Computer Support Forum

Malwarebytes can't connect to update server or keep on Malicious Website Protect

Question: Malwarebytes can't connect to update server or keep on Malicious Website Protect

Running 8.1 on Toshiba laptop.
 
I realized my Malwarebytes 2.0 wasn't turning on when I booted, and then when it did, it would flag "Unable to access update server".
 
I have tried the uninstall tool and reinstall, and an update works. I scan, it doesn't find anything, but then falls into the same problem with the next boot.
 
Also, the Real-Time Protection status stays as: Malware Protection Enabled, Malicious Website Protection DISABLED
 
Any ideas?

Relevance 100%
Preferred Solution: Malwarebytes can't connect to update server or keep on Malicious Website Protect

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malwarebytes can't connect to update server or keep on Malicious Website Protect

Hello otarsus:
 
If your system did not have any unresolved malware issues from any type of previous MBAM2 scans, and your laptop has the correct date, time zone and time, then, since you already have performed a Clean Re-install process, it would be helpful see three diagnostic logs posted in the Malwarebytes Anti-Malware Help sub-forum.
Please establish membership via Create Account and then read the following and individually attach the 3 requested logs in a post to the above sub-forum: Diagnostic Logs along with a copy/paste of your post's narrative from above.
 
Thank you.
 
1PW
Malwarebytes Volunteer Forum Helper

2 more replies
Relevance 95.94%

It's not just you they are having issues!

https://forums.malwarebytes.org/index.php?/topic/158690-cannot-enable-malicious-website-protection/

 

Answer:Malwarebytes Malicious Website Protection and update fails. It's not just you!

Everything runs perfectly on Windows 8.1 Pro x64 -






Which operating system are you using? Have you tried any fixes (uninstall / reinstall ). ?
 

2 more replies
Relevance 88.56%

Hey thanks for looking at this. Have an old work computer that has had a handful of viruses on it, most recently the CTB Locker lovely virus. I think I have removed it successfully but that might not be the case because I am having an issue running malwarebytes anti-rootkit and I am unable to enable malarebytes website protection (paying customer).
 

Answer:Unable to enable Malwarebytes Malicious Website Protection or Run Malwarebytes Anti-Rootkit

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 85.69%

HiI carnt update Malwarebytes or Spybot and carnt connect to their websites. I know I have a trojan but have not been able to get rid of it. I have ran Hijackthis and the log file is below.Thanks for your help.Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 16:18:28, on 27/02/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\VMSnap23.exeC:\WINDOWS\Domino.exeC:\Program Files\Ja... Read more

Answer:Carnt update Malwarebytes or connect to website

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

2 more replies
Relevance 81.59%

I posted the same topic on 26 february.
 
http://www.bleepingcomputer.com/forums/t/568351/malicious-website-blocked-by-malwarebytes/
 
 
It apperead to be fixed, but now i'm experincig the same problem: some porno pop up window are appearing randomly.
 
Please help.

Answer:Malicious Website Blocked by Malwarebytes - 2

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem. Feel free to call me Makka or something like that.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes tha... Read more

43 more replies
Relevance 81.59%

I am getting a malicious website blocked from the following
checkip.dydns.org
216.146.38.70
port 53491
outbound
program files (x86) Verizon /IHA_Message Center

Answer:malicious website blocked from malwarebytes

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/567496 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

17 more replies
Relevance 81.59%

Hello,
 
every time that i surf through some websites Malwarebytes hurry me that a Malicious Web Site has been blocked.
 
Below some other information:
 
IP: 91.194.254.105
Type: outbound
Port: xxxx
Process: ..../svchost.exe 
 
 
Also some popup window, probably written in cirillic, are shown very often.
 
Please help me.
 
Sorry about my english but is not my mother language.
 
Thank you in advance.
 

Answer:Malicious Website Blocked by Malwarebytes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

7 more replies
Relevance 81.59%

I am entierly new to this forum, and im a bit stressed out so, not sure what to do. The picture below is the popup, and i have windows 8.1 and not 8 if it makes a difference. Would appriciate all the help i can get. Current antivirus : McAfee
Current Malware protection: MalwareBytes
 

More replies
Relevance 81.59%

Do not know how to remove it.
 
