Search the Community

Hi there, The website has been cleaned already and is requesting for another review.

I installed Malwarebytes due to some suspicion that I was infected and ran it. Clearly there was something going on and Malwarebytes did some cleaning. After it was done, I keep getting this popup every 15 seconds, saying: Website blocked due to Trojan The IP it's trying to connect to is: 66.42.80.240 The port keeps changing on every popup. Type is: Outbound Connection. Category: Trojan I even added an Outbound and Inbound firewall rule in Windows Defender Firewall blocking this IP address, but the popups wont stop. Is this something serious? I've seen many topics on this forum, but none of them have a solution. Help would be appreciated.

I have same problem is that any way to solve?

To whom it may concern, Please do another review on the following site: https://www.cosmictone.com.au/

Receiving a constant stream of popups from Malwarebytes about a riskware website being blocked. There is no domain given, and it continues even if I am not accessing my browser. It is referencing System32\svchost.exe. This file also exists in SysWOW64 once and WinSxS twice. The IP address is 123.123.123.123. A malwarebytes scan does not find anything, and I've run adwcleaner. I've uploaded an export of one of the event logs, and I can upload whatever other log data is needed. Would like help in identifying if this is a stream of false positives, or if some other malicious file is causing the popups. Thank you. report_log.txt

Good day, I put a request in a couple months ago to get the malware removed off of our company website and i see customers still have issues trying to get to our website.Please let me know why this is happening and if you can please resolve this issue on the URL: https://www.acdc.co.za/ Thanks, Janine

Hello, I block this file in my firewall, but still show the notification... NOW WHAT? I don't want to exclude just in case if it is a FP MY FIREWALL MBAM LOG Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/25/18 Protection Event Time: 9:10 AM Log File: 50f1969f-6025-11e8-a137-001d60e18332.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.365 Update Package Version: 1.0.5244 License: Premium -System Information- OS: Windows 10 (Build 17134.81) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: RiskWare Domain: checkip.dyndns.org IP Address: 216.146.38.70 Port: [49711] Type: Outbound File: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (end)

Hello Team, My website is cleaned up now, Please remove website from blacklist and remove bad warning for my website.

7:50 PM CST Today the following website www.tweakbit.com was identified 26 times as a protection event. a message ibn the taskbar notification said Add link.tweak.com as an exclusion. I did NOT add it. I look at the exclusion list and the link had been added. I clicked on the box I cant remember the next step because I thought why would the Microsoft support websites I was reviewing on send outbound connection. I got distracted by my flashing screen (to let me know I made a change) when I had not seen the flash for a long time. I thought that all the updates from MS had changed my settings again. Checking again tonight. The link is gone from exclusion, Nothing is in quarantine. While troubleshooting I test malwarebytes and only 1 notification appeared set at 10 secs so I can read the message. My OS is Windows 10. The last scan was 11:09 pm. Why would you add an exclusion and not send me a notification, then remove it with sending an emails and then have the wrong OS, time on scan. If I missed anything else please let me know. midnight.zip tweakbit.zip outbound.zip

Goodday, Our site service-ict(.)nl is blocked due to malware. Also all the subdomains are reported as malware. The error report: -Systeeminformatie- Besturingssysteem: Windows 10 (Build 16299.371) Processor: x64 Bestandssysteem: NTFS Gebruiker: System -Details van geblokkeerde website- Kwaadaardige website: 1 , , Geblokkeerd, [-1], [-1],0.0.0 -Websitegegevens- Categorie: Malware Domein: service-ict.nl IP-adres: 46.249.42.96 Poort: [50796] Type: Uitgaand Bestand: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Whats is wrong with my site? And possibly, how can i fix it? thanks in advance

User received blocks for the two attached sites, both related to ad-blocking extensions on the Chrome store. Thanks! cdn.ad-blocker.org (69.164.0.0) adblocker.pcvark.com. (184.173.21.164) Site Blocks.7z

Please remove hxxps://penascoresorts.com from your block list. Thanks! log.txt

Hello! I need help related to Malicious files on godaddy server. I installed Malwarebytes to my windows machine when i open my website Malwarebytes blocked my site. How can i find and remove these malicious files from Godaddy server ? 2nd thing : Can we scan our website using Malwarebytes ?

Please review and remove https://lingualeo.go2affise.com/ from the blacklist. If you can`t open this link, try it – https://lingualeo.go2affise.com/click?pid=19&offer_id=10&sub1=engfilms&sub2=thm

Hi, Please can you remove the below site from your blacklist: 107.154.248.252 Below is an excerpt of the protection log as well: If you can also advise on the cause of the block that would be appreciated. Many thanks, Tom

Please remove the following domains from the blacklist of your software: www.rce-event.de rce-event.de Is there any kind of tools to check the false Positives Blocking, Reason etc.? To write an forum post on every false positiv note seems kind of silly.

