Search the Community

I keep getting this popup every 15 seconds, saying: Website blocked due to Trojan The IP it's trying to connect to is: 37.97.195.205 The port keeps changing on every popup. Type is: Outbound Connection. Category: Trojan Domain: nnnnmm.com Is this something serious? It says it is due to chrome.exe Any help would be appreciated. FRST_17-03-2019 23.55.00.txt Addition_17-03-2019 23.55.00.txt

Hello Sirs, I have exactly same issue with domain wpad.toya.net.pl with different programs like steam, battle net, chrome. Is there chance that something is wrong with our internet provider or with your software? I saw similar topic on one of polish PC forums.

Hello. I'm just a layman in programming and whole this knowledge, so forgive me if I did something wrong or omitted any detail in describing my problem. I'll try to describe it as much precisely as I can. Two days ago MB started bombarding me with notifications like this: The problem is the notification window started to pop up very often, sometimes every 2 mins. Moreover, it seems unlikely that domain wpad.toya.net.pl would be infected with trojans (it's the tv & internet provider's website domain). All these connections concern different ports, but all the port numbers start from 49 (49704, 49728, etc.). As a result it occured to me that my computer must be infected. At the beginning I checked my task scheduler but I didn't find any suspicious task. Then I used rkill tool which found no threats, just terminated one process (see the attachment, please) and scanned the system with MB but the software found nothing. Even I used ADWCleaner and Hitman Pro with the same result. So I decided to ask you for a help. I ran FRST tool and you can find all the logs below. I hope my information will be helpful, if you have more questions, please let me know. P.S. Unfortunately all my uploads failed (I don't know why) so I had to insert the logs here: Addition.txt AdwCleaner[S02].txt FRST.txt HitmanPro_20190310_1705.log malwarebyteslog.txt MLBT report.txt Rkill.txt

I just downloaded Malwarebytes Premium Trial. I scanned my PC then it found 10 threats. Some of my applications giving an error message which gives code 0xc0000005. I attached a screenshot. I did research about it and saw some solutions. I clicked control panel on Windows 10. It opened but Malwarebytes said trojan blocked. I didn't get it first because I closed pop up. Then I closed the Control Panel and restarted my PC. After logging in, I saw a pop-up from Malwarebytes again. Then I started seeing it frequently. (Now, again. I opened Malwarebytes for taking SS's then, pop-up again...) And I can make mistakes while writing because I learning English still. Sorry if I made mistakes.

Hello, I was just trying to access the website and I could not because Malwarebytes was running. As soon as I deactivated the antivirus, I was able to access the site. 104.31.80.192 hxxps://www.coinimp.com/ Please can you remove it from your malware list? Thanks.

Hi there, The website has been cleaned already and is requesting for another review.

I installed Malwarebytes due to some suspicion that I was infected and ran it. Clearly there was something going on and Malwarebytes did some cleaning. After it was done, I keep getting this popup every 15 seconds, saying: Website blocked due to Trojan The IP it's trying to connect to is: 66.42.80.240 The port keeps changing on every popup. Type is: Outbound Connection. Category: Trojan I even added an Outbound and Inbound firewall rule in Windows Defender Firewall blocking this IP address, but the popups wont stop. Is this something serious? I've seen many topics on this forum, but none of them have a solution. Help would be appreciated.

I have same problem is that any way to solve?

To whom it may concern, Please do another review on the following site: https://www.cosmictone.com.au/

Receiving a constant stream of popups from Malwarebytes about a riskware website being blocked. There is no domain given, and it continues even if I am not accessing my browser. It is referencing System32\svchost.exe. This file also exists in SysWOW64 once and WinSxS twice. The IP address is 123.123.123.123. A malwarebytes scan does not find anything, and I've run adwcleaner. I've uploaded an export of one of the event logs, and I can upload whatever other log data is needed. Would like help in identifying if this is a stream of false positives, or if some other malicious file is causing the popups. Thank you. report_log.txt

Good day, I put a request in a couple months ago to get the malware removed off of our company website and i see customers still have issues trying to get to our website.Please let me know why this is happening and if you can please resolve this issue on the URL: https://www.acdc.co.za/ Thanks, Janine

Hello, I block this file in my firewall, but still show the notification... NOW WHAT? I don't want to exclude just in case if it is a FP MY FIREWALL MBAM LOG Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/25/18 Protection Event Time: 9:10 AM Log File: 50f1969f-6025-11e8-a137-001d60e18332.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.365 Update Package Version: 1.0.5244 License: Premium -System Information- OS: Windows 10 (Build 17134.81) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: RiskWare Domain: checkip.dyndns.org IP Address: 216.146.38.70 Port: [49711] Type: Outbound File: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (end)

Hello Team, My website is cleaned up now, Please remove website from blacklist and remove bad warning for my website.