I am getting a malicious website blocked from the following
checkip.dydns.org
216.146.38.70
port 53491
outbound
program files (x86) Verizon /IHA_Message Center

Answer:Malicious website blocked by malwarebytes

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Jim (administrator) on JIMS-PC on 24-02-2015 16:31:50
Running from C:\Users\Jim\Documents
Loaded Profiles: Jim (Available profiles: Jim)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cart... Read more

3 more replies
Relevance 81.59%

Hello
 
A few days ago I started getting pop-ups that said "Congratulations you've won a prize" (in my native Slovenian language). I had to click OK button to proceed to the sites I wanted to visit.
First pop-up appeared when I visited a xxx site that was probably infected. Later pop-ups started appearing on almost all sites I visited.
Yesterday I installed MalwareBytes and it is blocking some potentially malicous sites (lookup at who.is showed they are from Moldova, Russia, Romania etc)
From log file:
2014/02/06 17:28:36 +0100    TURK-PC    Turk    IP-BLOCK    218.7.200.202 (Type: outgoing)
2014/02/06 17:33:15 +0100    TURK-PC    Turk    IP-BLOCK    89.28.31.195 (Type: incoming)
2014/02/06 18:14:43 +0100    TURK-PC    Turk    IP-BLOCK    109.196.137.15 (Type: outgoing)
2014/02/06 18:59:11 +0100    TURK-PC    Turk    IP-BLOCK    220.248.167.235 (Type: outgoing)
2014/02/07 09:17:48 +0100    TURK-PC    Turk    IP-BLOCK    178.152.13.101 (Type: outgoing)
2014/02/07 12:09:46 +0100    TURK-PC    Turk    IP-BLOCK    188.211.239.23 (Type: outgoing)
2014/02/07 12:09:52 +0100    TURK-PC    Turk... Read more

Answer:MalwareBytes blocks malicious website

Hello,please run a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

16 more replies
Relevance 81.59%

help! This keeps appearing! I already scanned with malwarebytes!

Answer:malicious website blocked(Malwarebytes)

Hello kengo and welcome to Bleeping Computer.
My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:
please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
===================================================Note: Please follow these instructions in the order given.
===================================================Uninstall programs
Please uninstall these programs:Advanced SystemCare 8
IObit Malware Fighter
AVG 2012 (any version present)
click Start, Settings, Control Panel, Add or Remove Programs
click on Advanced SystemCare 8 and then on Uninstall. Repeat this for the other programs listed above
===================... Read more

16 more replies
Relevance 80.77%

As I've said before, I always taken extra steps to insure our systems are protected.  I helped a friend about a month ago, which included installing Malwarebytes.  During the process, I backed (created a ZIP file) of (Windows 8):C:\Users\All Users\Malwarebytes\
Well, my friend got the message "Malware Protection Enabled, Malicious Website Protection DISABLED" last night.  Numerous reboots didn't help.  He brought his computer over, I took the ZIP file, and unzipped the files into the original location (after a full scan with AVAST and Malwarebytes), rebooted, and all was fine.  Then another scan (AVAST and Malwarebytes) was done, after Malwarebytes checked the updates to make sure they were current.
This is an idea to consider.  I've seen a post here, and on other sites, with the same complaint.  I know that this won't help a current problem, where a person hasn't backed up C:\Users\All Users\Malwarebytes\, but it will at least help you next time.
For people is the current problem.  I suggest that you uninstall MB, make sure that the above folder is gone, then reinstall and try it again.  If it works, then backup C:\Users\All Users\Malwarebytes\.  On other OS's, it up to you to find the proper location.
Have a great day!

 

Answer:Malwarebytes - Malicious Website Protection DISABLED

Avast also has a browsing protection feature. It's possible that the 2 are conflicting and Avast disables the other one.

11 more replies
Relevance 80.77%

Hello,  In my malwarebytes  Malicious Website Protection DISABLED. I run Adwcleaner few times, and I found that this string keep show up. I cleaned it, and in my setting only use google as search engine -\\ Google Chrome v37.0.2062.124 Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} Here the report: # AdwCleaner v4.000 - Report created 14/10/2014 at 07:51:43# Updated 12/10/2014 by Xplode# Database : 2014-10-13.5# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Rachel - SARAH-LAPTOP# Running from : C:\Users\Rachel\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] *****  ***** [ Files / Folders ] *****  ***** [ Scheduled Tasks ] *****  ***** [ Shortcuts ] *****  ***** [ Registry ] *****  ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17280  -\\ Mozilla Firefox v29.0.1 (en-US)  -\\ Google Chrome v37.0.2062.124 Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [1132 octets] - [02/07/2014 10:39:49]AdwCleaner[R10].txt - [2190 octets] - [05/09/2014 14:46:24]AdwCleaner[R11].txt - [2311 octets] - [22/09/2014 09:05:14]AdwCleaner[R12].txt - [2382 octets] - [29/09/2014 01:20:42]AdwCleaner[R13].txt - [2554 octets] - [07/10/2014 23:57:06]AdwCleaner[R14].txt - [2851 octets] - [14/10/2014 07:28:29]AdwCleaner[R15].txt - [1078 octets] ... Read more

Answer:Malwarebytes - Malicious Website Protection DISABLED

Hello rhutami:
 
Please follow the steps in the pinned procedure below:
 Malicious Website Protection disabled
 
Your AdwCleaner results are most likely unrelated and may be dealt with later.
 
