Hec #1 Posted November 17, 2017 So ive been having a finew experience with windows and malwarebytes recently i updated firefox to firefox quantum, nothing suspicous has happened but just today everytime i start surfing in firefox i notice no sites are getting encrypted with https even with https everywhere which seemed weird, i go on with my day but then malwarebytes starts blocking connections and ip's and then comodo firewall starts showing me requests for downloading ccleaner, the ip's and domains were mostly: ftp.snt.utwente.nl, 130.89.149.20, tj.symcd.com, 23.58.43.27, driver.reimageplus.com, 161.47.7.14, gp.symcd.com, 23.4.43.27, the locations always detail program files mozilla so im confused what should i do i installed some more security tools to scan currently got nothing Share this post Link to post Share on other sites
Hec #2 Posted November 17, 2017 opening new tabs, reloading pages and so forth seems to trigger the tj.symcd.com connection Share this post Link to post Share on other sites
Hec #3 Posted November 17, 2017 it appears this has something to do with synmatec not sure Share this post Link to post Share on other sites
DotNettie #4 Posted November 17, 2017 I just updated to Firefox Quantum and am having the same issue that just started this morning; the popup identifies gm.symcd.com...IP 23.60.139.27. I also have https: everywhere enabled. I use ighome.com as my homepage and it was not encrypted either. I didn't intend to hi-jack the thread, but it seems like the issues are similar Share this post Link to post Share on other sites
TalismanUK #5 Posted November 17, 2017 I too am having a similar problem as from this morning, but not just with Firefox. I also get various sub-domains of symcd.com blocked when using Outlook or Edge. Share this post Link to post Share on other sites
Hec #6 Posted November 17, 2017 Yup it seems weird I researched and it seems like something about failing to validate ssl certificates from Symantec i don’t know I’ve resorted to forcing encryption everywhere and hardening my firewall to see if it helps might just be issues with the new update hope you guys can solve this too Share this post Link to post Share on other sites
schmidtj #7 Posted November 17, 2017 (edited) Glad it's not only me. Had been using Google Chrome but with the new Firefox Quantum I'd thought I try it as my default browser this morning. Edited November 17, 2017 by schmidtj Share this post Link to post Share on other sites
taintedbloop #8 Posted November 17, 2017 I am also experiencing this issue. FIrst happened in Chrome, I dont have Firefox installed at all. It first appeared when I went to my banking website (chase). It seems that many elements of the web page will not load. This also happened when I opened Edge. I tried pressing Update in malwarebytes but it's still blocking parts of websites. Here is a screenshot of one of the alerts. : There are many, all with variations on the subdomain. Please help! Malwarebytes has had many annoying false positives in the last few months that seem obvious.. it's getting quite frustrating. Share this post Link to post Share on other sites
Hec #9 Posted November 17, 2017 this seems like a brand new issue could it possibly be something trying to hijack or inject code i really am clueless to what this is, at first i thought it might have to do about having windows firewall disabled while playing destiny but doesnt seem like it i tried using ccleaner to clean out everything in firefox im gonna try just searching the program files see if i see anything suspicous ill also try adw cleaner maybe that will detect something and i do agree with the sub domain thing there are many ive just gotten the rc.symcd.com variant maybe we can get the attention of someone from malwarebytes see if they know whats going on Share this post Link to post Share on other sites
Dashke #10 Posted November 17, 2017 The block has been corrected, the update should be out soon. Thanks! Share this post Link to post Share on other sites
taintedbloop #11 Posted November 17, 2017 Update: I completely disabled malwarebytes and still have the issue. I now discovered bitdefender is giving me phishing alerts now too. Look at this: Could this be more widespread then just malwarebytes? Share this post Link to post Share on other sites
Hec #12 Posted November 17, 2017 i dont know im using bitdefender free also and i did get one alert yesterday im just going through my firewall blocking anything suspicous seems like the best i can do right now Share this post Link to post Share on other sites
hopper15 #13 Posted November 17, 2017 3 minutes ago, Dashke said: The block has been corrected, the update should be out soon. Thanks! Thanks for the update Share this post Link to post Share on other sites
TalismanUK #14 Posted November 17, 2017 Thank you for the update Dashke. The joys of modern technology! Share this post Link to post Share on other sites
