's doing it's job. Or at least until yesterday when i took an extra moment to see what exactly it was blocking. Upon inspection of the notifications i saw several from the steam gaming platform, and one from Nvidia container. yesterday i tried looking into this blocked connection that was using Nvidia and tried posting to the forum only to be blocked by the forum's spam filter, oh well. so i took it into my own hands and uninstalled Geforce Experience and manually removed the folder containing the Nvidia container inside the Nvidia corporation folder just to be safe since i don't use the features provided by Geforce Experience aside from the FPS overlay, then called it a day. That is until just now when i got another block this time in regards to another inbound connection this time using the program Spotify. now i'm familiar with both steam, nvidia, and spotify as one is my game client, one is my graphics card, and another is my music program. What concerns me is that the inbound connections are not associated with any site or host-name, only IP address. so i googled the IP address and a few results came back with china (minus one from a data center in Canada). each notification lists the program behind these inbound connections and the files location, all back to the actual programs .exe's. Bummer i was hoping for an easy uninstall of some fake programs. so after some digging i found that this time (the block using Spotify) the file location was located inside "WindowsApp" folder (which is permission blocked by "trustedInstaller" a default outdated windows process[from my understanding]). This concerns me even more and i really don't want to try gaining access only to accidentally break something. So now convinced that i in fact do have a Trojan and it is attempting to receive network communication via legitimate applications i have come to this forum in search of more professional help. Once the malwarebytes scan is finished i will attach the result of the malwarebytes scan, the Adware cleaner scan, the Frst.txt / Addition.txt, and the Notifications (in .txt) from malwarebytes. Then i wil submit this post and hope that the weirdness yesterday with the forums spam filter is done. FRST.txt Addition.txt AdwCleaner[S24].txt scan export.txt notifcation.txt notifcation(1).txt notifcation(2).txt notifcation(3).txt notifcation(4).txt notifcation(5).txt notifcation(6).txt
  12. Hello, I ran a scan and Malwarebytes detected 9 threats at the begining. Then I clicked the Quarantine button and it said that 4 of these threats were ignored and the other 5 were quarantined. What sould I do next? Is this a bad virus? Here is the final report: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/17/20 Scan Time: 11:02 AM Log File: 17a468f4-3908-11ea-9c72-d017c2b7fe43.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.793 Update Package Version: 1.0.17836 License: Free -System Information- OS: Windows 10 (Build 18362.535) CPU: x64 File System: NTFS User: DESKTOP-J6OJK9Q\\u00ce\u0094\u00ce\u00ae\u00ce\u00bc\u00ce\u00b7\u00cf\u0084\u00cf\u0081\u00ce\u00b1 -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 279296 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 6 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 3 Trojan.Agent.CK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{99BAFBB3-56F5-4DB6-ABE0-F09C6B6967E2}, Quarantined, 3879, 400549, 1.0.17836, , ame, Trojan.Agent.CK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OInstall, Quarantined, 3879, 400551, , , , Trojan.Agent.CK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{99BAFBB3-56F5-4DB6-ABE0-F09C6B6967E2}, Quarantined, 3879, 400551, , , , Registry Value: 1 Trojan.Agent.CK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{99BAFBB3-56F5-4DB6-ABE0-F09C6B6967E2}|PATH, Quarantined, 3879, 400549, 1.0.17836, , ame, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.Agent.CK, C:\WINDOWS\SYSTEM32\TASKS\OINSTALL, Quarantined, 3879, 400551, 1.0.17836, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  13. MalBytes keeps giving me multiple "inbound" and "outbound" trojan notices usually in "bursts" only minutes apart. Two of the most recent: -------------------------------------------------------------------------------------------------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/3/20 Protection Event Time: 12:24 PM Log File: 514d7710-2e56-11ea-8896-000272c7c0d0.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.785 Update Package Version: 1.0.17183 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 176.113.161.71 Port: 49161 Type: Outbound File: C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (end) -------------------------------------------------------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/3/20 Protection Event Time: 12:20 PM Log File: c88c3dd1-2e55-11ea-8ea3-000272c7c0d0.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.785 Update Package Version: 1.0.17183 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 176.113.161.91 Port: 49161 Type: Inbound File: C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (end) ----------------------------------------------------------------------- I have quite a lot more if needed.
  14. Hi, my laptop ran into a problem earlier today where it turned off by itself and was not turning back on for a couple of minutes. When I finally turned it back on I clicked the start menu and pressed the power button and it displayed that "there are no power options available". I also noticed that I could not access task manager and a error would pop up saying "task manager has been disabled by your administrator". I watched some youtube videos and fixed the power options problem but I had to download malwarebytes to fix the task manager problem. I ran a scan and it quarantined PUM.Optional.DisableTaskMgr. Now my problem is that when I visit most sites I keep getting a notification that a website was blocked due to trojan. The event is RTP Detection, event details is Trojan, action is blocked website, and location is 5.2.79.140 (See attached images). This occurred over 15 times in the past hour and I do not know how to solve it. I wrote the first paragraph because I am not sure if it had any relation or impact to the problem I am having now.
