Jump to content

Recommended Posts

Hi,

 

I started getting a riskware warning from Malwarebytes today. The warning is in regard to gnldr.online

It seems that each time I access my Windows Live Mail account to read or send an email the warning pops up.

There is very little information on the internet about this issue. Some websites say that it seems that it may be some sort of Amazon tracking code. Other sites say that it's related to the Google browser. Still other sites say that it originates from either Germany or Pakistan.

Whatever it is, I don't want it on my computer but I can't find it anywhere on the computer so I can't delete it. When I scan with Malwarebytes it doesn't detect it either. It seems a bit odd that Malwarebytes blocks it when it tries to send messages from my email account without my knowledge yet it doesn't find it during Malware scans?

Share this post


Link to post
Share on other sites

Hi,    :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.  Let me know what first name you prefer to go by.

You describe an IP /website block notice.  The web protection is keeping this machine safe.

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 


I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.

    Download Malwarebytes Support Tool


    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.5.3.749.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Please know I help here as a volunteer.  and that I am not on 24 x 7.

Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Thank you,

-  -  -  -  -  -   For your information

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".


The website  Block message indicates that a potential risk was blocked by the malicious website protection. 
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
 
See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true
 
Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.
On Outbound blocks, any attempted connection was stopped.
 
No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).
 A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, SKYPE or Peer-to-peer software, to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert.
.
 

Sincerely.

 

Share this post


Link to post
Share on other sites

Which web browser do you use to get to Windows Live Mail ?  Later on, next time, could you please use EDGE browser  and lets see if that has no "pop up".

The ip bock is on "ip" : "3.220.188.71",

.

 

Let's do one new scan just in case, for a fresh new opinion.   It should only take a few minutes.  Be sure to Close all web browsers before pressing "scan button".

Run a scan with Malwarebytes for Windows.
Start Malwarebytes from the Start menu.

Click Settings. Then click the Protection tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done , IF any items are taggedbe real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

When that is completed, kindly send the report.
In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your reply. Thank you.

 

Share this post


Link to post
Share on other sites

Thanks.   As note before and as you can see on your block-event-log  the block is on IP Address: 3.220.188.71

Can you please do a quick test using EDGE browser,  go to the LiveMail site.   I'd like to test whther using a different browser makes a difference.

But if you see the same block,  then is it a particular Email message being viewed that may be the source of attempting an outbound connection?

Share this post


Link to post
Share on other sites

I'm a little lost. How do I ensure that Windows Live Mail is using EDGE to connect? My Live Mail is a clickable icon on my desktop. I don't access it through a web browser.

Also, I already know that it's not a particular email that I'm reading. It happens with any email that I open no matter who it's from.

Share this post


Link to post
Share on other sites

Sorry.   Yes, it is using Wlmail app.

2 things

( A )

Could you please skip the top email in the inbox.  One by one read the next 2 emails   ( hopefully from some other sender)  and see if those also trigger a block.

 

Besides the block notice, you are not prevented from reading the Emails  & doing what you need to in LiveMail, right?

[  B   ]

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
UN-tick   ( deselect )on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

[  C  ]

This block event may just be a false positive.

Share this post


Link to post
Share on other sites

Awesome. Thank you.

I ran the scan last night. It took so long that I went to bed before it finished. When I came back to the computer this morning I it showed that the scan didn't find anything.

Share this post


Link to post
Share on other sites

Hello.  I  am checking up.  Is there anything else that you need help with?

Share this post


Link to post
Share on other sites

Hi again,

Thanks for checking with me. You've been awesome!

I actually found the culprit. It's a series of emails that I received from a website development company. Once I narrowed it down to their emails I made them aware of it. They say that they are using some sort of tracking software to let them know whether their emails have been read and to let them know each time one of their emails is opened without the recipient knowing. Malwarebytes caught it and alerted me to it.

If you would like a copy of the email forwarded to you for dissection just let me know what email address to forward it to and I'll gladly do so.

Share this post


Link to post
Share on other sites

Hi,

I am glad to read that you have things in control.   You are very welcome.

Emails are one of the facets of daily computer usage that one always had to be careful with.

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.

I wish you all the best.

Sincerely.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.