Jump to content
illusionist

Microsoft IP fps - FIXED

Recommended Posts

Okay, cool! Thanks for the quick reply. (Do you know if there's a way to delete my logs since they aren't relevant? Guess that'd require a moderator...)

Share this post


Link to post
Share on other sites

I have had 3 notifications as well this afternoon, all after 4pm UK time (attached is the most recent) all outbound to login.live.com, but 2 different IPs (40.90.137.120, 40.90.23.154).

DroidWin10MWB100220.txt

Share this post


Link to post
Share on other sites

i just downloaded the latest version of malwarebytes 2 days ago and it is blocking my onedrive for being a phishing website?

thing is i don't know if it could be a rogue program disguising itself as one drive or actually one drive and i'd like some clarity or solution

thanks in advance,

Bruno

Share this post


Link to post
Share on other sites

Just booted Windows today and after logging in Malwarebytes blocks an outbound connection (please, see log), searching for domain and IP and I got something related to Microsoft Azure. This happens every time I boot/restart my computer.

Do I need to worry about it?

log.txt

Share this post


Link to post
Share on other sites
2 minutes ago, kcarrandale said:

Okay, cool! Thanks for the quick reply. (Do you know if there's a way to delete my logs since they aren't relevant? Guess that'd require a moderator...)

Only authorized people and you can access them. You should be able to delete the attachments from your control panel possibly.

Share this post


Link to post
Share on other sites

I just got a report now too. From

http://ipv4.login.msa.akadns6.net/

First I thought that svchost got replaced with malware. But this must be a FP.

Share this post


Link to post
Share on other sites

Yeah I am also getting the same thing, it seems to be released to hotmail webiste that Malwarebytes is now blocking. Glad its all false I completely reset my browser to default lol

Share this post


Link to post
Share on other sites
12 minutes ago, baronfranco said:

Do I need to worry about it?

It is a false positive and will be fixed soon.

Share this post


Link to post
Share on other sites

Hello, 

I got 2 blocked website alert while I wasn't trying to open anything.

One phishing and one ransom ware.

I had chrome open but I wasnt trying to open any websites for a while. 

I have three plugins on chrome: Privacy Badger, ublock origin and ublock origin extra, HTTps everywhere.

I also have AVG Internet security Paid version running. I perform full daily scans on both AVG and malwarebytes.

attached is the grab results and two pictures of the block notices.

I am running scans now. 

 

 

VRS 1.png

VRS 2.png

mbst-grab-results.zip

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

    mbst_get_started.jpg
     
  7. Click the Gather Logs button

    mbst_advanced_gather_logs.jpg
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer

    mbst_getting_logs.jpg
     
  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

    mbst_log_saved_desktop.jpg
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/hc/en-us/articles/360038523934

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites
14 minutes ago, unknownguy said:

But this must be a FP.

It was and will be fixed soon.

Share this post


Link to post
Share on other sites
3 minutes ago, Porthos said:

@Samyoung

It is a false positive and will be fixed soon.

Is the ransomware also a false negative?

I ran the threat scan and nothing came up

Share this post


Link to post
Share on other sites

Update for Malwarebytes 3 is out - 1.0.14737

Please try updating and let us know if that helps.

Share this post


Link to post
Share on other sites
1 minute ago, Dashke said:

Update for Malwarebytes 3 is out - 1.0.14737

Please try updating and let us know if that helps.

Is the ransomware I got also a false negative?

I'm running version 4 and there are no upgrades for now.

Share this post


Link to post
Share on other sites

Please update your DBs as we have just sent out new publication for this. 

Sorry for the inconvenience.

Share this post


Link to post
Share on other sites
15 minutes ago, Zynthesist said:

Please update your DBs as we have just sent out new publication for this. 

Sorry for the inconvenience.

What is a DB?

I also got a ransomware threat from FRST after I tried to gather logs, is that also a false negative?

Thank you 

 

VRS 2.png

Share this post


Link to post
Share on other sites

i have the updated mentioned in post above, malwarebytes tells me its up to date but i still got that popup when i opened the check for updates page in windows 10 

Share this post


Link to post
Share on other sites
22 minutes ago, Zynthesist said:

Please update your DBs as we have just sent out new publication for this. 

Sorry for the inconvenience.

What database number are we looking for?

Share this post


Link to post
Share on other sites

image.png.5dbd13f407b9d99b0cc684413cffa361.png

 

⬆ Is this the most recent update?

I am still getting pop-up notifications for:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/10/20
Protection Event Time: 1:14 PM
Log File: 285ac54e-4c31-11ea-ab92-04ea56216cbc.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18998
License: Premium

-System Information-
OS: Windows 10 (Build 18362.592)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: ipv4.login.msa.akadns6.net
IP Address: 40.90.137.120
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

 

(end)

 

THank you for your prompt replies!

Share this post


Link to post
Share on other sites

Getting the same issue. See below:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/10/20
Protection Event Time: 10:19 AM
Log File: 124f29ee-4c21-11ea-bd15-28f10e346d48.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18996
License: Premium

-System Information-
OS: Windows 10 (Build 18362.592)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: lgin.msa.trafficmanager.net
IP Address: 40.90.137.126
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

(end)

Share this post


Link to post
Share on other sites

I’m still having the same problem. 

I opened mwb -> settings -> about -> Check for updates. It said I was already updated. I restarted the computer and the problem persists.

My mwb version is 4.0.49 with update pkg 1.0.18998, component pkg 1.0810. 

Please help! 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.