Please advise your results in a reply to this thread. Thank you.

8 more replies
Relevance 80.77%

Greetings,
 
I constantly get these popups from Malwarebytes telling me that a malicious website blocked ip 204.11.56.26 Lostriverse. It also comes up as kilt.startnow something.
They're all outbound, It's been happening for a few weeks now. Malwarebytes can't find it. Emsisoft found it or so I thought, and it keeps coming back. Now my Emsisift trial has expired. TDSS couldnt find it, and neither could hitman pro.
 
Please help!
 
 
~Mike

Answer:Malicious website blocked in Malwarebytes. Outbound.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556777 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

18 more replies
Relevance 80.77%

Hi!
 
I have an old Toshiba running Windows 7. After updateing Malwarebytes database, I am getting reports of 127.0.0.1 being blocked. Can anyone assist me. MBAM reports no problems after the quickscan.
 
Late breaking news. It was a buggy MBAM definitions update that was doing the blocking. A new update has been issued.
Thanks to hobboy for instantly alerting me to this.
Gene
 

Answer:malwarebytes blocked access to a malicious website 127.0.0.1

Thank you for the feed back.
 
nasdaq

2 more replies
Relevance 80.77%

"malicious website blocked" pop up continuously by malwarebytes
IP : 146.185.239.240
type :outbound

Answer:"malicious website blocked" pop up continuously by malwarebytes

Hello niraj804 and welcome to BleepingComputer!         
 
My name is Sirawit and I'm here to help you.
 
Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.
 
If I don't reply after 3 days, feel free to PM me.          
==========================================================================Some points for you to keep in mind:
Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps pl... Read more

4 more replies
Relevance 80.77%

Hi,
  Appologies if this is the wrong forum.
 
  Windows 7 64-bit home edition
  Compaq Computer
  Sorry I am not very computer literate-let me know if you need more info
 
  popup will appear over and over saying:
 
 Malwarebytes Anti-Malware
 Successfully blocked access to a potentially malicious
 website: 95.211.194.79
 
 Type: outgoing
 Port: 55415, Process: win7696.exe
 
  During these past couple of weeks I have had a problem with "PUP" but the last time I scanned it appeared to be gone.
 
 I downloaded and used Rkill. The popups stopped, but my Wacom tablet also stopped working.
 
I ran Malwarbytes and everthing came out clean.
 
I restarted the computer, my Wacom tablet is working, but the popups are back, I've gotten three of them as I sit here typing this post. 
 
Thank you!
 
 
 
 
 

Answer:Recieving "Malwarebytes blocked malicious website"

Hello Children7

Are you connected wired or wireless?

Mbam is doing its job but you appear to have infections.
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
PLease rerun RKill, Copy?paste the File that is automatically saved on your desktop in your next reply.
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
Do not change the default options on scan results.
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
.
Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should n... Read more

3 more replies
Relevance 80.77%

I am getting too many malicious website blocked notification recently from malwarebytes antimalware. Those notification shows different ip address like 221.192.199.34, 60.173.11.237, 60.173.11.231, 146.185.239.104 etc and port number 19064,1080 etc but all shows type as inbound and the process is C:\Windows\System32\svchost.exe.
 
OS is windows 7. Kaspersky Internet security 2015 and malwarebytes premium 2.04.1028 are installed as security software. I have done full scan using both few times  but all of them showing no problem.   
 
Laptop is running normally. Didn't noticed any other problem except malwarebytes popup notification described above.
 
Ok I got the notification twice while typing the above few line here.
 
plz help
 
Sarkar
 
 

Answer:Getting too many Malicious Website blocked notification from Malwarebytes

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

1 more replies
Relevance 80.77%

So i've been using Malwarebytes for almost a year now , but an odd window won't stop popping , in some website they said it's recommended that i reinstall the OS all together , but i thought there must be a better solution
the windows ,as the picture below shows , says a malicious website blocked with the IP ,Port ,Type, Process (svchost always the same )

 

More replies
Relevance 79.95%

My wifes machine keeps getting popup warnings from Malwarebytes Premium that it has blocked Malicious website. Everytime a warning pops up it seems to be a different IP or website that it blocked. I have no Idea what she could have clicked on to cause this. Its slowing down the machine alot. I set up the machine so she cant install anything without a passwordj and she doesnt know what the password is so Im stumped.
 
