Jump to content

Malwarebytes Continuously Reports Malicious Website Blocked


warc1
 Share

Recommended Posts

I am a Malwarebytes Premium user. Starting today, I am receiving the subject notice about every 5 minutes. More specifically, the logs state:

Detection, 2016-12-24 6:13 PM, SYSTEM, NEWDESKTOP, Protection, Malicious Website Protection, IP, 185.121.177.53, 51708, Outbound, C:\Windows\System32\msiexec.exe

I have run a manual Malwarebytes scan of my PC after these notices started, but Malwarebytes does not report any threats. Am I infected regardless?

 

Link to post
Share on other sites

Here's the contents of FSS.txt:

Farbar Service Scanner Version: 27-01-2016
Ran by Don (administrator) on 24-12-2016 at 18:52:31
Running from "C:\Users\Don\Downloads"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

I appear to be in the clear. Windows Defender (WD) ran its regularly scheduled scan overnight, found and quarantined a trojan called "TrojanWin32/Wammuras.C!cl". WD apparently could not shut down the active malware task, even though the file was quarantined. As a result, I was still getting continuous "malicious website blocked" notifications first thing this morning and the PC was very sluggish.

A check on Task Manager revealed that msiexec.exe was using near 100% CPU capacity, 9GB of memory and memory allocation was climbing. I then had WD delete the quarantined file, rebooted my PC and now performance has apparently returned to normal. Task Manager reports that msiexec.exe is no longer running and I have not had a single "malicious website blocked" notice in the two hours since restarting (knock on wood).

This leaves me with the observation that Malwarebytes virus definitions do not include "TrojanWin32/Wammuras.C!cl". This is disappointing since I bought Malwarebytes after being led to believe that WD was wanting in providing comprehensive protection. In this case, WD proved more thorough. I will give credit to Malwarebytes for detecting and blocking outbound traffic from the trojan which I assume rendered it nonfunctional to the perpetrators.

Is there an effective way to notify Malwarebytes of the apparent deficiency in their definitions, or is this post sufficient?

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.