Jump to content

Search the Community

Showing results for tags 'trojan'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. From a standard Quantower installation the DLL for their Telegram flags as Trojan.PasswordStealer.Discord. It also shows some detections on https://www.hybrid-analysis.com/ but nothing 100% (https://www.hybrid-analysis.com/sample/abfe494951171aeb553e683d4cde6bfcc646ff93500c5af9f62bd0d48c87f339/6384ce2006ec372a67187ed7). Some of them seem to be verifiably false quite obviously however. Also I left a version of this untouched for a few months and no change data whatsoever occurred as far as I could tell which from my understanding isnt especially common with this type of malware if it were actually malicious. ATT&CK IDs from Hybrid-Analysis: T1106, T1082, T1083, T1056.004, T1012, T1573, T1027.002 Malwarebytes threat report: Hash: ABFE494951171AEB553E683D4CDE6BFCC646FF93500C5AF9F62BD0D48C87F339 Threat name: Trojan.PasswordStealer.Discord I dont know if this is actually a false positive but I would appreciate anything people could do to determine that or if it is actually malicious with certainty. TelegramMessenger.zip file_detection_quantower_false_positive_validation.txt
  2. As the title says MalwareBytes detected GTA5.EXE as a trojan.Im confused by this because i validated the game files and it says its a legtimate game on steam AND i ran a full scan and no threats were found.one thing that confused me was that the action was classified as "Blocked website" when its clearly the application files thats the potential problem here.What scares me the most about this is that after the "website" was blocked i got a bsod after called Kernel security check error,Now i dont know much about computers but im sure that Malwarebytes probably didnt cause it.To anyone who sees this thread please help as i dont know wether it actually blocked a dangerous website or not. P.S:the "Website" had no domain either and it seems it was connected somewhere in new york/new jersey where i live.
  3. I believe I accidentally installed a trojan and ever since, my computer has been running this process and has been stuttering. I have ran Malwarebytes but it oculd not find anything.
  4. so i got a message that a outbound connection was blocked and I've been trying to get rid of a virus since yesterday I've been up all night clean install of windows wiped the drive and this notification scared me should i be worried?
  5. I need help! I was trying to open a document from some company which I mistakenly trust, and it was an scr file. When i opened it nothing happened and then when i tried to google it i found out that it's dangerous file. I installed some anti-virus just now but someone said i should not do anything and unplug my net and get professional help.
  6. Any help would be appreciated. Malwarebytes is saying powershell.exe is the source of these occurrences. Attached are Addition and FRST txt from FRST scan. Thanks! Addition.txt FRST.txt
  7. I downloaded some songs off of KHinsider, and out of nowhere it detected one of the files as a trojan. I did one of the full custom scans last night for 12hours and it had no detections, but I did a quick scan before than and there was another file I had to quarantine. Ill post below what I got from malwarebytes. I dont know how this is happening but is my system just infected in general? What should I do? Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/23/22 Scan Time: 4:42 AM Log File: dd536cca-22c7-11ed-b57f-b42e991a2284.json -Software Information- Version: Components Version: 1.0.1725 Update Package Version: 1.0.59041 License: Free -System Information- OS: Windows 10 (Build 19043.1889) CPU: x64 File System: NTFS User: MarioKartGod\Ricardo Poferl -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 346642 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 3 min, 9 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.ShellCode, C:\USERS\RICARDO POFERL\DESKTOP\OST DL'S\TWILIGHT PRINCESS\2-17. SACRED GROVE.MP3, Quarantined, 6813, 1059167, 1.0.59041, , ame, , 7536BAB2D1772881C5C808D0ECD52A29, CA688105CCD5705EBD06BD7332E482F0735C07FFA48CB4EED5DDF86D930C2057 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  8. Hi, The browser guard recently started to blocking my website: https://paradiseprotech.com It states that there is a "trojan" installed in the website but there is not and here is the proof about it: 1. Malware bytes tool claims website have a trojan, then it says there is there is no block items and finally it just says it cannot "evaluate" this type of page: Then HOW COME DOES THIS TOOL CLAIMS there is a trojan when it cannot even evaluate the page??? Please explain 2. look at the extension link below: chrome-extension://ihcjicgdanjaechkgeegckofjjedodee/app/eventpages/block.html?referrer=null&url=https%3A%2F%2Fwww.paradiseprotech.com%2F&host=www.paradiseprotech.com&type=malware&subtype=trojan&tabId=293404736&filename=undefined&prevUrl=null Parameters with null values indicate that there is no such file as a "trojan" filename=undefined prevUrl=null Please assistance as soon as possible
  9. I am unable to open Malwarebytes, Avast, VirusTotal, McAfee(Would never use), Kaspersky, etc. I have downloaded Malwareytes of Techspot to get around this issue, I have removed around 30 trojans, malware, and backdoors but I am still unable to open the Malwarebytes main website. I try updating the Malwarebytes application but it says it cant connect, Malwarebytes also detected that the Windows Update had some issues and when I checked the windows update said, "Something Went Wrong. Try to reopen Settings later." Something had installed 7Zip 2 days ago which I have removed. My youtube account had also been hacked and a "Valorant Hacks" video was posted on my channel (this is now unlisted). How do I fix this, and is it some malware causing this? I had just recently reset my windows from a different malware attack because I have not restored my subscription for an Anti-Virus. Update* After trying to use the support tool to update Malwarebytes it cancelles after it finishes updating.