7:50 PM CST Today the following website www.tweakbit.com was identified 26 times as a protection event. a message ibn the taskbar notification said Add link.tweak.com as an exclusion. I did NOT add it. I look at the exclusion list and the link had been added. I clicked on the box I cant remember the next step because I thought why would the Microsoft support websites I was reviewing on send outbound connection. I got distracted by my flashing screen (to let me know I made a change) when I had not seen the flash for a long time. I thought that all the updates from MS had changed my settings again. Checking again tonight. The link is gone from exclusion, Nothing is in quarantine. While troubleshooting I test malwarebytes and only 1 notification appeared set at 10 secs so I can read the message. My OS is Windows 10. The last scan was 11:09 pm. Why would you add an exclusion and not send me a notification, then remove it with sending an emails and then have the wrong OS, time on scan. If I missed anything else please let me know. midnight.zip tweakbit.zip outbound.zip

Goodday, Our site service-ict(.)nl is blocked due to malware. Also all the subdomains are reported as malware. The error report: -Systeeminformatie- Besturingssysteem: Windows 10 (Build 16299.371) Processor: x64 Bestandssysteem: NTFS Gebruiker: System -Details van geblokkeerde website- Kwaadaardige website: 1 , , Geblokkeerd, [-1], [-1],0.0.0 -Websitegegevens- Categorie: Malware Domein: service-ict.nl IP-adres: 46.249.42.96 Poort: [50796] Type: Uitgaand Bestand: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Whats is wrong with my site? And possibly, how can i fix it? thanks in advance

User received blocks for the two attached sites, both related to ad-blocking extensions on the Chrome store. Thanks! cdn.ad-blocker.org (69.164.0.0) adblocker.pcvark.com. (184.173.21.164) Site Blocks.7z

Please remove hxxps://penascoresorts.com from your block list. Thanks! log.txt

Hello! I need help related to Malicious files on godaddy server. I installed Malwarebytes to my windows machine when i open my website Malwarebytes blocked my site. How can i find and remove these malicious files from Godaddy server ? 2nd thing : Can we scan our website using Malwarebytes ?

Please review and remove https://lingualeo.go2affise.com/ from the blacklist. If you can`t open this link, try it – https://lingualeo.go2affise.com/click?pid=19&offer_id=10&sub1=engfilms&sub2=thm

Hi, Please can you remove the below site from your blacklist: 107.154.248.252 Below is an excerpt of the protection log as well: If you can also advise on the cause of the block that would be appreciated. Many thanks, Tom

Please remove the following domains from the blacklist of your software: www.rce-event.de rce-event.de Is there any kind of tools to check the false Positives Blocking, Reason etc.? To write an forum post on every false positiv note seems kind of silly.

I have a Raspberry Pi set up to act as my DNS server on my network to block advertisements (Pi-Hole). It also tracks all DNS searches and has revealed that two domains are being accessed every 2 minutes by my Win7 PC - primewire.ag and 123netflix.com This happens even when the browsers on my PC are closed. I previously visited these domains using Chrome incognito mode so I thought they infected my PC. Malwarebytes and Avira find nothing. There are no suspicious add-ons to my browsers. I kept track of exactly when the Pi-Hole showed access to the two domains from my PC (every 2 minutes exactly). Ran Process Monitor (to show Network Activity) and Wireshark both as Admin. Opened Windows Powershell as Admin and typed: Then I waited and clicked enter on the command exactly when my PC was accessing those 2 domains. Checked Wireshark for the same time and found the packets being sent to the pi-hole to check the DNS of those two domains. Double clicked the packets and scrolled down to find the Source Port numbers: 57098 and 65208 Switched to Process Monitor and located the processes captured during the same time that was using those same Source Port numbers. Double clicked and now I had: the PID (1576), the Path (C:\Windows\system32), the Command Line parameters (-k NetworkService) and the process name (svchost.exe) Unfortunately, it’s the ubiquitous svchost.exe Switch to Windows Powershell and checked out the results from when I ran the tasklist command. PS C:\Users\MyPC> tasklist /svc /fi “imagename eq svchost.exe” Image Name PID Services ========================= ======== ============================================ svchost.exe 1576 CryptSvc, Dnscache, LanmanWorkstation, NlaSvc Now I have the Services behind svchost.exe. Then I went into the Registry and found the Registry Entries for each of the 4 Services and that gave me the DLL files and the file paths. They’re all under %SystemRoot%\System32: Ran system filechecker with command Scanned each file with MalwareBytes and Avira. Nothing found. Decided to check each service’s Display Name and Description: CryptSvc = Cryptographic Services = Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Dnscache = DNS Client = The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer’s name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. LanmanWorkstation = Server = Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. NlaSvc = Network Location Awareness = Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Now I’m stumped. Other than Blacklisting those sites on the Pi-Hole, any ideas on how to find out why they are being accessed every 2 minutes?

my website is on the blacklist. The website is now virus-free. I want to be taken off your list. Domain: www.seidellogistik.de thanks Best Regards

After having stupidly installed a bundle programs full of malware and adware, I think all that is left are these websites that keep getting blocked by malwarebytes.. The"website blocked" report identifies them as outbound connections, file: C:\\Windows\System32\svchost.exe Could you advise on getting rid of them? Thanks, a

The website https://purathrive.com gets blocked by Malwarebytes. The entire server was checked for malware, etc. and everything came out clean. Also no fraud happening on the website. It is registered and legitimate business.