Jump to content

Recommended Posts

Hello,

Firefox latest version with With Adblock Plus

I was checking my mail @ hotmail, and checking the features of a product @ Corel International, but not tracking any DHL package when I got this:

And I wonder why I get it

Thanks

Came

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/11/18
Protection Event Time: 3:53 PM
Log File: 82beb44f-6db9-11e8-b761-6cf049562b12.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5440
License: Premium

-System Information-
OS: Windows 10 (Build 17134.81)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: RiskWare
Domain: dhl-news.com
IP Address: 104.16.209.86
Port: [50659]
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

(end)

 

 

 

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link
    welcome mbst.png
  • Click the Gather Logs button
    gatherlogs.png
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

    Click "Reveal Hidden Contents" below for details on how to attach a file:
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    _mb_attach.jpg.a0465aaafd6cae688aa38ab16

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

Mhhh,

But not advertisement @ https://www.coreldraw.com/la/product/home-student/

and hotmail opens with Adblock Plus so NO advertisement also and I don't have any mail about  that domain in my inbox

Please help, because IF this message appears again, I can always block it by firewall, I just need to have more information 

Thanks

Came

Edited by candylovergirl
Link to post
Share on other sites

I'm not sure then.  I guess it could be some kind of tracker they're using, but there's no way to determine that without asking Corel most likely.  Also, while Adblock Plus does block ads, it doesn't necessarily block connections to ad servers since it resides in the browser as a plugin.  The Web Protection in Malwarebytes operates in the network stack in the same layer as the Windows Firewall and actually uses the same filtering technology as the Windows Firewall itself (WFP, i.e. the Windows Filtering Platform) so it would see any connection attempt to/from the site going through your internet connection.

Link to post
Share on other sites

2 hours ago, exile360 said:

I'm not sure then.  I guess it could be some kind of tracker they're using, but there's no way to determine that without asking Corel most likely.  Also, while Adblock Plus does block ads, it doesn't necessarily block connections to ad servers since it resides in the browser as a plugin.  The Web Protection in Malwarebytes operates in the network stack in the same layer as the Windows Firewall and actually uses the same filtering technology as the Windows Firewall itself (WFP, i.e. the Windows Filtering Platform) so it would see any connection attempt to/from the site going through your internet connection.

How do I block dhl-news.com via hosts file?

Will it work?

127.0.0.1 dhl-news.com

Thanks

Camelia

Link to post
Share on other sites

Yes, you could most likely block it by adding each of the following to your HOSTS file:

127.0.0.1 dhl-news.com
127.0.0.1 www.dhl-news.com

Alternatively you could use 0.0.0.0 instead of 127.0.0.1 and in theory it might improve performance since it's a null address instead of redirecting to your local machine address (Windows DNS resolver still attempts to connect to the site when 127.0.0.1 is used but just instantly blocks the connection when 0.0.0.0 is used so it can make browsing faster when using a HOSTS file; that's one of the tricks I picked up over the years having used a large HOSTS file myself for a long time now (currently over 1 million blocked sites in my HOSTS file)).

Link to post
Share on other sites

7 hours ago, exile360 said:

Yes, you could most likely block it by adding each of the following to your HOSTS file:

127.0.0.1 dhl-news.com
127.0.0.1 www.dhl-news.com

Alternatively you could use 0.0.0.0 instead of 127.0.0.1 and in theory it might improve performance since it's a null address instead of redirecting to your local machine address (Windows DNS resolver still attempts to connect to the site when 127.0.0.1 is used but just instantly blocks the connection when 0.0.0.0 is used so it can make browsing faster when using a HOSTS file; that's one of the tricks I picked up over the years having used a large HOSTS file myself for a long time now (currently over 1 million blocked sites in my HOSTS file)).

Wow your HOSTS File is very large!! ?

So I added to my HOSTS File

0.0.0.0 dhl-news.com

0.0.0.0 www.dhl-news.com

Is this ok?

Thanks

Camelia

 

Link to post
Share on other sites

@exile360
 

Hi,

Adding to my HOSTS File, didn't work ?

0.0.0.0 dhl-news.com
0.0.0.0 www.dhl-news.com

Also I am sure Ccleaner Free is attempting to connect to some of their sites ?

Maybe https://www.ccleaner.com/ Piriform or Avast?

Do you know what do I have to add to my HOSTS File to block these possible connections?

Oh! if you think I am trying to block these connections because the CCleaner paid version I always avoid PUP software

And I never paid for a Cleaner when there is great free software such as PrivaZer or Wise Disk Cleaner ?

The version I had installed is the CCleaner - Slim Free version download from https://www.ccleaner.com/ccleaner/builds

Finally is there a program that shows all the attempting connections of the software installed or from Windows OS, because EIS 2018 Or AIS 2018
sometimes don't show it, a software like Little Snitch for Mac? (Of course Little Snitch is a firewall but I am asking for a software for Windows)
https://www.obdev.at/products/littlesnitch/index.html

Thanks

Came

06Rule.jpg.5fe76d47813db37f2cc5ca279c63e376.jpg

CCleaner.jpg.2145786fb2348995301adcda091f22e2.jpg

Edited by candylovergirl
typo
Link to post
Share on other sites

Don't use 0.0.0.0

use 127.0.0.1  as Samuel provided in Post #7

127.0.0.1  is the IP4 diagnostic responder IP address and points to your PC.

0.0.0.0  means there is NO IP address and is only used in BootP and DHCP to indicate the PC has no IP and needs an IP assignment.

 

Note also the address may be cached in a Browser or in the OS.  You have to close the Browser and flush the name resolution cache.

ipconfig   /flushdns

 

 

Link to post
Share on other sites

3 minutes ago, David H. Lipman said:

Don't use 0.0.0.0

use 127.0.0.1  as Samuel provided in Post #7

127.0.0.1  is the IP4 diagnostic responder IP address and points to your PC.

0.0.0.0  means there is NO IP address and is only used in BootP and DHCP to indicate the PC has no IP and needs an IP assignment.

 

Note also the address may be cached in a Browser or in the OS.  You have to close the Browser and flush the name resolution cache.

ipconfig   /flushdns

 

 

Thanks I will change them to 127.0.0.1

Any help about CCleaner?

Thanks

Came

Link to post
Share on other sites

Candylover girl, some programs you could try to check outbound connections are NoVirusThanks Connection Viewer, just started trying this one out, I really like it, and  Currports or AppNetworkCounter, both from NIrsoft.

 

As far as Ccleaner goes, I use the regular free version and it is not phoning home. If you go to Options-Privacy there is a box that says " Allow data usage to be shared with 3rd parties for analytics purposes" unchecking that may stop it from phoning home. However, not sure if that option is included in the Slim version.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.