Malicious website blocked outgoing???

[cel01]

I got this popup saying my Malwarebytes blocked a website.  I am very confused.

The prompt says the domain name, the ip number, a port number, now this is where I get confused it says Type: Outbound, then gives me an abbreviated link to C:\Program Files (x86)\Goo that eventually ends in \chrome.exe.

Does this mean it was "my" computer was sending something out that was malicious?  This occurred on my limited user account.  I always use that account and only use my admin account when installing programs etc.

I was able to get a screen capture of the prompt but cannot find where Malwarebytes logged it. 

[1PW]

Hello cel01 and

Has any product from https://www.scanguard.com ever been installed in the computer system in question?

Thank you.

[cel01]

No nothing installed.

I am using Malwarebytes 2.2.1.1043 and Windows Defender and also I use Win Patrol.  Is this something outgoing from my system that Malwarebytes stopped?  If so what should the next thing I should be doing.  I scanned my system and only found one pup which I quarantined.

Thanks for replying.

Cel

 

 

 

 

[1PW]

Hello cel01:

From the data you have provided, the system may be infected and malware removal actions are not permitted in this sub-forum.

I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also attach (not compress/copy/paste) both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic. Please do not alter any pre-configured FRST categories as the default settings are well suited for malware removal actions.

Thank you.

[cel01]

I posted in the other forum per your direction.  I did the farbar and attached the files in a new post where it told me to.  It appears I may have installed a program called "system checkup" back in July which might be a program from scanguard. I have the downloader exe for it in my downloads folder.  Malwarebytes flags it as a pup. The program is not in my programs list but I may have uninstalled it. Something tells me it is related but time will tell. 

I will wait and see what the experts here say. 

Thank you for taking the time to answer my post.

Happy Holidays and the best of new years to come

Cel

[cel01]

I found the ad that is on my newspaper subscription site and sure enough if I click on it the same prompt comes up.  I took screen captures of the newspaper webpage and also a screen capture of the warning that comes up on the page it sends me to.  I have not heard anything from that other forum yet.  Should I post those images on my post asking for help.  It is going on 4 days since I posted asking for help there and no replies yet.

 I don't want to get into trouble for bumping up my post but if that newspaper has an ad on their website that is infecting folks I consider this a priority that they are notified.  What do you recomend?

Thanks

[1PW]

Hello cel01:

You are very wise to not bump your topic in Malware removal for Windows sub-forum.  By simply waiting for the Malware Removal Expert to greet you, the confusion factor can remain at zero.

After the expert's greeting has been made, you can update the expert there with what you have discovered by making reference to this topic.  The system in question may have additional issues the expert will happily assist you with.  Thank you for your research and intelligently helping yourself, and then updating this topic.

HTH

[cel01]

Thanks for the guidance it is greatly appreciated.

Cel

[cel01]

Well 5 days is just too long.  A major "Hearst" Newspaper in our community may be causing harm to peoples computers through an ad on one of their pages and the Malwarebytes Forums for help have not responded to my post yet?

I don't want my computer to be a part of causing any harm to others that is WHY I wanted to check out these prompts Malwarebytes was showing.  It reads to me like my system was or could be a part of causing harm.

I will contact the webmaster at the newspaper who I have a talking relationship with and send her the print screens I have of the alerts and also the information Malwarebytes Premium is showing on my computer and let their company contact whomever.

It wasn't like I didn't try but I should not have to wait 5+ days for a response from the Support Forum.  I am very very disappointed in the lack of support I am getting since I am a Malwarbytes Premium owner and have been for many years.

Thank you for the time you gave me but it was a waste of your time.  I followed your instructions the best I could I tried.

I am extremely saddened by the lack of support from the Malwarebytes company since I am a paid program owner, actually I am in shock over it I can't believe it!

I've clearer all my history and ran my ccleaner on both accounts on my system, I am going to run 4 different on-line
AV programs and maybe even my Malwarebytes  Premeium but don't have confidence in idt any more.  I will make sure to not click on any technology ads the newspaper has.

Oh well, still wishing you good holidays.

Thanks

Celeste

[Porthos]

1 hour ago, cel01 said:

Well 5 days is just too long.

Not trying to make excuses but... Most of the people that do the helping in that section are UNPAID volunteers and this the Christmas holiday week. I am sure many them are away from their computers and not helping any one.

1 hour ago, cel01 said:

I am extremely saddened by the lack of support from the Malwarebytes company since I am a paid program owner, actually I am in shock over it I can't believe it!

The paid employees work the Malwarebytes Help desk. They are very busy as well with this new 3.0

[cel01]

I didn't realize that I was not posting on an official "help" Malwarebytes forum.  It is nice that these folks are volunteering to help Malwarebytes users.  I misunderstood.  I would never think of being so unkind as to not appreciate people who volunteer their time to help others.

I will go to the Help Desk link you posted and go that root.  I apologize for being so hard on those volunteers.  

I need to get to the bottom of what is happening on this system and that site I posted so I will go to the link you posted and see what they can do to help me get to the bottom of the issue.

Thank you for straightening me out.

Celeste

[Porthos]

 

 

3 hours ago, cel01 said:

I didn't realize that I was not posting on an official "help" Malwarebytes forum.

This is the official "help" Malwarebytes forum. But the malware removal section is special, There are only so many people who are authorized/trained to offer assistance in that section. Others like my self can not post help there even if we could help.

 

7 hours ago, cel01 said:

 I will make sure to not click on any technology ads the newspaper has.

I see you had clicked an AD. Never recommended to do that. I would get an ad-blocker to block ad's to prevent the temptation.

The issue you described about MB blocking scanguard was the web-blocker protecting you from a site that provides "tune-up/optimizing" software.  MB is against and protects you from that stuff.

https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/

 

Malwarebytes "the program"  is just doing its job.

 

Edited December 24, 2016 by Porthos

[cel01]

I have Adblock Plus and also Flashblock extensions and only use the Chrome browser.  What happened is on the newspaper's website Business section - technology section at the bottom they had four links with pictures.  One was titled "Never ever turn your computer off without doing this" and it had an image showing the back of a modem.  When I clicked on it that is when Malwarebytes Premium popped up.   When I read the popup it seemed to me it was saying that there was something on my computer trying to get out.  I got concerned that maybe my system was compromised and being used like a zombie or involved in a ddos attack.

Still never heard from the folks where I posted. Since I cleared all my history and did cclean the info I posted there is no longer accurate so I guess I should let them know to ignore that post. I will go to the other site you mentioned and try there. I still think there is something funny going on with this system call it women's intuition

Celeste

[Porthos]

20 minutes ago, cel01 said:

When I read the popup it seemed to me it was saying that there was something on my computer trying to get out.  I got concerned that maybe my system was compromised and being used like a zombie or involved in a ddos attack.

When ever that happens when you go to a site or click on a link Malwarebytes is just the site has the potential to harm or deceive you. MB is protecting you.

 

20 minutes ago, cel01 said:

I still think there is something funny going on with this system call it women's intuition

.Could be but I am not allowed to offer that kind of assistance. I have my own computer repair business to deal with and don't have time to go through the testing and certification needed to be an advisor here.

Edited December 24, 2016 by Porthos

[cel01]

I know what you are saying about the testing and cert needed.  Boy has using a computer gotten complex in regards to security.  I bet the cert and testing is intense for MB.

Thank you again you are helping me better understand how to actually use the protection MB gives me. All these years I can't remember getting a popup from MB.   I just want to make sure my system is not sending out something.  The prompt that came up had me confused.

Celeste