Jump to content

Recommended Posts

For the past 2 weeks I have been getting malware pop-up warnings in Outlook..  I have a Windows 10 Professional PC with Outlook 2013.   Emails that include links in the message back to the Internet (Washington Post newsletters for example) cause a warning to come up repeatedly at the bottom right corner of my screen.  If I keep closing the warning it will stop after about 11 times.  If I go on to another email the problem repeats. I get this using Firefox, Chrome and Edge browsers.

I tried updating Malware-bytes; it helped a couple of days but no longer.  I searched your forum and cannot find a cure.  Most of the topics are closed out.

I have a paid version of Malwarebytes  Anti-Malware Home Premium 2.2.1.1043 and would like detailed instructions on how to get rid of this very nasty malware.. 

Link to post
Share on other sites

Thank you Aura.  I tried entering ".bid gTLD" as a domain web exclusion but I get a message back saying it is not a valid URL.  I put in the characters between the " " marks including the leading period and the space ahead of g.  I also tried combinations with and without the period and space, What am I doing wrong?

Previously I put in domains like "e.washingtonpost.com" and that didn't work either.

Link to post
Share on other sites

I copied the domain and pasted it in.  The URL was accepted but it did not work.  I brought an old email out of trash and put it in my in box.  Got 11 pop-up warnings.   Perhaps tomorrow with a fresh email it may work.  But to tell you the truth I think I tried sync.eu.exe.bid earlier in the week and it didn't work then either.

BTW  e.washingtonpost.com  was a typical exclusion I tried as well.  It was accepted as a URL but it didn't cure the problem either.

I am giving up for tonight.  Hope you have more ideas for tomorrow.  I really appreciate your help.

I also don't understand why all this just started on my PC in the last 2 weeks; it was fine for years before.

Link to post
Share on other sites

I managed to add the exclusion in Malwarebytes 3.1 without any problem. Let me install 2.2.1 in a VM and test it out.

Quote

I also don't understand why all this just started on my PC in the last 2 weeks; it was fine for years before.

The block on the .bid gTLD is recent.

Link to post
Share on other sites

Hi,

I have done exactly that above, added it to the web exclusion list in 2.2.1...it seemed to stop it for about 10 minutes, now that #%*^ popup is happening again constantly!.  Other sites I work in are being affected now as well.  This is obviously some kind of malware/virus as it's trying to send out from my system on a different port every time.  Same boat as the others above, no PC issues for years, then all of sudden this shows up.  No idea how it got it. What is the fix for this?  It's making me mental & killing my ability to continue to work.

Link to post
Share on other sites

Aura,

I did as you suggested; ie I added the sync.eu.exe.BiD exclusion with no trouble. However, it does not fix the problem.  I received new emails today and the #%8^ popups ( I like ScottRC's name for them ) are back.   My paid subscription to Malwarebytes will be due for renewal in the next few weeks and i will not renew unless WE all get a solution.  This has gone way too long!

 

Link to post
Share on other sites

Quote

This is obviously some kind of malware/virus as it's trying to send out from my system on a different port every time.  Same boat as the others above, no PC issues for years, then all of sudden this shows up.

Please start a new thread and follow the instructions in the thread below. I'll take a look at your logs, but I doubt I'll find any infection on your system. And this "suddenly" started showing up because the block on the .bid gTLD is quite recent.

Edit: Just noticed that we might have added the wrong domain to the exclusion list, try this one please:

sync-eu.exe.bid

 

Edited by Aura
Link to post
Share on other sites

Changing sync.eu.... to sync-eu... seems to be working so far!   Let's see if it lasts.  I had to pull old emails from trash and put them back in my In Box.  Let's see what happens with fresh emails tomorrow.

Now 2 more basic questions;

1) With this fix am I defeating Malware-bytes attempt to keep me safe?

2) Since I had 8 to 14 pop-ups per email was I getting a pop-up for each bad ad within a single email?? 

Many, many thanks for your extended help on this.

(Hope ScottRC has seen this fix)

Link to post
Share on other sites

Quote

1) With this fix am I defeating Malware-bytes attempt to keep me safe?

In my opinion, no. See my answer to your second question.

Quote

2) Since I had 8 to 14 pop-ups per email was I getting a pop-up for each bad ad within a single email??

It is important to understand that Malwarebytes is blocking the .bid gTLD as a whole, and not this website in particuliar. This is because the number of malicious activity associated with .bid domains is extremely high (there are more malicious domains than legitimate ones) and therefore it is safer to block the gTLD as a whole, rather than block all the malicious domains with that gTLD. The thing is that, some legitimate/safe domains will get blocked. So if let's say you try to go to "SafeWebsite.bid", Malwarebytes will block it because it have the .bid gTLD, but it doesn't mean that it is bad. From what I've seen so far, sync-eu.exe.bad might not be "bad" or "malicious", it could be a safe domain that is being blocked by Malwarebytes as a result of them blocking the whole .bid gTLD.

Link to post
Share on other sites

Ok, that seems to have stopped the popups for the moment, but we've just cured the symptom, not the disease.  I can't get the volume to work on audio or video files now, nor can I access certain work websites that I've used for years...just get a blank page, no error message, nothing...just white space. This all coincided with this .bid thing hitting my system.  SOMEthing was creating all those outbound attempts to other sites from mine....THAT's what we need to know how to eliminate.    EDIT:  I'm also having strange issues with site I work with where I can access the site, but once in, I can't place my cursor ANYwhere in any of the boxes where I normally would....they're there, but I can't enter ANY data to them.  This damn thing is like a friggin' gremlin, just running around, partially messing with websites I use. 

Edited by ScottRC
Link to post
Share on other sites

20 minutes ago, daveathtt said:

Aura, thank you.  You have been terrific.  Hopefully this is solved now and I won't have to trouble you again.  Please hold this thread open for another day or two just in case. :D

No problem, will do :) 

13 minutes ago, ScottRC said:

Ok, that seems to have stopped the popups for the moment, but we've just cured the symptom, not the disease.  I can't get the volume to work on audio or video files now, nor can I access certain work websites that I've used for years...just get a blank page, no error message, nothing...just white space. This all coincided with this .bid thing hitting my system.  SOMEthing was creating all those outbound attempts to other sites from mine....THAT's what we need to know how to eliminate.    EDIT:  I'm also having strange issues with site I work with where I can access the site, but once in, I can't place my cursor ANYwhere in any of the boxes where I normally would....they're there, but I can't enter ANY data to them.  This damn thing is like a friggin' gremlin, just running around, partially messing with websites I use. 

Scott, you'll need to start a new thread as instructed in my previous post in order for me to assist you.

https://forums.malwarebytes.com/topic/200285-synceuexebid/?do=findComment&comment=1121939

Your issue might be something else.

Link to post
Share on other sites

Quote

I'll start a new thread though....(not sure why we're doing that, but I will...)

Because assistance in the MRL section is given one-on-one. And since this thread is daveathtt's thread, I need you to start one yourself in order to ask you for logs, give fixes specific to your system and so on.

I'll be on the look-out for your thread!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.