Xauma95 Posted October 21, 2018 Author ID:1276807 Share Posted October 21, 2018 now i don't know if im fully protected because eset online scanner found 2 JS/Adware.Agent.AA on my firefox cache, and neither my mbam or avast detected it, even doing a manual scan of the file didn't detected as adware and i have all settings enabled Link to post Share on other sites More sharing options...
Xauma95 Posted October 21, 2018 Author ID:1276809 Share Posted October 21, 2018 Just now, Xauma95 said: now i don't know if im fully protected because eset online scanner found 2 JS/Adware.Agent.AA on my firefox cache, and neither my mbam or avast detected it, even doing a manual scan of the file didn't detected as adware and i have all settings enabled also hitman pro detected 2 boxore.ou on my registry that mbam or avast didn't detected Link to post Share on other sites More sharing options...
exile360 Posted October 21, 2018 ID:1276813 Share Posted October 21, 2018 It's possible that the detection is an FP or that the scripts were never allowed to execute (if they don't run, they're harmless). I would suggest submitting them to Research for analysis so that they can confirm their contents. Link to post Share on other sites More sharing options...
Xauma95 Posted October 21, 2018 Author ID:1276814 Share Posted October 21, 2018 2 minutes ago, exile360 said: It's possible that the detection is an FP or that the scripts were never allowed to execute (if they don't run, they're harmless). I would suggest submitting them to Research for analysis so that they can confirm their contents. Yeah maybe FP, my bad for deleting it, now i can't send those threats to Research, but if I found them again how can i sent them to research? Link to post Share on other sites More sharing options...
exile360 Posted October 21, 2018 ID:1276816 Share Posted October 21, 2018 You can submit it in a new topic here and you can also submit the site it came from here for analysis. Just be sure to follow the guidelines and instructions in the pinned topics in each area to make sure they have all the info they need. Link to post Share on other sites More sharing options...
Xauma95 Posted October 21, 2018 Author ID:1276818 Share Posted October 21, 2018 5 minutes ago, exile360 said: You can submit it in a new topic here and you can also submit the site it came from here for analysis. Just be sure to follow the guidelines and instructions in the pinned topics in each area to make sure they have all the info they need. okey thanks, still waiting to solve my issue with mbam notifications but they said that they are investigating it Link to post Share on other sites More sharing options...
dcollins Posted October 25, 2018 ID:1277546 Share Posted October 25, 2018 I'm back and still chugging away at this issue. While I was away, we released a new update that had some Web Protection enhancements. Can you please go to Settings -> Application and click Install Application Updates to get the latest version and see if this helps at all? Link to post Share on other sites More sharing options...
Xauma95 Posted October 26, 2018 Author ID:1277677 Share Posted October 26, 2018 18 hours ago, dcollins said: I'm back and still chugging away at this issue. While I was away, we released a new update that had some Web Protection enhancements. Can you please go to Settings -> Application and click Install Application Updates to get the latest version and see if this helps at all? I've tried first no notifiation with extension enabled, then disabe extension and test with mbam test web and other web with adds and at first i saw the notification but when i visited the second web with ads and ty again with the mbam test web it was named with the previous blocked add, and with chrome the same but the second try with the mbam test web doesn't show the notification and show the chrome error page. So still having this weird issue and don't know what to do Link to post Share on other sites More sharing options...
dcollins Posted October 26, 2018 ID:1277702 Share Posted October 26, 2018 Thanks. We'll need to try and get a bit more data to understand what's going on here. The key thing we'll need is a Wireshark log of the network traffic. You can get this by doing the following: Make sure the Extension is disabled in Firefox and Chrome Download and install Wireshark Launch Wireshark and have it monitor your connection (double click your network adapter) A lot of data should start to flow across your screen Leave Wireshark running, and then reproduce the issue After reproducing the issue, click the red stop button near the top Click File -> Save and save the capture somewhere you can easily find it later Turn off Web Protection Click the far left button on the toolbar, that looks like a shark fin to start a new capture (everything should erase, and then start filling up again) Follow the same steps as you did in step 6, but everything should work now Click the red stop button near the top Click File -> Save and save the capture next to the one you saved before Zip up both capture files and private message them to me I know these are a lot of instructions, but for strange issues like these we unfortunately need a bit more data. Thanks in advance Link to post Share on other sites More sharing options...
Xauma95 Posted October 26, 2018 Author ID:1277720 Share Posted October 26, 2018 1 hour ago, dcollins said: Thanks. We'll need to try and get a bit more data to understand what's going on here. The key thing we'll need is a Wireshark log of the network traffic. You can get this by doing the following: Make sure the Extension is disabled in Firefox and Chrome Download and install Wireshark Launch Wireshark and have it monitor your connection (double click your network adapter) A lot of data should start to flow across your screen Leave Wireshark running, and then reproduce the issue After reproducing the issue, click the red stop button near the top Click File -> Save and save the capture somewhere you can easily find it later Turn off Web Protection Click the far left button on the toolbar, that looks like a shark fin to start a new capture (everything should erase, and then start filling up again) Follow the same steps as you did in step 6, but everything should work now Click the red stop button near the top Click File -> Save and save the capture next to the one you saved before Zip up both capture files and private message them to me I know these are a lot of instructions, but for strange issues like these we unfortunately need a bit more data. Thanks in advance Web protection have to be off all the time? sorry it is a little bit confusing Link to post Share on other sites More sharing options...
