Jump to content

Search the Community

Showing results for tags 'trojan'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. recently i have been infected by a trojan, occamy.AA to be specific, mcafee caught some of it but i still have some adware and some PUPs on my laptop somewhere and some fake popups. ive scanned with malwarebytes, hitmanpro, mcafee, and tried using adwcleaner but nothing is coming up. Help? i have a dell inspirion 15 5000, am on Version 10.0.19043 Build 19043, windows 10, and have had this problem for about a week and a half.
  2. I downloaded a vst plugin from the following page https://plugins4free.com/plugin/3305/ Plugins4free has been mostly reliable and the download didn't trigger my browser guard, but when I scanned the zip file in MWB premium it was flagged as Malware.Heuristic.1003 and quarantined, which is apparently a rootkit detection, but also has a lot of false positives. I'd upload the logs but I disconnected my computer from the internet fairly quickly afterwards and don't really want to connect other devices to it right now. I scanned my desktop and nothing came up but I'm not sure it if might have installed itself on my PC or altered my security, as even though it was detectef by a scan it wasn't initially when downloaded. What should I do? My stuff is already backed up but I'd rather not wipe my OS if its a false alarm.
  3. Okay, so it's been 3 days since I got ransomware in my pc, and I actually don't have any hope if I can decrypt my files as I have already tried emisoft decryption tool. But for now I only want my pc to be trojan and infection free, it's okay if I don't get my files back I just want my pc to stay perfect as it was earlier. So, the thing is I used malwarebytes, it detects trojan, I delete them but that folder in program files named as suwo keep reappearing with trojan in it's files. What should I do please guide and help me or do I have to reinstall windows removing every single data??
  4. Yesterday, I accidentally clicked on a suspicious link in a Reddit comment. The link was along the lines of "kalika.plus/best," and forwarded me to a subreddit that had been banned for eight years with some other suspicious links in the post. I immediately exited out and ran a scan with MalwareBytes, which found nothing. Today I ran a full scan with Windows Defender, which detected a "TrojanDropper:PowerShell/Cobacis.B" file. I chose to remove it and scanned again; this time, it detected a Exploit:SWF/CVE-2015-5122 and Exploit:SWF/CVE-2014-0515. However, these files were in a Kali Linux iso that I had; Windows defender is currently removing them. I was wondering what other action I should take to protect my computer from malware and ransomware, and make sure the threat is gone. I'm not sure where the original TrojanDropper file was located, as I didn't check in WD and just clicked "remove."
  5. Hi, I have received a few reports of Trojans on my computer (See report below), I think linked to Microsoft Outlook. Is this a virus on my computer or is it something I am doing. Is it something I need to worry about and get rid of? Many thanks. Paul Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 14/04/2021 Protection Event Time: 16:26 Log File: cb067d28-9d35-11eb-8248-7085c2f36b61.json -Software Information- Version: Components Version: 1.0.1249 Update Package Version: 1.0.39401 Licence: Premium -System Information- OS: Windows 10 (Build 19042.867) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: advicesinhealth.com IP Address: Port: 80 Type: Outbound File: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe (end)
  6. So I started a scan with Malwarebytes to my computer and I found a trojan virus called Cloudnet from Epicnet Inc. I dont really remember what kind of programs that I installed so I get such virus, but when look up to this forum right here: How to remove cloudnet epicnet virus that keeps returning - Resolved Malware Removal Logs - Malwarebytes Forums I find that I've also installed Smadav program that could be a problem in that forum, so what do I have to do? Should I just straight in uninstall the Smadav or what? Every help would be appreciated, thank you! I've also attached malwarebytes log and farbar recovery tool. Addition.txtFRST.txt malwarebytes log.txt
  7. I don't know what happened to my laptop. there is one extension in browser that keeps coming back even after removing with full scanning my laptop with malwarebytes premium. So, I did a complete scan of my laptop. the result is in the scan log.txt file. i cleaned up all the viruses but even after removing all of them, there is this one folder in program data folder which is named KMMXW and this is hidden by default and it comes again after removing it . the main folder name remains the same as KMMXW but the subfolders and files name changes every time after i remove them. browser log new.txt is file containing info about that folder only. which is only left on my laptop. It keeps track of my browsing and all the things i do. please help me out in this. I don't even want to log in into any account on my laptop because of this. help! help! Extension name is Uhelpshow. and obviously there is nothing about this extension on the internet. fyi - scan log.txt shows no action by the user. but after this i did the complete scan again and removed all of them and forgot to save the log. scan log.txt browser log new.txt
  8. After every scan I find new pups and when I connect back to the internet, the malware comes back again. I've tried adwcleaner and rootkit remover too. It's just leaving. Please help. Short of a breakdown.
