Jump to content

Malwarebytes pop-ups of outbound "adware" with .icu domain on email


Recommended Posts

I just switched to a laptop computer that was at our office and am new to Windows 10. I wanted an email client that was like Windows Live Mail, so I chose EM Client. I moved Malwarebytes Premium from my old computer to the new computer after I set up the email program, which might have been a mistake, orderwise. Now, whenever I launch EM Client, I get a number of Malwarebytes pop-ups as mail comes in. All are about outbound adware. All have a domain name of .icu. I ran a scan and quarantined 5 PUPs. But the problem is still there whenever I launch email (not getting notices on Outlook or web activity).

Link to post
Share on other sites

Hello vidlib and welcome to Malwarebytes,

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Website Block" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...

Repeat for the last three blocks....

Thank you,

Kevin..

Link to post
Share on other sites

Hello vidlib,

Can you check the problem exe at VirusTol, see what comes back..

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Program Files (x86)\eM Client\MailClient.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the URL address back here please.

Thanks,

Kevin.

Link to post
Share on other sites

Hello vidlib,

That makes the client out as clean, good I suppose. There is still the problem of the outbound call to IP Address: 104.24.106.245 which Malwarebytes flags as bad...

I can see why MB flags it:

https://cleantalk.org/blacklists/104.24.106.245

https://dnslytics.com/ip/104.24.106.245

I recommend that you open a thread in the Website section of this Malwarebytes Forum, give link back to this thread and ask for confirmation if this is a false positive or not...

https://forums.malwarebytes.com/forum/123-website-blocking/

Please comeback and let me know the outcome...

Thank you,

Kevin..

 

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.