My malware contains a site in the exclusion list, but I did not add it

[dumbmick]

How can a site get on my Web Exclusions list if I did not add it?

Is my Malwarebytes infected? 

The site was web.51.la

 

Is my Malwarebytes app infected? 

 

Thanks,

Tom

 

Malwarebytes Anti-Malware 2.0.4.1028

v2015.01.01.02

 

[daledoc1]

Hello and :
 
Let's get a bit more information to see what might be going on:

Please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

 

Thank you,

[dumbmick]

Ok. Thank you for your reply. Couple questions.

 

Why do I have to download a 3rd party app to run with Malwarebytes? 

Why not something from Malwarebytes themselves?

Why does Norton AV remove FRst.exe when I go to run it?

 

Thanks,

Tom

[daledoc1]

Hi:
 

<snip>
 
Why do I have to download a 3rd party app to run with Malwarebytes?

Not sure what you mean by "run with Malwarebytes".
FRST is a perfectly safe, non-invasive diagnostic scanner that was developed by farbar, one of the experts here at this forum.
It is used 100s of times a day here, at bleepingcomputer (where it is hosted), and at other computer disinfection forums.
It provides a bit of basic system information to help with troubleshooting and (if needed) malware removal.

As we are not in front of your computer, and as each computer is unique, such diagnostic tools are the only way we can try to determine what might be going on.
 

Why not something from Malwarebytes themselves?

 
The mbam-check tool is developed and published specifically by Malwarebytes to help to diagnose problems with MBAM.
 

Why does Norton AV remove FRst.exe when I go to run it?

 
Norton is notorious for flagging legitimate anti-malware tools and scanners.
(It is due in part to Norton's failure to actually test and whitelist these sorts of tools.)
Please just temporarily disable Norton to download and run FRST.
Then, re-enable Norton.
 
Then, please attach the requested 3 logs (FRST.txt, Addition.txt and Checkresults.txt).
The forum staff and experts will review them and advise you further.
 
OTOH, if you think you might be infected, then it might be more efficient simply to head over to the malware removal section.
If so, then suggest that you might wish to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

Thanks,

[dumbmick]

There you go. Thanks in advance. I did note that MWB does not have Chameleon running,

but don't see a way to enable that. 

 

Thanks,

Tom

Addition.txt

CheckResults.txt

FRST.txt

[daledoc1]

Hi:
 
Your logs do not show that site in your MBAM web exclusions.
A Google search shows that it is some sort of javascript item, akin to Google Analytics.
It might have been a temporary occurrence while you were on a particular website?
(There are extensions for browsers, such as NoScript for Firefox, that will block this sort of thing.)
 
If you would like an expert to review your logs and perhaps run some deeper system scans, then I suggest that you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

Thanks,

[daledoc1]

EDIT:  I forgot to answer your other question....

 

If you do not have MBAM Premium Self-Protection enabled, then you will not see the Chameleon service running.

 

Cheers,

[AdvancedSetup]

You would need to give us the IP of the site that was added and then zip and attach all your protection logs so that we can check and see if it was added or not.

 

The computer does show it's having problems that you should look into as well. It looks like you're not properly shutting down your computer which can cause data loss.

 

 

Application errors:
==================
Error: (01/04/2015 07:54:10 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/02/2015 08:05:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5328

Error: (01/02/2015 08:05:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5328

Error: (01/02/2015 08:05:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/02/2015 04:48:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1063

Error: (01/02/2015 04:48:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1063

Error: (01/02/2015 04:48:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/01/2015 06:33:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/01/2015 06:10:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/31/2014 06:56:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SMIPlayer.exe, version: 5.3.5.59, time stamp: 0x51417a01
Faulting module name: TosDVDGM.dll, version: 4.0.8.68, time stamp: 0x5126c2b5
Exception code: 0xc0000005
Fault offset: 0x0007dfdc
Faulting process id: 0x%9
Faulting application start time: 0xSMIPlayer.exe0
Faulting application path: SMIPlayer.exe1
Faulting module path: SMIPlayer.exe2
Report Id: SMIPlayer.exe3
Faulting package full name: SMIPlayer.exe4
Faulting package-relative application ID: SMIPlayer.exe5


System errors:
=============
Error: (12/05/2014 02:57:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:50:11 AM on ‎12/‎5/‎2014 was unexpected.

Error: (11/28/2014 08:07:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:10:45 AM on ‎11/‎27/‎2014 was unexpected.

Error: (11/26/2014 03:03:28 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (11/24/2014 08:59:20 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:51:38 AM on ‎11/‎24/‎2014 was unexpected.

Error: (11/24/2014 08:51:38 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:46:33 AM on ‎11/‎24/‎2014 was unexpected.

Error: (11/19/2014 01:41:44 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (11/06/2014 10:56:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:40:36 AM on ‎11/‎6/‎2014 was unexpected.

Error: (11/04/2014 07:56:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:48:49 AM on ‎11/‎4/‎2014 was unexpected.

Error: (10/21/2014 06:41:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:38:24 PM on ‎10/‎21/‎2014 was unexpected.

Error: (10/12/2014 04:12:06 PM) (Source: DCOM) (EventID: 10010) (User: DadsNewLT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}