  10. I am getting the same issue a lot of people have been reporting no matter what I can't seem to cure this threat endpoint.txt chat.txt
  11. I've been getting these alerts from my Malwarebytes installation last sunday (07/03) and today (07/05) about an RTP detection event and it apparently detected something from one of my game files for League of Legends. This isn't coming from the Riot Client but it's coming from the Garena Client (for Southeast Asia). Is this a false alert or is this something serious? Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/5/22 Protection Event Time: 6:14 AM Log File: a4960eae-fbe6-11ec-9b28-3c7c3f4c2caa.json -Software Information- Version: Components Version: 1.0.1699 Update Package Version: 1.0.56797 License: Premium -System Information- OS: Windows 10 (Build 19043.1766) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , D:\Garena\32774\LeagueClient\LeagueClientUxRender.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: IP Address: Port: 443 Type: Outbound File: D:\Garena\32774\LeagueClient\LeagueClientUxRender.exe (end)
  12. Hi, This is going to be a long description so please bear with me. Yesterday(On 30th May 2022) at around 5 pm, I downloaded a software "GCleaner" which turned out to be a Malware app. I immediately disconnected my internet after I realised that it's a Malware. My anti virus didn't detect it earlier. But after some time, when I connected my internet connection, I started getting a notification from my antivirus saying "Threat secured, We've safely aborted connection on because it was infected with URL:Blacklist" and my pc got into an unending restarting loop. It's stopped restarting when I deactivated my antivirus and disconnected the pc from internet. Then I searched for the malicious app in the control panel but it was not listed there. I searched on Google regarding this malware and found that it's probably a rootkit malware. I found some relatable posts in the community asking us to install FRST64, AdwCleaner, Malwarebytes. I installed all those apps and run FRST first and In the FRST and Addition files, I found that exactly at 17:07 some files were created in my pc which are highly questionable. I then ran Malwarebytes and found some malwares detected in my pc. I quarantined them and ran the scan once again. I didn't detect anything this time. After that I ran AdwCleaner and found out that there some PUP.Optional.Legacy Trovi.com virus in my Chrome browser. I tried quarantining them. I showed that the virus has been removed but when I scan again, I found out that it's getting detected once again. So, I had to manually remove it. After all these steps, I ran FRST again. But I found the questionable files were not removed. This time I tried removing them manually in the explorer. All but 2 of those files were removed. One of the file was 4y63267.sys and it was situated in the System32\drivers folder. This file is read and write protected so it doesn't delete even using cmd in safemode. Everytime I tried deleting, it shows Access is denied. I even tried TronScript, Unlocker and boot disks to delete it but this file isn't even detected there. Another file is in System32\Tasks\Service. Please help me remove these remaining 2 malwares. I am attaching all the latest scan reports here: Addition.txt FRST.txt Malwarebytes Report.txt AdwCleaner.txt
  13. Lately, I installed a shady .exe. My info was all stolen, but i have changed all my account passwords so I think I am fine currently. But lately like every 12 hours im getting a RTP detection like Riskware, Adware, Trojan. I need help.
  14. Hi! My name is Srijan. So, I got a little too excited and installed malicious game hacks months ago. After donwloading and installing 3< files. I realized what I had done. But I did not care at the moment i dont know why. I got hacked a few days after. It was just a simple attack but the malware added a malicious extension to my chrome. My instagram was hacked but the attacker only increased the number of people I was following. I just changed the passwords that day because I dont know why, I did not care. I got hacked again on november 21, 2021. Again, did not care and just changed my passwords. After a few days it hit me that I really did have a backdoor or malware in my system. Days and days I tried to find it and asked many tech specialists. I even installed Kaspersky's trial version and scanned but no results were returned. I at last cleaned my windows and installed it again with the media creation tool ISO.I installed my new antivirus and set up my computer completely. The sense of relief that there is no malware left in my computer was flowing throughout my brain. I connected my removable storage after I resetted my computer completely and then after a few minutes my google chrome resetted. All google accounts got logged out. It was not even the session expired thing. There was no sign left of my gmail accounts. I thought this was pretty suspicious and asked my mentor about it. He assured me that it was just chrome crashing and I had nothing to worry about. But i still needed answers. Why was no results returned in the scan I did in December when I am 100% sure I installed malware. What if the undetectable malware shifted it to my removable hard drive (which has a lot of important data so i cant format it) and now its back into my system. I would appreciate the help very very much. Regards ~ Srijan
  15. Hi everyone! happy new year! I hope you and your dear ones are safe! Long story short, today i installed Wargaming.net official launcher, Game Center. However, right after the download of World of Tanks started, Malwarebytes Premium blocked some IPs due to Trojans. I immediately stopped the download and decided to install and play the game directly through Steam. I guess the Trojan alert was caused by seeding or some kind of torrent p2p technology to deliver the game -and- malwares/trojans with it. googling here and there it appears NOT to be a false positive, as someone stated in an old thread these IPs spread 'Mozi Linux malwares' (I don't know what they are). However, what I'd like to know and what i'm asking you is : am I safe? I am genuinely concerned, and a bit paranoid too, that anything of these Trojans got into my pc and/or opened a backdoor, or scanned ports (the famous "port scanning") in my local network or router. I'm kinda tech savvy but not -that- savvy. I don't know... i run mbam premium and bitdefender total security. Did a run of both scans + adwcleaner and nothing is found. may I rest assured like nothing happened? thank you!
