AyanamiRei0 Posted September 9, 2018 ID:1268459 Share Posted September 9, 2018 Hello there, since earlier today some weird things have been happening with MBAM Premium like when I open a program it tells me website blocked due to malvertising so I'm like huh that doesn't seem right so I checked the notifications and it was for smartscreen.exe and just before I started writing this it popped up for RCT3Plus.exe as well here's some logs of the events. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/9/18 Protection Event Time: 1:13 AM Log File: 20636ae0-b3c5-11e8-971a-b01041fa501a.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.6721 License: Premium -System Information- OS: Windows 10 (Build 17134.228) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Malvertising Domain: canonicalizer.ucsuri.tcs IP Address: 92.242.132.24 Port: [63783] Type: Outbound File: C:\WINDOWS\System32\smartscreen.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/9/18 Protection Event Time: 1:37 AM Log File: 85a067ac-b3c8-11e8-9fce-b01041fa501a.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.6721 License: Premium -System Information- OS: Windows 10 (Build 17134.228) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Malvertising Domain: locate.madserver.net IP Address: 92.242.132.24 Port: [64002] Type: Outbound File: G:\Steam\steamapps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe I do apologize if this is in the wrong place. Thanks. Link to post Share on other sites More sharing options...
Juddman Posted September 9, 2018 ID:1268481 Share Posted September 9, 2018 I'm having the exact same problem and I'm not sure what changes have triggered this. I've run various scans and nothing is being picked up as a threat. Hopefully somebody will have an answer as it is slightly annoying after a while. Link to post Share on other sites More sharing options...
KRJN Posted September 9, 2018 ID:1268486 Share Posted September 9, 2018 Add me to the list. It started for me this morning. Link to post Share on other sites More sharing options...
ALilDashofConfused Posted September 9, 2018 ID:1268487 Share Posted September 9, 2018 I'm glad to see this topic's come up, I thought I was going mad! I've done a minor amount of digging on this, and found that the following things trigger it (at least on my end, could be different for others): * Opening Cortana and trying to use the Search function. * Opening my browser, which in this case is Firefox. * Opening and searching via the File Browser. This has only happened once or twice * I restarted the laptop having this issue, and the first thing I was greeted with before anything even had chance to launch was the warning. I haven't yet fired it up this morning but I suspect it will do the same. It could have other triggers that I'm yet to find, but they seem to be the main ones for me at least. These things don't trigger the alert every time the respective programs are opened, which I find a bit strange - it just seems to be the odd time they are opened. I'm also only getting the Canonicalizer 'website' link, not the other one that the original poster has also got. I fired up an older laptop this morning (the one I'm currently using to post this from) and attempted to connect to this Canonicalizer 'website', to get hit by a 'webpage does not exist' webpage from my internet provider. I decided to do the same for the original poster's 'locate.madserver.net' link, and was again hit by a 'webpage does not exist.' What I also find a bit strange about this (although could just be me...) is that sometimes, when opening the malvertising alert there is no file associated with it, and on the others it is always 'SmartScreen.exe.' I'm wondering if anyone else has had the 'no file' issue? I hope the above helps in trying to identify what's causing this issue. I suspect (and hope!) it's a false positive, as I ran AdwCleaner scans alongside multiple threat scans last night - none of which detected anything. I'll run them again this morning but I'm doubtful it'll pick anything up. Link to post Share on other sites More sharing options...
Alliopeth Posted September 9, 2018 ID:1268488 Share Posted September 9, 2018 I'm running into the same issue too, though mine only state the caconicalizer website. It only started this morning and it's happened 2-3 times already. I've run a scan but there's no issues coming up at all. Link to post Share on other sites More sharing options...
snapczter Posted September 9, 2018 ID:1268490 Share Posted September 9, 2018 I have the same issue since yesterday and it affects all browsers that I open and some games now. It says malvertising for everything and it's getting too often now. Don't know if it's a genuine threat or just the software being hectic. Link to post Share on other sites More sharing options...
