Jump to content

Is this a sign of malware?


Recommended Posts

I let my brother borrow my computer on Thursday the 24th, and on that day he triggered Malwarebytes. Today, the same website was triggered attacking the same port. I was connected to my school's WIFI today so I don't know if that could be causing that notification to be triggered. The thing that concerned me the most is that he was using IE and the most recent trigger came from SearchApp under Windows apps. Attached are the detections I got from Malwarebytes from those two times. I've done Malwarebytes scan several times and nothing appears. Am I fine?

 

Detection_from_24th.txt Trigger_from_30th.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs  for my review.

Let me know what problems persists.

Wait for further instructions

p.s.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
<<<>>>

Link to post
Share on other sites

8 hours ago, nasdaq said:

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs  for my review.

Let me know what problems persists.

Wait for further instructions

p.s.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
<<<>>>

Alright, hasn't happened today but I wanted to clarify I've noticed it actually got triggered twice yesterday and once on the 29th, but the detection history for that was erased after reboot and that it's only happened between the times of 1-3 PM. Files as requestedAddition.txtFRST.txt

Link to post
Share on other sites

Hello @idan425 

For Your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".
A "malicious website blocked" is entirely different from a "malware detected" event.

The website  Block message indicates that a potential risk was blocked by the malicious website protection.
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
 
See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true
 
Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.
On Outbound blocks, any attempted connection was stopped.
 
No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).
 A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, SKYPE or Peer-to-peer software, to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert.

The last set of Farbar FRST reports do not show a presence of malware. Although it seems, possibly, that Microsoft Defender antivirus may have a issue on getting updates from Microsoft. 

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

>

[  2   Do a custom scan with Microsoft Defender Antivirus ]

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select CUSTOM scan & then pick the C drive  & have it go forward.

Once it has started the scan phase, you can go take a long break.   Let me know the results.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.