blocking websties

[Hec]

So ive been having a finew experience with windows and malwarebytes recently i updated firefox to firefox quantum, nothing suspicous has happened but just today everytime i start surfing in firefox i notice no sites are getting encrypted with https even with https everywhere which seemed weird, i go on with my day but then malwarebytes starts blocking connections and ip's and then comodo firewall starts showing me requests for downloading ccleaner, the ip's and domains were mostly:

ftp.snt.utwente.nl, 130.89.149.20, tj.symcd.com, 23.58.43.27, driver.reimageplus.com, 161.47.7.14, gp.symcd.com, 23.4.43.27,  the locations always detail program files mozilla so im confused what should i do i installed some more security tools to scan currently got nothing

[Hec]

opening new tabs, reloading pages and so forth seems to trigger the tj.symcd.com connection

[Hec]

it appears this has something to do with synmatec not sure

[DotNettie]

I just updated to Firefox Quantum and am having the same issue that just started this morning; the popup identifies gm.symcd.com...IP 23.60.139.27. I also have https: everywhere enabled. I use ighome.com as my homepage and it was not encrypted either.

I didn't intend to hi-jack the thread, but it seems like the issues are similar

[TalismanUK]

I too am having a similar problem as from this morning, but not just with Firefox. I also get various sub-domains of symcd.com blocked when using Outlook or Edge.

[Hec]

Yup it seems weird I researched and it seems like something about failing to validate ssl certificates from Symantec i don’t know I’ve resorted to forcing encryption everywhere and hardening my firewall to see if it helps might just be issues with the new update hope you guys can solve this too

[schmidtj]

Glad it's not only me. Had been using Google Chrome but with the new Firefox Quantum I'd thought I try it as my default browser this morning.

Edited November 17, 2017 by schmidtj

[taintedbloop]

I am also experiencing this issue. FIrst happened in Chrome, I dont have Firefox installed at all. It first appeared when I went to my banking website (chase). It seems that many elements of the web page will not load.

This also happened when I opened Edge. 

I tried pressing Update in malwarebytes but it's still blocking parts of websites. Here is a screenshot of one of the alerts.

:

 

There are many, all with variations on the subdomain.

 

Please help! Malwarebytes has had many annoying false positives in the last few months that seem obvious.. it's getting quite frustrating.

[Hec]

this seems like a brand new issue could it possibly be something trying to hijack or inject code i really am clueless to what this is, at first i thought it might have to do about having windows firewall disabled while playing destiny but doesnt seem like it i tried using ccleaner to clean out everything in firefox im gonna try just searching the program files see if i see anything suspicous ill also try adw cleaner maybe that will detect something and i do agree with the sub domain thing there are many ive just gotten the rc.symcd.com variant maybe we can get the attention of someone from malwarebytes see if they know whats going on

[Dashke]

The block has been corrected, the update should be out soon. Thanks!

[taintedbloop]

Update:

I completely disabled malwarebytes and still have the issue. I now discovered bitdefender is giving me phishing alerts now too.

Look at this: 

Could this be more widespread then just malwarebytes?

[Hec]

i dont know im using bitdefender free also and i did get one alert yesterday im just going through my firewall blocking anything suspicous seems like the best i can do right now

[hopper15]

3 minutes ago, Dashke said:

The block has been corrected, the update should be out soon. Thanks!

Thanks for the update

[TalismanUK]

Thank you for the update Dashke. The joys of modern technology! 

[Hec]

i guess we should just wait for the update gl to everyone

 

[taintedbloop]

Anyone else have the bitdefender issue as well? They both started at the same time. I had to press exclude on the phishing alert in order for elements of the web page to load. Could their database have this false positive too? 

[Hec]

Possibly bitdefender just went insane it started flagging everything but that’s probably just a one time bug I hope they just correct this as soon as possible

[rodant2017]

I am also getting warning messages that are very similar.  I have windows 10 creator' s fall edition, I am using firefox latest browser Quantum and also using Microsoft Edge and about 75% of the websites that I try to visit are blocked and that is using either browser.  I am also getting warning when trying to access Malwarebytes's main website.

In about 10 minutes of browsing I have received 192 notifications.  Is most of the internet hacked, or is it Malwarebytes Premium 3,  or is it my pc.  I don't want to remove Malwarebyte's software, especially if they are right because that would make my pc vulnerable.

[janetmenchyk]

g.symcd.com is blocked and don't know what it is, but seems like something that shouldn't be blocked and anyone tell me? Its blocked if I use chrome and edge

[janetmenchyk]

now this one when I oped a email that I know is safe 

 

[ronzie009]

55 minutes ago, Dashke said:

The block has been corrected, the update should be out soon. Thanks!

My copy of MBAM claims it's current, yet I'm still seeing these blocks.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/17/17
Protection Event Time: 9:32 AM
Log File: 307405b6-cba4-11e7-8ceb-001e37255085.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3282
License: Premium

-System Information-
OS: Windows 10 (Build 16299.19)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: gn.symcd.com
IP Address: 23.50.75.27
Port: [15502]
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe



(end)
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/17/17
Protection Event Time: 9:32 AM
Log File: 30882a3c-cba4-11e7-ac33-001e37255085.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3282
License: Premium

-System Information-
OS: Windows 10 (Build 16299.19)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: gn.symcd.com
IP Address: 23.50.75.27
Port: [15502]
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe



(end)
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/17/17
Protection Event Time: 9:37 AM
Log File: dc32fab0-cba4-11e7-93f2-001e37255085.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3282
License: Premium

-System Information-
OS: Windows 10 (Build 16299.19)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: ss.symcd.com
IP Address: 23.54.187.27
Port: [15631]
Type: Outbound
File: C:\Program Files (x86)\Internet Explorer\iexplore.exe



(end)

 

[taintedbloop]

Try pressing the update button. Even though it says current you can try updating again. I think my malwarebytes has received the update after I tried that.

[rodant2017]

As of now I have about 400 'detections' from Malwarebytes.  I have done some checking and found out that this problem is unique to Firefox.  I am using their newest browser known as Quantum.  Also I have found out that the domain owner of the  .symcd is owned by Symantec and apparently firefox has had issues with this domain in the past.  I opened my firefox browser and had it update itself and closed it and rebooted.  The problem is now corrected and was probably caused by the new firefox browser.  I have not checked  for this problem using the Microsoft Edge browser.  If the problem still exists using that browser, I will post.

 

Edited November 17, 2017 by rodant2017
grammatical error

[Zynthesist]

The block on *.symcd has been removed. Please ensure to update to the latest DB Version.

[Hec]

yep i am no longer getting blocks thanks mbam if you happen to be getting alerts from bitdefender or blocks when going into websites like the malwarebytes website it is worth opening a malware removal thread and scanning with various scanners to make sure you are not infected, everyone have a nice day