I have a Raspberry Pi set up to act as my DNS server on my network to block advertisements (Pi-Hole). It also tracks all DNS searches and has revealed that two domains are being accessed every 2 minutes by my Win7 PC - primewire.ag and 123netflix.com This happens even when the browsers on my PC are closed. I previously visited these domains using Chrome incognito mode so I thought they infected my PC. Malwarebytes and Avira find nothing. There are no suspicious add-ons to my browsers. I kept track of exactly when the Pi-Hole showed access to the two domains from my PC (every 2 minutes exactly). Ran Process Monitor (to show Network Activity) and Wireshark both as Admin. Opened Windows Powershell as Admin and typed: Then I waited and clicked enter on the command exactly when my PC was accessing those 2 domains. Checked Wireshark for the same time and found the packets being sent to the pi-hole to check the DNS of those two domains. Double clicked the packets and scrolled down to find the Source Port numbers: 57098 and 65208 Switched to Process Monitor and located the processes captured during the same time that was using those same Source Port numbers. Double clicked and now I had: the PID (1576), the Path (C:\Windows\system32), the Command Line parameters (-k NetworkService) and the process name (svchost.exe) Unfortunately, it’s the ubiquitous svchost.exe Switch to Windows Powershell and checked out the results from when I ran the tasklist command. PS C:\Users\MyPC> tasklist /svc /fi “imagename eq svchost.exe” Image Name PID Services ========================= ======== ============================================ svchost.exe 1576 CryptSvc, Dnscache, LanmanWorkstation, NlaSvc Now I have the Services behind svchost.exe. Then I went into the Registry and found the Registry Entries for each of the 4 Services and that gave me the DLL files and the file paths. They’re all under %SystemRoot%\System32: Ran system filechecker with command Scanned each file with MalwareBytes and Avira. Nothing found. Decided to check each service’s Display Name and Description: CryptSvc = Cryptographic Services = Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Dnscache = DNS Client = The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer’s name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. LanmanWorkstation = Server = Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. NlaSvc = Network Location Awareness = Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Now I’m stumped. Other than Blacklisting those sites on the Pi-Hole, any ideas on how to find out why they are being accessed every 2 minutes?

my website is on the blacklist. The website is now virus-free. I want to be taken off your list. Domain: www.seidellogistik.de thanks Best Regards

After having stupidly installed a bundle programs full of malware and adware, I think all that is left are these websites that keep getting blocked by malwarebytes.. The"website blocked" report identifies them as outbound connections, file: C:\\Windows\System32\svchost.exe Could you advise on getting rid of them? Thanks, a

The website https://purathrive.com gets blocked by Malwarebytes. The entire server was checked for malware, etc. and everything came out clean. Also no fraud happening on the website. It is registered and legitimate business.

One of our sites `alpha.lam.co.uk` is being blocked... as can be viewed on: http://hosts-file.net/pest.asp?show=51.255.39.22 We do not host or promote any Malicious code neither do any suspicious activity, so please delist our site or provide information of why is been blocked so we can fixit (if applicable) Please find attached the `protection log` of the last event. Fell free to ask any question related to `delist` this site as soon as possible. Thanks. PS: I recommend to add `hosts-file.net` report in the `Please Read Before Reporting A False Positive` guide. PS2: In that page, the referred entries links for the Knowledgebase are dead. (`Website Blocking FAQs` & `Software Blocked`) alpha-lam.co.uk.log

Hello. Today after I installed a program my computer randomly restarted and the program didn't get installed. I ran a full scan and nothing was found.. But I keep getting popups about a site that got blocked (it shows that it got requested from firefox but I closed that tab ages ago!) the thing is that I installed this program from this website so I'm not sure if I've got malware that is trying to log my data..

Greetings, I have noticed over the last few days that both NE-1 and NE-2 on AWS are blocked for some reason, specifically: s3-ap-northeast-1.amazonaws.com s3-ap-northeast-2.amazonaws.com NE-1 was from something in Chrome, while NE-2 was actually while Samsung Magician was trying to download an update. Here are the logs for both: Northeast-1: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 12/5/17 Protection Event Time: 6:46 PM Log File: 4df8b71c-da27-11e7-ad9c-005056c00001.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3419 License: Premium -System Information- OS: Windows 10 (Build 16299.64) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: s3-ap-northeast-1.amazonaws.com IP Address: 52.219.0.88 Port: [50666] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) Northeast-2: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 12/9/17 Protection Event Time: 2:07 AM Log File: 55dff026-dcc0-11e7-ab36-005056c00001.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3450 License: Premium -System Information- OS: Windows 10 (Build 16299.64) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: s3.ap-northeast-2.amazonaws.com IP Address: 52.219.58.4 Port: [58889] Type: Outbound File: C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (end) Thanks for your help, Zzyzx

We've received several complaints about Tagged.com on desktop and mobile web has been improperly blocked by Malwarebytes. There's not much detail attached to the warning messages, besides telling us we're blocked or have malicious links. Can we please get more detail as to why we're blocked? Screenshots from PC and Android mobile web are attached.

We've received several complaints about Tagged.com on desktop and mobile web has been improperly blocked by Malwarebytes. There's not much detail attached to the warning messages, besides telling us we're blocked or have malicious links. Can we please get more detail as to why we're blocked? Screenshots from PC and Android mobile web are attached.