  16. This is happening to me too right now! if you have tips to remove this thing from my pc please reply P.S If you have this there is also a task running named RuntimeService.exe which is not a Windows file, this is the virus file, for me this takes up like 20% of the cpu...
  17. Hola buenas, Malwarebytes acaba de detectar un Troyano desde esta página cheatsguru.com y me aparece como que ya esta bloqueado. Se podrá eliminar? rtp.txt
  18. Hello so recently I installed a file heres the file: DavinciResolve17f (mediafire.com) this file is definitely a malware. So after installing this file i ran a exe in the file and windows defender detected a trojan but it couldn't do anything else after clicking on 'start actions'. The pc also became VERY SLOW so shutdown the pc and now im in safe mode. I tried many antivirus software but everything showed no detections. I have tried malwarebytes,sophos,kaspersky,avast,emsisoft. so what do i do now because whenever i boot into windows 10 normally its very slow and my pc is quite fast. So I dont know if i actually have a malware or for some reason the pc is slow. Ihave attached the FRST log files Please help me. Addition.txt FRST.txt
  19. Hi, I recently got some cryptocurrencies stolen in such a way that the attacker clearly had access to my Metamask seed phrase. Since I never entered my seed phrase anywhere, I suspect that a Trojan might be at play. While I was tinkering with Metamask in different browsers to set up a few honeypots and find the cause of the hack, a Malwarebytes popup opened with the alert seen in the attached file. It appears that there might be something related to Firefox classified as Trojan by Malwarebytes. My top priority right now is to definitely identify the cause of my hack, rather than remove it from my computer. This is a good lead, but how can I confirm that this is indeed associated with a Trojan? Thanks in advance.
  20. I'm used to buy car parts on this website, but now Browser Guard is warning me about a Trojan on it. I'm submitting the URL as required. sjmparts.zip
  21. Playing Path of Exile the last couple days. Upon loading into a new area or "map", I get either a Trojan or Malware event notification with a "Blocked Website" action. I've attached both logs and the executable that it's indicating. Nothing reported on my scan. It's only when loading into particular areas. Other area/map loads have no issues. Running application through Steam. Blocked action is consistent upon trying to enter the Tier 3 "Beach" map. PathOfExileSteam.zip poe mal.txt poe troj.txt
  22. I've been trying to remove a trojan and malware since last night. unfortunately after using the programs I left attached, "RTP detenction" notifications of both malware and trojans always arrive from malwarebytes. Yesterday I think I fixed also backdoor related problems, but they were already in quarantine and deleted. Sry for my english :
  23. Problem: Browser Guard is blocking a website I use daily: www.corjl.com. Background: Unbeknownst to me, corjl.com had some malware issue. On 1/10/22, I contacted them about being unable to access the website. They said they removed a malware threat from their website. It was removed from their staging site, but their main site had to update yesterday. They alleged the limited virus impacted only the Corjl website pages. Troubleshooting: I have tried clearing my Google Chrome Caches and rebooting twice. (I use Windows 11). I tried adding the web urls to the Malwarebytes Allow section and then the IPN addresses too. Unfortunately, as I would add IP addresses to exclude it would continue adding more pop up blocks with additional IP addresses. I tried updating and running a scan as well. It's a complete mess! Overall, I am unable to troubleshoot the problem. Can someone assist please and thank you?
  24. Lmaobox.net While it is a cheat vendor for a video game, it being marked as a trojan is simply wrong. The devs themselves expressed that those are false positives due to the nature of the cheat. If all cheating websites are to be considered malicious then why not throw in royalhack.net? It's a popular cheat vendor for far more popular games than Team Fortress 2. In addition, even when I add the lmaobox website to the exclusions list, it is still blocked. I am writing this post not to encourage cheating but because I want actual malicious websites to not be lumped in with morally questionable ones.
  25. I received a message in Messenger which read "It's you in the video?" and unthinkingly clicked on the link. I got a message saying "Video unavailable". I informed the sender and she told me she'd been hacked. The bad link address is https://x/y where x=6to.me and y=1crfJKiJTr I must find out what I'm dealing with here before I'll be comfortable using my laptop again. Any assistance would be greatly appreciated.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.