  9. Hi guys I have a new Malwarebytes message continually popping up starting today the 25th. Message relates to blocking modelwork.org as a trojan see below This occurs when I begin to type anything into the search box in the Google Chrome browser on my Windows 10 laptop? Can anyone advise what this is about please and what I need to do? Should I be worried? Have run MBAM scan and Defender scan of program files(x86) as well as Defender offline scan with nothing reported? Thanking you in anticipation AussieWayne Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 25/05/2021 Protection Event Time: 11:48 Log File: 503181c0-bcfb-11eb-81c1-70f3955f6860.json -Software Information- Version: Components Version: 1.0.1292 Update Package Version: 1.0.40868 Licence: Premium -System Information- OS: Windows 10 (Build 19041.985) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: modelwork.org IP Address: Port: 443 Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
  10. Hi there! For about two, maybe three, weeks? I've been having an issue with Malwarebytes flagging random things at outbound trojans. When I scan, neither application is finding anything. (The only thing ADW flags is the default pre-installed HP programmes and Claro Reader which is an accessibility software I use, but I've never had a reason to uninstall those.) It possibly started when I downloaded Valheim from Steam, or that may have been the first time I actively noticed it. To summarise: Every time I open the Valheim, Malwarebytes immediately flags it as an outbound trojan. Then it started to do it with Clip Studio Paint, the art software I use for work, when I opened up the in-app store. Flagging it as an outbound trojan. (This stopped once I updated CSP to the newest version.) Today, it's now doing it with Discord, and refusing to let me update discord because it's being flagged as an outbound trojan. I've done a Windows update, which made no difference. I've also updated both Malwarebytes, and ADW Cleaner. It should be noted that when I've run these scans, they were in Normal mode, still connected to the internet. I can't seem to work out what the problem is, and I can't find anyone with a similar problem when I google this issue. But this is becoming a problem as I need Discord for working from home, and being unable to access this is not good, very bad, please help. I've downloaded the Malwarebytes Support Tool and attached the log to this post, cause that's what I've seen asked for on other posts? mbst-grab-results.zip
  11. Hi, I started using ExitLag to connect games to the internet due to severe lag. However, whenever I start up ExitLag, I get the IP address blocked due to either malware or trojan. Is this a false positive or should I make sure this address is always blocked? Thanks for any information.
  12. RDPWrapper was installed on my PC by an illegitimate Signal .msi I cannot get rid of it, MB finds it , I delete it, and sooner than not it reappears, even after I delete the folder from program files. I'm on a Surfacebook 2 and am tempted to just wipe and reset the whole thing. Any help
  13. On Windows 10 PC, getting repeated popups saying "website blocked due to Trojan". I've no doubt that Malwarebytes is keeping my machine safe, but the popups are occurring every 10 seconds and are impossible to ignore. I've run a Malware scan and nothing was found. Rebooting made no difference. How do I stop them? Do I need to clear a cache or something like that? The relevant information would appear to be: -Software Information- Version: Components Version: 1.0.1217 Update Package Version: 1.0.39012 Licence: Premium -System Information- OS: Windows 10 (Build 19041.867) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: cs9.wac.phicdn.net IP Address: Port: 80 Type: Outbound File: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
  14. Good morning everyone, This is my first post here and the truth is that I am very concerned about an APK that has been downloaded without asking and consent from a web page, to my mobile I will explain myself. I was browsing the internet and the website I was on had pop-up windows that I obviously constantly remove. One of them seemed harmless to me, but when it pop-up again for the second time, Chrome asked me if I wanted to download it again. I got very worried, download something again? I have not downloaded anything and also in the download directory there wasnt anything. As I was already afraid of the worst, I began to do tests with that page that managed to download an APK on my mobile without permission, I discovered that it was downloaded without requesting it and that it erased itself or disappeared in a minute. I want to make it clear that I didnt install the APK, but the fact that it disappeared / deleted by itself made me worry a lot. I supposed that the system itself could be the one that was deleting it but I downloaded another different and legitimate APK(I didn't installed) and it was not deleted. Therefore, there are only two options left, the apk is activated by itself without touching anything or the system detected that the apk was malicious and deleted it. My mobile is a redmi note 9 pro, it was not rooted, it was new one, to avoid problems I have decided to do a factory reset, but I am still worried about whether the virus is still there. I also analyzed the APK with virustotal, here I leave the analysis https://www.virustotal.com/gui/file/2778fb84d1db7bb27792cf3588090c76c0f8007cdcd89af3e00dd23deaed52b4/detection I used antivirus before the factory reset like avast, avg and malwarebytes, but it didnt find anything wrong. I insist that I didnt install the APK, is my phone in danger? the factory reset is enough? Should I flash it to avoid the problem as much as possible? The thing that realy bugs me is that the apk dissapeared after the auto download. Thank you very much for your attention and your answers And sorry for my bad english
  15. As the title says MalwareBytes detected GTA5.EXE as a trojan.Im confused by this because i validated the game files and it says its a legtimate game on steam AND i ran a full scan and no threats were found.one thing that confused me was that the action was classified as "Blocked website" when its clearly the application files thats the potential problem here.What scares me the most about this is that after the "website" was blocked i got a bsod after called Kernel security check error,Now i dont know much about computers but im sure that Malwarebytes probably didnt cause it.To anyone who sees this thread please help as i dont know wether it actually blocked a dangerous website or not. P.S:the "Website" had no domain either and it seems it was connected somewhere in new york/new jersey where i live.
