Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Malicious Website Protection


Recommended Posts

Hi there, 

 

I keep getting notifications that Malwarebytes is protecting me from malicious websites. 

My Windows is installed on a virtual machine (Parallels Desktop on my Mac). I don't know if that makes a difference. 

It is not very often (once a day) but I'm still quite worried.

 

Detection, 10.03.16 16:31, SYSTEM, LAURATAPROG3B38, Protection, Malicious Website Protection, Domain, 185.17.184.11, softpicksmart.com, 51227, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, 
Detection, 10.03.16 16:31, SYSTEM, LAURATAPROG3B38, Protection, Malicious Website Protection, Domain, 185.17.184.11, softpicksmart.com, 51227, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, 
 
Detection, 07.03.16 08:32, SYSTEM, LAURATAPROG3B38, Protection, Malicious Website Protection, Domain, 185.17.184.11, softpicksmart.com, 49408, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, 
Detection, 07.03.16 08:32, SYSTEM, LAURATAPROG3B38, Protection, Malicious Website Protection, Domain, 185.17.184.11, softpicksmart.com, 49408, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, 
 
Detection, 04.03.16 21:02, SYSTEM, LAURATAPROG3B38, Protection, Malicious Website Protection, Domain, 185.17.184.11, setmysoftware.info, 50015, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 04.03.16 21:02, SYSTEM, LAURATAPROG3B38, Protection, Malicious Website Protection, Domain, 185.17.184.11, setmysoftware.info, 50015, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 04.03.16 21:02, SYSTEM, LAURATAPROG3B38, Protection, Malicious Website Protection, Domain, 185.17.184.11, softtechno.org, 50016, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 04.03.16 21:02, SYSTEM, LAURATAPROG3B38, Protection, Malicious Website Protection, Domain, 185.17.184.11, softtechno.org, 50016, Outbound, C:\Windows\System32\svchost.exe, 
 
 
My FRST files are attached. Please help.

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....
 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

 

Next,

 

There are two security programs with AV components, that is counterproductive and will cause major problems for the OS. You must uninstall one of them ASAP...

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...



Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs, also tell me if the issue is cleared....

 

Thank you,

 

Kevin....
 

Fixlist.txt

Link to post
Share on other sites

Ok I did everything like you said.

None of the programs found anything. That was my problem beforehand because actually no tool found malware. Still the logs are attached.

In the fixlist I couldn't find anything regarding the svhchost.exe. Is it fixed too?

I will have to wait one or two days to tell you whether the problem is solved, as those warnings appear randomly.

Thank you. 

 

Fixlog.txt

Scan Log MBAM.txt

AdwCleanerS2.txt

mrt Log.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.