ALilDashofConfused Posted September 9, 2018 ID:1268491 Share Posted September 9, 2018 Update from my post before (I'm not seeing an edit button unless I'm dense, I haven't been awake long...might need my morning drink...): * The issue first came up for me at 10:55PM UK Time last night, which would place that approximately 10 hours before my post. Just in case that helps a staff member identify where something may have happened? (Assuming it's false positive, I mean.) Has anyone had an instance of this happening before approx. 10 hours ago? * Two warnings when switching on my main laptop. Just for the simple act of logging in. Same website, Canonicalizer. And once again, no file at the end of the website blocked notification. Link to post Share on other sites More sharing options...
Alliopeth Posted September 9, 2018 ID:1268494 Share Posted September 9, 2018 I started to get the issues at 8am this morning, they've mostly included the file but a couple have had the file part be completely blank. I restarted my PC and also got the warning as soon as I'd logged in, and the only program I have at start-up is Twitch. I've never had an issue with it and I doubt it's got anything to do with the issue but including it just in case. Link to post Share on other sites More sharing options...
Dis Posted September 9, 2018 ID:1268495 Share Posted September 9, 2018 Having the same issue myself on two of my machines which use premium, extensive Scan's detect nothing, both machines show malvertising relating to the website canonicalizer.ucsuri.tcs - outbound connection and smartscreen.exe Link to post Share on other sites More sharing options...
AyanamiRei0 Posted September 9, 2018 Author ID:1268496 Share Posted September 9, 2018 Good to know I wasn't the only one with this weird problem doing scans finds nothing. Same as everyone else. Link to post Share on other sites More sharing options...
ALilDashofConfused Posted September 9, 2018 ID:1268497 Share Posted September 9, 2018 4 minutes ago, AyanamiRei0 said: Good to know I wasn't the only one with this weird problem doing scans finds nothing. Same as everyone else. Just a heads up guys, they seem to be on it - a staff member's replied to the topic linked below. Judging from the response, I would guess it's a false positive. Link to post Share on other sites More sharing options...
Dis Posted September 9, 2018 ID:1268500 Share Posted September 9, 2018 27 minutes ago, ALilDashofConfused said: Just a heads up guys, they seem to be on it - a staff member's replied to the topic linked below. Judging from the response, I would guess it's a false positive. Good spot! Thanks for the info :) Link to post Share on other sites More sharing options...
Staff Solution Dashke Posted September 9, 2018 Staff Solution ID:1268504 Share Posted September 9, 2018 Thanks everyone! The update is out - MBAM2 Version: v2018.09.09.04 MBAM3 Version: 1.0.6729 Please try to update and let us know if that helps. Link to post Share on other sites More sharing options...
ALilDashofConfused Posted September 9, 2018 ID:1268505 Share Posted September 9, 2018 8 minutes ago, Dashke said: Thanks everyone! The update is out - MBAM2 Version: v2018.09.09.04 MBAM3 Version: 1.0.6729 Please try to update and let us know if that helps. Hi, My version is 1.0.6729, restarted my system and no warning. Spam opened Cortana and all of my usual triggers, and no warnings so far! Looks like it's fixed up! Link to post Share on other sites More sharing options...
Staff Dashke Posted September 9, 2018 Staff ID:1268506 Share Posted September 9, 2018 Thanks a bunch for checking ALilDashofConfused! Link to post Share on other sites More sharing options...
snapczter Posted September 9, 2018 ID:1268510 Share Posted September 9, 2018 It got fixed for me too. Doesn't show up anymore after I restarted my PC. Thanks for the fix ! Link to post Share on other sites More sharing options...
Dis Posted September 9, 2018 ID:1268527 Share Posted September 9, 2018 Great Stuff, thanks! Link to post Share on other sites More sharing options...
Staff Dashke Posted September 9, 2018 Staff ID:1268533 Share Posted September 9, 2018 Thanks snapczter and Dis for reporting! Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now