Xauma95 Posted October 26, 2018 Author ID:1277723 Share Posted October 26, 2018 11 minutes ago, Xauma95 said: Web protection have to be off all the time? sorry it is a little bit confusing have to install all components from wireshark? Link to post Share on other sites More sharing options...
exile360 Posted October 26, 2018 ID:1277733 Share Posted October 26, 2018 Like what, you mean the driver etc.? Yeah, you need the WinPCap driver etc. to be able to capture traffic properly. If it's bundled with any toolbars or anything like that then you don't need those, but you do need to install the driver components etc. to get full capture functionality. Once you're done testing you can remove everything though, and after uninstall if any traces/drivers etc. are left behind you can use a tool like MS Sysinternals Autoruns to remove them. Link to post Share on other sites More sharing options...
Xauma95 Posted October 26, 2018 Author ID:1277734 Share Posted October 26, 2018 4 minutes ago, exile360 said: Like what, you mean the driver etc.? Yeah, you need the WinPCap driver etc. to be able to capture traffic properly. If it's bundled with any toolbars or anything like that then you don't need those, but you do need to install the driver components etc. to get full capture functionality. Once you're done testing you can remove everything though, and after uninstall if any traces/drivers etc. are left behind you can use a tool like MS Sysinternals Autoruns to remove them. Link to post Share on other sites More sharing options...
Xauma95 Posted October 26, 2018 Author ID:1277735 Share Posted October 26, 2018 11 minutes ago, exile360 said: Like what, you mean the driver etc.? Yeah, you need the WinPCap driver etc. to be able to capture traffic properly. If it's bundled with any toolbars or anything like that then you don't need those, but you do need to install the driver components etc. to get full capture functionality. Once you're done testing you can remove everything though, and after uninstall if any traces/drivers etc. are left behind you can use a tool like MS Sysinternals Autoruns to remove them. plugins and extensions are needed? Link to post Share on other sites More sharing options...
Xauma95 Posted October 26, 2018 Author ID:1277739 Share Posted October 26, 2018 @dcollins i have to reproduce the issue with web protection off? Link to post Share on other sites More sharing options...
exile360 Posted October 26, 2018 ID:1277740 Share Posted October 26, 2018 No, probably not. I thought you were referring to the prompt it displays about WinPcap. You shouldn't need the plugins, but either way it really doesn't matter as you can remove it once dcollins is done diagnosing the issue. Link to post Share on other sites More sharing options...
Xauma95 Posted October 26, 2018 Author ID:1277741 Share Posted October 26, 2018 3 minutes ago, exile360 said: No, probably not. I thought you were referring to the prompt it displays about WinPcap. You shouldn't need the plugins, but either way it really doesn't matter as you can remove it once dcollins is done diagnosing the issue. So i install everything but the plugins and extensions, rigth? Link to post Share on other sites More sharing options...
exile360 Posted October 26, 2018 ID:1277742 Share Posted October 26, 2018 Yes, that should be fine. The main thing is getting Wireshark installed so that you can perform a traffic capture. Link to post Share on other sites More sharing options...
dcollins Posted October 26, 2018 ID:1277757 Share Posted October 26, 2018 Yep, leave all the defaults when installing Wireshark. First perform the test with Web Protection enabled (if you have the browser extension installed, disable that though). Then do it again, but this time with Web Protection disabled. This allows us to compare the broken state to the non-broken state so we can see what's different. Link to post Share on other sites More sharing options...
Xauma95 Posted October 26, 2018 Author ID:1277764 Share Posted October 26, 2018 @dcollins I've just sent to you the test, hope it works Link to post Share on other sites More sharing options...
dcollins Posted October 26, 2018 ID:1277785 Share Posted October 26, 2018 Thanks, researching it now Link to post Share on other sites More sharing options...
Xauma95 Posted October 30, 2018 Author ID:1278316 Share Posted October 30, 2018 On 10/26/2018 at 11:33 PM, dcollins said: Thanks, researching it now @dcollins Any update? Link to post Share on other sites More sharing options...
dcollins Posted October 30, 2018 ID:1278366 Share Posted October 30, 2018 Yep, we'd like to try a few more tests if you don't mind. Please start by updating your Malwarebytes database. We had some recent duplicate entries that would cause the issue with the block notification showing the incorrect type of block (Malware vs Fraud vs Riskware, etc). This support article shows how to manually update your database. Now close all of your web browsers and wait 30 seconds (this clears the internal Malwarebytes cache for notifications). Open Firefox, and open a Private Window (Menu -> New Private Window) Now navigate to iptest.malwarebytes.com Please relay what happens when you navigate to the page Link to post Share on other sites More sharing options...
Xauma95 Posted October 30, 2018 Author ID:1278384 Share Posted October 30, 2018 1 hour ago, dcollins said: Yep, we'd like to try a few more tests if you don't mind. Please start by updating your Malwarebytes database. We had some recent duplicate entries that would cause the issue with the block notification showing the incorrect type of block (Malware vs Fraud vs Riskware, etc). This support article shows how to manually update your database. Now close all of your web browsers and wait 30 seconds (this clears the internal Malwarebytes cache for notifications). Open Firefox, and open a Private Window (Menu -> New Private Window) Now navigate to iptest.malwarebytes.com Please relay what happens when you navigate to the page I've tried and at the begining it works normal but when i keep trying sometimes no notifications and sometimes notifications named incorrectly, i have some screeshots Link to post Share on other sites More sharing options...
Xauma95 Posted October 30, 2018 Author ID:1278385 Share Posted October 30, 2018 Also I didn't find any update, it says current Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now