Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

MWB blocked malicious mail but now constantly attacked


Recommended Posts

About a dozen hours ago, received email from a friend. Over the years, have got thousands from her and this had her name as sender. It said msg was incomplete so click on Link to read. [Yeah, I know, should have been more cautious, but have got hundreds of links from her in that past]

MWB Premium sent something to NSS which blocked the site as malicious. I know this from looking at the NSS log. MWB did the block.

I scanned with MWB Premium, and NSS and Spybot and System Mechanic. All good, no problems, only a few low level trackers.

Twelve hours later, looking at NSS history and MWB has blocked something from gaining access about  eighty times, including five minutes ago. Of course  I am worried but I can't even be certain it's the same issue, however it looks that way.

I don't know of any other way to scan. Any ideas?

 

 

 

Link to post
Share on other sites

Hi mikmak007 :)

Are you able to copy/paste the content of the latest protection log on Malwarebytes, so we can see exactly what was blocked? You can access the logs under the History tab in the Application Logs section, and then click on Protection log (the latest). From there, you have the option to copy it to your clipboard in the bottom left corner of the window.

Link to post
Share on other sites

Many thanks.
 As you can see in screen shot, mwb-2. the blocking happens every few minutes. The history shows endless pages, hundreds of blocks. The right panel shows "actor" and MALWAR.... I can't expand that view, but the clicked actor says, "MBAMservice.exe"

However, the exported mwb-1 text file shows very little action.

The NSS log nss-1 is huge [sorry] but have attached it. I have done scans over and over and nothing shows up. Could it be the attacker has my email so just keeps trying to access. In other words, I have nothing on my computer to find.

In that case, I guess this goes on...forever?

mwb-2.JPG

mwb-1.txt

nss-1.txt

Link to post
Share on other sites

Excluding each program from the other will stop any interaction between them. This is not about anything bad. If Norton had a

false positive signature about MBM, there is nothing you can do. It works both ways. Today many programs allow excluding the whole folder.

In the past we had to exclude each program in the folder. Pain in the butt !!!

Link to post
Share on other sites

Detection, 4/17/2016 7:18 PM, SYSTEM, DELL_NEW, Protection, Malicious Website Protection, Domain, 66.39.64.146, file.org, 58773, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
Detection, 4/17/2016 7:18 PM, SYSTEM, DELL_NEW, Protection, Malicious Website Protection, Domain, 66.39.64.146, file.org, 58773, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
Detection, 4/17/2016 7:18 PM, SYSTEM, DELL_NEW, Protection, Malicious Website Protection, Domain, 66.39.64.146, file.org, 58774, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 

Do you recall manually accessing the file.org website on Mozilla Firefox?

Link to post
Share on other sites

12 minutes ago, Aura said:

Detection, 4/17/2016 7:18 PM, SYSTEM, DELL_NEW, Protection, Malicious Website Protection, Domain, 66.39.64.146, file.org, 58773, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
Detection, 4/17/2016 7:18 PM, SYSTEM, DELL_NEW, Protection, Malicious Website Protection, Domain, 66.39.64.146, file.org, 58773, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
Detection, 4/17/2016 7:18 PM, SYSTEM, DELL_NEW, Protection, Malicious Website Protection, Domain, 66.39.64.146, file.org, 58774, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 

Do you recall manually accessing the file.org website on Mozilla Firefox?

No, have not been to mozilla in ages. I just use the about > upgrade for new version.

Link to post
Share on other sites

This should be checked out in the malware removal section. In order to start a thread there, you need to follow the instructions in the thread below.

https://forums.malwarebytes.org/topic/9573-im-infected-what-do-i-do-now/

As mentionned above, it seems like Norton and Malwarebytes are conflicting (even iolo is). I suggest you to add exclusions for Malwarebytes in Norton. ­@Firefox can give you the list of files, folders and processes to exclude.

Link to post
Share on other sites

I thought I was in the right forum/section. Okay, will do. You are the expert and I'm just struggling along, but I've had NSS and MWB for years and never had this problem. Then i get a bogus email containing link to a malicious site, and suddenly get these endless attacks, probably over a thousand by now that hit every minute.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.