Hec #15 Posted November 17, 2017 i guess we should just wait for the update gl to everyone Share this post Link to post Share on other sites
taintedbloop #16 Posted November 17, 2017 Anyone else have the bitdefender issue as well? They both started at the same time. I had to press exclude on the phishing alert in order for elements of the web page to load. Could their database have this false positive too? Share this post Link to post Share on other sites
Hec #17 Posted November 17, 2017 Possibly bitdefender just went insane it started flagging everything but that’s probably just a one time bug I hope they just correct this as soon as possible Share this post Link to post Share on other sites
rodant2017 #18 Posted November 17, 2017 I am also getting warning messages that are very similar. I have windows 10 creator' s fall edition, I am using firefox latest browser Quantum and also using Microsoft Edge and about 75% of the websites that I try to visit are blocked and that is using either browser. I am also getting warning when trying to access Malwarebytes's main website. In about 10 minutes of browsing I have received 192 notifications. Is most of the internet hacked, or is it Malwarebytes Premium 3, or is it my pc. I don't want to remove Malwarebyte's software, especially if they are right because that would make my pc vulnerable. Share this post Link to post Share on other sites
janetmenchyk #19 Posted November 17, 2017 g.symcd.com is blocked and don't know what it is, but seems like something that shouldn't be blocked and anyone tell me? Its blocked if I use chrome and edge Share this post Link to post Share on other sites
janetmenchyk #20 Posted November 17, 2017 now this one when I oped a email that I know is safe Share this post Link to post Share on other sites
ronzie009 #21 Posted November 17, 2017 55 minutes ago, Dashke said: The block has been corrected, the update should be out soon. Thanks! My copy of MBAM claims it's current, yet I'm still seeing these blocks. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/17/17 Protection Event Time: 9:32 AM Log File: 307405b6-cba4-11e7-8ceb-001e37255085.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3282 License: Premium -System Information- OS: Windows 10 (Build 16299.19) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: gn.symcd.com IP Address: 23.50.75.27 Port: [15502] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/17/17 Protection Event Time: 9:32 AM Log File: 30882a3c-cba4-11e7-ac33-001e37255085.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3282 License: Premium -System Information- OS: Windows 10 (Build 16299.19) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: gn.symcd.com IP Address: 23.50.75.27 Port: [15502] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/17/17 Protection Event Time: 9:37 AM Log File: dc32fab0-cba4-11e7-93f2-001e37255085.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3282 License: Premium -System Information- OS: Windows 10 (Build 16299.19) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: ss.symcd.com IP Address: 23.54.187.27 Port: [15631] Type: Outbound File: C:\Program Files (x86)\Internet Explorer\iexplore.exe (end) Share this post Link to post Share on other sites
taintedbloop #22 Posted November 17, 2017 Try pressing the update button. Even though it says current you can try updating again. I think my malwarebytes has received the update after I tried that. Share this post Link to post Share on other sites
rodant2017 #23 Posted November 17, 2017 (edited) As of now I have about 400 'detections' from Malwarebytes. I have done some checking and found out that this problem is unique to Firefox. I am using their newest browser known as Quantum. Also I have found out that the domain owner of the .symcd is owned by Symantec and apparently firefox has had issues with this domain in the past. I opened my firefox browser and had it update itself and closed it and rebooted. The problem is now corrected and was probably caused by the new firefox browser. I have not checked for this problem using the Microsoft Edge browser. If the problem still exists using that browser, I will post. Edited November 17, 2017 by rodant2017 grammatical error Share this post Link to post Share on other sites
Zynthesist #24 Posted November 17, 2017 The block on *.symcd has been removed. Please ensure to update to the latest DB Version. Share this post Link to post Share on other sites
Hec #25 Posted November 17, 2017 yep i am no longer getting blocks thanks mbam if you happen to be getting alerts from bitdefender or blocks when going into websites like the malwarebytes website it is worth opening a malware removal thread and scanning with various scanners to make sure you are not infected, everyone have a nice day Share this post Link to post Share on other sites