  16. I rented a new VPS on 3/8 and had to add the IP address ( to my ignore list just to login an start migrating websites to it. Today learned that anyone trying to visit any site at that IP address is still getting blocked by Malwarebytes and receiving a trojan warning. When I logged into it via Windows Remote Desktop the first time I could tell it was a fresh installation of Windows Server 2019 DC, so obviously the trojan warning must be due to the last customer using that IP hosting a trojan. How do I get my IP removed from the Malwarebytes blacklist? Also, whenever I try to post on this forum and my NordVPN is active my post gets rejected as spam. Please fix that as well.
  17. Hallo, im sorry to be the 100th person with this problem but it seems to me that every pc has a different silution. Sorry for my english its hard to typ. I've seen multiple forums with this problem but in the last forum i read that if you do the same thing with your pc as the person with the problem you could damage your pc. So what do i need to do? I'll provide you guys with everything you need. I've made a scan with Malware, and i've made sure the Scan for Rootkits and Scan within Archives are both on. Malware log.txt Then i downloaded ADWcleaner and here are the results of that: AdwCleaner[S01] log.txt -Then here are the results of the FRST scan:FRST.txtAddition.txt I hope thats everything you need? i've also downloaded Sophos Free Virus Removal Tool already i case i need to do a scan with it. Thank you in advance. Kind regards, Chris Malware log.txt
  18. Hello all! i need your help please! i brought it to myself, i downloaded a program from a site i didn't know, and it was a malware once downloaded and extracted windows defender detected trojan Win32 Yamacco.AA2B as show in the picture (1) and the problem is i clicked "allow" by mistake then the other one picture(2) trojan win32 Tilevn.A got dettected, i don't remember what i did there since as you see windows says restored or removed from quarantine! then i deleted that program i downloaded, i tried runing it but it was blocked and it said that it contain a virus, so it wasn't instaled i instaled malwarebytes, and started runnign a scan with it and with windows defender too, then defender detected the last one as shown in picture (3) trojan:html/phish!msr got detected and got blocked i clicked "remove" and went to the directory of the files infected it showed, and deleted them! so it was deleted but of course i allowed that one so i panicked! i wanted to know if it's really gone and that's why i'm hereand i did many things, i instaled microsoft safety scanner, and did a full scan with it many timesdid a full scan using windows defender too, and also windows deffender offline scan!many scans with multiple programs, eset online, malwarebyte, hitman pro, zemana,booted my pc on safe mode and did scan with malwarebyte again, none of them detected anythingwent back to normal booting did also a boot clean and some other forms of cleaning, a sfr scann on the command prompt, cleaned the cache disabled the system restoredid a cleaning that delets the browser cache and stuff with CCleaneri changed my emails passwords..i don't remember what other things i also did 0 threat found, i suffer from generalized anxiety and this virus thing made me panick hard lol i worried that infos from my pc were stollen since i had some passwords written in doc.txt filescomputer seems working fine nothing unusual no weird pop ups nothing out of the ordinaryso is it gone? am i safe? or a hard wipe and reinstaling windows is needed ? i wish i won't have to do this
  19. As the title suggests, I turned on my PC this morning and was greeted 9 event notifications until I disabled NordVPN over the course of 4minutes. I've attached the 1st event report below but am happy to upload the other 8 too if needed. Should I be concerned or is this a false-positive? MWB report on NordVPN_1_210121.txt
  20. MalBytes keeps giving me multiple "inbound" and "outbound" trojan notices usually in "bursts" only minutes apart. Two of the most recent: -------------------------------------------------------------------------------------------------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/3/20 Protection Event Time: 12:24 PM Log File: 514d7710-2e56-11ea-8896-000272c7c0d0.json -Software Information- Version: Components Version: 1.0.785 Update Package Version: 1.0.17183 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: Port: 49161 Type: Outbound File: C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (end) -------------------------------------------------------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/3/20 Protection Event Time: 12:20 PM Log File: c88c3dd1-2e55-11ea-8ea3-000272c7c0d0.json -Software Information- Version: Components Version: 1.0.785 Update Package Version: 1.0.17183 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: Port: 49161 Type: Inbound File: C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (end) ----------------------------------------------------------------------- I have quite a lot more if needed.
