Jump to content

is there a log for long lost programs that phone home?


Recommended Posts

Hello, first post, so please excuse this if in wrong topic area..

 

I've been using the free version for some time, but when hit with the DNS thing two days running I finally saw a way to buy into the paid version. (I concluded they were from sites in China.)

 

One thing I've noticed is that things, maybe long lost programs, phone home.

The popup by Malware Bytes is just a notification and does not stay on the screen long. I can't even copy and paste from it. (Does it show in a screen grab?)

Anyhow, is there a log of these pop-ups that one may closer scrutinize?

 

Anyone have guidance on the scrutiny of these instances?

 

The very brief time I did alternate between the pop-up and an open text file I did get a chance to copy some information; syswow64/regsvr32.exe  dynamodule.info port 7944 outbound
 

another instance shortly after I only copied: dynam4u.info

 

Now "regsvr32" is a Windows process that is being called upon by other things, but what other things.

MalwareBytes identified "dynamodule.info" and "dynam4u.info" as not a good site.

 

So if it is not a good place to phone home to, how can I backtrack to what is phoning home?

 

Thanks for your patience, help and understanding in this.... :)

 

Cordially,

Gerry

 

 

Link to post
Share on other sites

Hello:
 

Anyhow, is there a log of these pop-ups that one may closer scrutinize?

 
Yes. :)
Open the dashboard > history > application logs.
More information about locating and exporting logs here: How do I access and save logs from Malwarebytes Anti-Malware?
And the time interval for the toaster popups can be adjusted here: dashboard > settings > general settings > close notification > choose from dropdown menu (up to 12 seconds).
 
Having said that, from the behavior you describe and if you are seeing a lot of IP block popups, especially outbound and especially when no browsers are open, it could be a sign of infection.
 
Please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt).

We can see if the logs might indicate the presence of malware, in which case we can explain how to get a bit of free, expert cleanup help.

 

Thanks,

Link to post
Share on other sites

Hi:
 
Thanks for the logs.
 
No, there's no need to run CCleaner at this time.
 
The logs show quite a few issues with the system.
 
I suspect we will need to send you over to the Malware Removal section for a free, deeper look at the system with the help of a trained malware expert.
But first, if possible, please attach to your next reply here in this thread one of the daily MBAM PROTECTION logs from a day when you saw the IP block notifications.
 
The instructions follow below.
 
We'll go from there.
 
Thanks,
----------------

How to get SCAN logs or PROTECTION logs:
(Export log to save as a txt file for posting in the forum when requested)

  • Open MBAM.
  • Click on the HISTORY tab > APPLICATION LOGS.
  • Double-click on the SCAN LOG which shows the date and time of the scan just performed (or the one you are asked to post), OR on the PROTECTION LOG showing the detection you are reporting (or the one that you are asked to post).
  • Click EXPORT.
  • Click TEXT FILE (*.txt)
  • In the "Save File" dialog box which appears, click on DESKTOP.
  • In the FILE NAME box, type a name for your saved scan or protection log.
  • A message box named "File Saved" should appear, stating that "Your file has been successfully exported".
  • Click OK.
  • Please attach the saved log to your next reply here in this thread.
Link to post
Share on other sites

Hi:

 

EDIT: Our posts crossed in cyberspace

 

You need to first double-left-click on one of the protection logs in order to open it, to make the Export button visible. ;)

 

But, let's just skip that for now.

 

The other logs show possible evidence of malware infection, consistent with the behavior you reported.

We don't work on possible malware issues here, in this particular forum section.

The safest course of action now would be to start with the advice here: Available Assistance for Possibly Infected Computers

 

Then, I suggest that you please start a new, separate post in the malware removal section of the forum.

>>When you do, please attach to that new post the same logs you uploaded here.

One of the malware experts will guide you through scanning, cleanup and repair.

 

Thank you again,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.