  15. I just built my new PC a few days ago and i went out of my way to buy all new components except my GPU which is second-hand. I scanned my system with malwarebytes and got a lot of adware and two Trojan bitcoin miners that are located in my registry. My problem is that after every scan i get the same malware so it seems that quarantine doesn't help. I tried locating them manually with RegEdit but i cant find anything. I watched a lot of videos on my issue and all of them suggest using Task manager and MSconfig (for startups) but there is nothing out of the ordinary. If anybody can help i i would be really grateful. Thanks in advance! -Strahinja I have provided pictures of my search history.
  16. Hi. My Microsoft Security Essentials Scan found Occamy.B this morning! I used Security Essentials' delete function to remove it but I'm worried the virus is still kicking around my drive. I did some malwarebytes scans after that but they didn't catch anything. I noticed a few posts here where the experts suggested using Farbar Recovery Scan Tool to create a log. So that's what I did. Here's that along with the Addition.txt file from the scan. Any assistance would be greatly appreciated! FRST.txt Addition.txt
  17. Windows 10 user on a Dell laptop I'm not sure what infections I'm into. I certainly have a trojan by the name Win32: Apanas (I also saw the name rootkit in a few infections) that has affected multiple files mostly of.exe throughout my system. The alerts of infections are never ending. I'm using Avast Antivirus. I downloaded and ran a scan of Malwarebytes which gave me a report that I'm attaching below. Can anyone please help me through this? log.txt
  18. Hi, Good day to all. Four days ago, my pc windows defender/windows security was detected Trojan:PowerShell/PsInjection.A as severe threat, example as below: I have scanned through Malwarebytes, but no virus detected. Report as follows: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/10/19 Scan Time: 12:52 PM Log File: d37b26f4-eb19-11e9-a05d-98eecb7ba763.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.627 Update Package Version: 1.0.12833 License: Free -System Information- OS: Windows 10 (Build 18362.418) CPU: x64 File System: NTFS User: DESKTOP-7ICM204\User -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 404571 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 2 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As I have read from the forum, I have downloaded FRST64 and scanned, the FRST.txt and Addition.txt are attached as follows: Addition.txtFRST.txt Hope that anyone can help on this matter. Thanks in advance! Best Regards, SHT
  19. Aww man, i got a trojan. Trojan:Win32/Azden.A!cl Windows defender says it is severe, and it says it may not be fully removed, even though ive deleted the file. I've tried a malwarebytes scan, but it says im all protected. I want to be 100% sure i dont have it. its in C:/Users/(my name)/downloads and then after that, the infected files are there, windows defender says, even though ive already deleted it and it doesn't appear.
  20. Help Please i cant get rid of this Trojan:Win32/CoinMiner I have tried Malwarebytes installed it tried to run it and as Admin as well but it kept saying not able to connect to server I tried the work around by renaming and all the other ones still it will not work any help would be great to get rid of this Trojan:Win32/CoinMiner Kind Regards Primaxuk
  21. Hi, The attached image is the popup I get whenever I open a new tab on chrome. The IP and port change every time, but the domain stays the same. Occasionally it also pops up whenever I click something or just randomly. It has labeled chrome.exe as the file of interest. Running a threat scan reveals PUPs that are in C:\Users\....\AppData\Local\Google\Chrome\User Data\Default and other paths within chrome. When I quarantine them, it shuts off chrome. How do I get rid of this?
  22. Seems like I have the same issue as topic - 231920-trojanwin32fuerybcl Malware bytes does not detect the virus\trojan, and every time I delete it from registry, startup menu and romaing directory it keeps coming back. It creates files in romaing directory - different names, different dlls, the different exe files are always signed microsoft files. I want to try the solution you suggested in the topic above - but from where can I get the relevant fix list? Thanks, AyaFRST.txtAddition.txt
  23. Please, tell me how to get the Malwarebytes log because i don't know, i get into the folder in program data and i don't see any log file showing what my actual problem is. Malwarebytes keeps spamming this everytime i have deluge on: An IP is being classified as a trojan and i don't know what is causing this because in Deluge i have no active torrents nor any activity of downloading. So what is the problem?
  24. Hi Chris and Maurice! As you may have noticed I am in fact not the original post-er (Chris), but I have a similar if not exact same problem I've got Malwarebytes blocking saltjs.01bd.ru and it seems to have attached itself to Chrome and a gaming program I use called "Parsec" It also appears that I've got something called Mail.ru, I'm not sure if this thing is related but I have tried multiple times to remove it with Malwarebytes As you may have sees, and as I have mentioned before, I believe this is a very similar problem to Chris's, therefor I followed the steps you (Maurice) have posted, so here is the attached log file. -Dezza mbst-grab-results.zip
  25. I used MalwareBytes to remove the viruses that windows defender couldn't for some reason but the website blocked is still popping up.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.