Jump to content

false positive ?

Paszu
 Share

Recommended Posts

Paszu

Paszu

Posted
Posted (edited)

Malwarebytes
www.malwarebytes.com

-Szczegóły raportu-
Data zdarzenia ochrony: 08.05.2022
Czas zdarzenia ochrony: 12:38
Plik raportu: ef1d6b10-ceba-11ec-9f8b-9cebe81b532b.json

-Informacje o oprogramowaniu-
Wersja: 4.5.9.198
Wersja komponentów: 1.0.1676
Aktualna wersja pakietu: 1.0.54689
Licencja: Premium

-Informacje o systemie-
System operacyjny: Windows 7 Service Pack 1
Procesor: x64
System plików: NTFS
Użytkownik: System

-Szczegóły zablokowanej strony WWW-
Złośliwa strona WWW: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Zablokowano, -1, -1, 0.0.0, ,

-Dane strony WWW-
Kategoria: Złośliwe oprogramowanie
Domena:
Adres IP: 188.114.96.24
Port: 443
Typ: Wychodzące
Plik: C:\Program Files\Mozilla Firefox\firefox.exe

 

Malwarebytes
www.malwarebytes.com

-Szczegóły raportu-
Data zdarzenia ochrony: 08.05.2022
Czas zdarzenia ochrony: 12:38
Plik raportu: eed00d3e-ceba-11ec-972e-9cebe81b532b.json

-Informacje o oprogramowaniu-
Wersja: 4.5.9.198
Wersja komponentów: 1.0.1676
Aktualna wersja pakietu: 1.0.54689
Licencja: Premium

-Informacje o systemie-
System operacyjny: Windows 7 Service Pack 1
Procesor: x64
System plików: NTFS
Użytkownik: System

-Szczegóły zablokowanej strony WWW-
Złośliwa strona WWW: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Zablokowano, -1, -1, 0.0.0, ,

-Dane strony WWW-
Kategoria: Złośliwe oprogramowanie
Domena:
Adres IP: 188.114.97.24
Port: 443
Typ: Wychodzące
Plik: C:\Program Files\Mozilla Firefox\firefox.exe


Malwarebytes
www.malwarebytes.com

-Szczegóły raportu-
Data zdarzenia ochrony: 08.05.2022
Czas zdarzenia ochrony: 12:38
Plik raportu: ee8065ea-ceba-11ec-89cf-9cebe81b532b.json

-Informacje o oprogramowaniu-
Wersja: 4.5.9.198
Wersja komponentów: 1.0.1676
Aktualna wersja pakietu: 1.0.54689
Licencja: Premium

-Informacje o systemie-
System operacyjny: Windows 7 Service Pack 1
Procesor: x64
System plików: NTFS
Użytkownik: System

-Szczegóły zablokowanej strony WWW-
Złośliwa strona WWW: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Zablokowano, -1, -1, 0.0.0, ,

-Dane strony WWW-
Kategoria: Złośliwe oprogramowanie
Domena:
Adres IP: 2a06:98c1:3120::18
Port: 443
Typ: WychodzącePlik: C:\Program Files\Mozilla Firefox\firefox.exe

 

Malwarebytes
www.malwarebytes.com

-Szczegóły raportu-
Data zdarzenia ochrony: 08.05.2022
Czas zdarzenia ochrony: 12:38
Plik raportu: eea81252-ceba-11ec-9164-9cebe81b532b.json

-Informacje o oprogramowaniu-
Wersja: 4.5.9.198
Wersja komponentów: 1.0.1676
Aktualna wersja pakietu: 1.0.54689
Licencja: Premium

-Informacje o systemie-
System operacyjny: Windows 7 Service Pack 1
Procesor: x64
System plików: NTFS
Użytkownik: System

-Szczegóły zablokowanej strony WWW-
Złośliwa strona WWW: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Zablokowano, -1, -1, 0.0.0, ,

-Dane strony WWW-
Kategoria: Złośliwe oprogramowanie
Domena:
Adres IP: 2a06:98c1:3121::18
Port: 443
Typ: Wychodzące
Plik: C:\Program Files\Mozilla Firefox\firefox.exe

Edited by Paszu
Link to post
Share on other sites
  • Paszu changed the title to false positive ?
Paszu

Paszu

Posted
  • Author
Posted (edited)
18 minutes ago, JPopovic said:

Hello,

We are not blocking these.

Please try to reinstall MB if that is not a problem for you.