  21. Hello everyone, I would like to begin by saying that this website is amazing. It has led me to find out why my PC performance is so poor in less than an hour when I have been troubleshooting it for months, so thank you. I've been having game performance issues for a few months now. I tried dozens upon dozens of troubleshooting methods without a solution in sight until I noticed something. When I was running a game and opened task manager, my CPU usage would instantly drop from 99% to 50-60%. This reminded me of something I read online about bitcoin miners hiding itself as you open task manager. What I didn't actually know was that it was possible for the virus to camouflage itself under the game. I started by installing Malwarebytes and AdwCleaner as instructed by @AdvancedSetupin other user's threads. I did a scan with Malwarebyte with rootkit scan enable in the settings yet nothing was found. After scanning with ADWcleaner, two ''PUP.OptionalLegacy'' files were found which I believe are irrelevant. Feeling discouraged after thinking I had found finally found a fix, I decided to play a bit of a game thats easier to run with the performance issues. Out of curiosity, I opened task manager and the first thing I see is Malwarebyte warning me about my game being a trojan. I do a bit of research on the matter and most search results foolishly chalk it up to being a false-positive. I looked at the summary of the programs findings and was given an IP which I will not put here since it directly leads to a MWB warning saying the link/IP is a trojan. I then used a geographical IP location finder and it told me that the location is in Georgia, Kvemo Kartli. There is no way this is a false-positive since the company who made the game is located in Canada, Vancouver. I also never joined a multiplayer server and only stayed on the main menu screen so there is no way that a P2P false-positive could have happened. This leads me to believe that there is an infected file on my computer which acts as a proxy between my PC and a website. It camouflages itself under whatever video game I'm playing to act as if the cause of the high CPU usage was the game. What Malwarebytes picked up on is the command which tells the file or site to pause the mining when I open TM. Here are all the required scans 1. The scan is unable to spot the virus but shows up in detection history. This happens everytime I open taskmanager while a game is running. Here is the file summary clearly showing that the virus is concealing itself as my game, the IP address geographical location and the browser page warning. 2. AdwCleaner detects nothing. Please note that this is all speculation on my part. I have next to no knowledge in this type of stuff and I may be wrong. What do you think? Thank you. MWBscan.txt RPT detection trojan.txt Addition.txt
  22. A few days ago Malwarebytes detected a trojan in my PC and I deleted the infected file (ISO file). Now the program continues detecting connections to dangerous sites (image) but the scan does not detect anything. How can I fix this problem? I have the Malwarebytes Premium Trial 4.3.0. I need help, thank you. ScanReport.txt RTPdetection.txt RTPdetection2.txt
  23. hello, I am the owner of : h t t p s : / / invest . gladys . com A customer has just had a trojan message while wanting to connect to our site. However, it seems clean : https://www.virustotal.com/gui/url/e29fbaf3d02373b6bacf80087eaf778aa7ae60bb45ce3f42a6dc32f093dc219a/detection Can you remove it from your blacklist, or give us more information, please? Regards,
  24. Hello, I have recently been alerted by windows security that there is a Trojan virus program on my pc and immediately downloaded malwarebyte to see if I can delete this file. I completed a scan and it singled out the trojan file and then prompted me to quarantine it which I did. I then went on to delete the file from the quarantine although I am not sure this was the right thing to do. Since then I have restarted and rescanned my PC countless times but have not gotten any reports of any new threats on my PC but am still really scared that there still might be some left. Therefor I decided I would completely wipe my HDD and SSD since I am not really sure what else to do and Reinstall windows 10 on my PC. If there is anything else I can do once my PC is done clearing and resetting everything and there is anyone willing to support me through this, it would be much appreciated Thanks, Moritz
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.