Thank you!

these appears on random sites from time to time (always the same ip addresses don't know why  hmm) i already reinstall app a few weeks ago yet they still  appears hmmm

for example i just rebooted my pc and entered the same site  and now no detections very weird hmm

Edited by Paszu
Link to post
Share on other sites
Paszu

Paszu

Posted
  • Author
Posted (edited)
On 5/8/2022 at 3:10 PM, JPopovic said:

Hello,

We are not blocking these.

Please try to reinstall MB if that is not a problem for you.

Thank you!

Reinstalled and still the same problem

 

Kategoria: Złośliwe oprogramowanie
Domena:
Adres IP: 188.114.97.24
Port: 443
Typ: Wychodzące

 

Kategoria: Złośliwe oprogramowanie
Domena:
Adres IP: 188.114.96.24
Port: 443
Typ: Wychodzące

Edited by Paszu
Link to post
Share on other sites
Porthos

Porthos

Posted
Posted

@Paszu

Please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thanks

Link to post
Share on other sites
Paszu

Paszu

Posted
  • Author
Posted
2 hours ago, Porthos said:

@Paszu

Please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thanks

 

mbst-grab-results.zip

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted

@Paszu The tool failed to gather an important set of logs.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

Link to post
Share on other sites
Paszu

Paszu

Posted
  • Author
Posted (edited)
23 minutes ago, Porthos said:

@Paszu The tool failed to gather an important set of logs.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

is this app safe ?

https://www.virustotal.com/gui/file/a669bebfa34fd7d6f6265dd2f95c9ebda41c51b7251c5ebadf1500128731c42f/detection 4/68

Edited by Paszu
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

  • Like 1
Link to post
Share on other sites
Paszu

Paszu

Posted
  • Author
Posted (edited)
On 5/10/2022 at 10:53 AM, AdvancedSetup said:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt 1.77 kB · 2 downloads

Thanks

 

thanks for help but stil the same problem today i'm entering for example 

https://pobieramy24.xyz

 

 

Kategoria: Złośliwe oprogramowanie
Domena:
Adres IP: 188.114.97.24
Port: 443
Typ: Wychodzące

Kategoria: Złośliwe oprogramowanie
Domena:
Adres IP: 2a06:98c1:3120::18
Port: 443
Typ: Wychodzące

 

fresh logs

 

 

FRST.txt Addition.txt

Edited by AdvancedSetup
Disabled live hyperlink
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Not good. Really makes it difficult to help you when logs are what tell us what is going on.

Please get me the Protection Logs showing these blocks

 

 

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

 

Link to post
Share on other sites
Paszu

Paszu

Posted
  • Author
Posted
On 5/13/2022 at 12:03 AM, AdvancedSetup said:

Not good. Really makes it difficult to help you when logs are what tell us what is going on.

Please get me the Protection Logs showing these blocks

 

 

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

 

 

first.txt second.txt third.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Thank you for the logs. I have submitted them for review. It is the weekend so it may be a while before I get a reply back.

I may or may not reply again before Monday.

 

Please run the following for me while we wait for a reply from our internal research team.

Temporarily disable your real-time protection of ESET and run the following scan

 

 

 

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

Thank you

 

Link to post
Share on other sites
Paszu

Paszu

Posted
  • Author
Posted
5 hours ago, AdvancedSetup said:

Thank you for the logs. I have submitted them for review. It is the weekend so it may be a while before I get a reply back.

I may or may not reply again before Monday.

 

Please run the following for me while we wait for a reply from our internal research team.

Temporarily disable your real-time protection of ESET and run the following scan

 

 

 

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

Thank you

 

there was 19 files infected detected during the scan

but in the log 0 is this normal ?

 

 

msert.log

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yes, that is normal for Microsoft. They gather file and registry trails sort of like bread crumbs and unfortunately show the user in the interface (wish they'd stop that) and then they upload to the Cloud to have their artificial intelligence decide if it's a real threat or not.

 

Let's do one more scan. Please run the following scanner. You'll need to stop other real-time antivirus while you run it.

They require you to send them an email to request the link to download the scanner, please do.

 

 

Sophos Scan & Clean

Download Sophos Free Virus Removal Tool and save it to your desktop.

  • If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
  • Please close all other open applications and Do Not use your PC whilst the scan is in progress... This scan is very thorough so it may take several hours to complete, please be patient...

 

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

  • Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

 

Attach the results in your next reply

  • Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

 

If no threats were found please confirm that result...

  • The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 

Please attach that log on your next reply

Thank you

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.