Windows 7 Home Premium
Service Pak 1
 
Please Help!

Answer:MalwareBytes popups warning Malicious Website Blocked

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

13 more replies
Relevance 79.95%

Shortly before Christmas I was convinced that my computer was infected with some kind of malware. I had Avast anti-virus installed and Norton anti-virus (Not sure if they are compatible or not). Avast anti-virus seemed to simply break, it would open on start up although nothing could be done with the programme. Norton anti-virus would also take atleast a few minutes to start although it is set to open on start up. During the time in which Norton anti-virus was disable me internet connection would be cut.

I managed to execute a cmd prompt to boot into the administrator account from which I ran a full system scan with Norton, bearing no results. I then proceeded to download the Malwarebytes Pro trial and perform a full system scan, which also found nothing. After a few hours of checking for any suspicious files/processes (and finding none) I booted back into my normal computer account and everything ran fine and the malware seemingly removed (despite finding absoloutely nothing).

However while I use my internet browser (Google Chrome) and even after I have closed the browser, Malwarebytes continuously spams me with messages saying that it has block access to malicious websites, one such I.P is 62.45.250.11. I have recently booted my computer into admin/safe/normal modes and scanned with both Norton and Malwarebytes and found nothing but a few tracking cookies. Though I am convinced that there is some malware on my computer trying to phone home and download some of its tools.... Read more

Answer:"Malwarebytes has block access to a malicious website" Spam

IP Protection (malicious website blocking) is part of the Protection Module and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. Some legitimate programs on your computer have access to the Internet and that action can also trigger an IP alert. These events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate. IP Protection is also designed to block incoming connections it determines to be malicious. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Malwarebytes is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts. Information that explains IP Protection feature can be found in the Malwarebytes Anti-Malware IP Protection FAQs.What does IP Protection do?IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges...What does this notification mean?This notification means quite simply, that an IP addre... Read more

3 more replies
Relevance 79.95%

I am have this same issue please help. I am running windows 7 Home Edition.
 

Answer:Malwarebytes - Malicious Website C:\Windows\SysWOW64\svchost.exe

Malwarebytes - Malicious Website C:\Windows\SysWOW64\dllhost.exe
 

2 more replies
Relevance 79.95%

Trying to clean up a friend's Toshiba Satellite Notebook.  Windows 7.   I've installed and run Avast, Malwarebytes and Ad-aware.  Each found and quarantined some trojans and pups.  Still getting messages from Avast Web Shield and MWB every few seconds.  Not sure what to do next.  Any help appreciated.
 
Details on messages are:  Process: c:\windows\syswow64\dllhost.exe
domain:  ads.find-all-you-want.com and fff533
 
Some browser hijacks occurring.
 
Also  ESET has found hundreds of instances of Win32/Filecoder.CR Trojan.  
 
 
 
Thanks,
Chris

Answer:Constant Malwarebytes Messages - Malicious website blocked...

Details on messages are:  Process: c:\windows\syswow64\dllhost.exe

2 more replies
Relevance 79.95%

So I have seen other user's have had this issue as well, but I wanted to post my own as each one seems to be its own individual mess...

Besides the FRST scan log, I have included the Malwarebytes logs and screen snips of the pop-ups.
 

Answer:Malwarebytes - Malicious Website C:\Windows\SysWOW64\svchost.exe

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

10 more replies
Relevance 79.95%

I have attached the requested FRST reports. I also exported my Malwarebytes Protection Log and Norton Intrusion Prevention Logs, and can send those, if needed.
 

Answer:Malicious Website Protection and Trojan popups from Malwarebytes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

9 more replies
Relevance 79.95%

I'm unable to to turn on Malicious Website protection on malwarebytes (Premium). This happen when network list service stopped working, I have tried multiple ways to get it enable and none of them have work. I'm not really sure if this is the right place to post this in since I don't know if its a malware issue or not.

Answer:I'm unable to to turn on Malicious Website protection on malwarebytes

Hello Ajuhe I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", t... Read more

16 more replies
Relevance 79.95%

Hello, I'm currently having a problem with what I assume to be typical backdoor malware, and it's causing quite a bit of worrying to the people in the house who, upon using Google, are now sure we're under severe terrorist attack. It doesn't help that I told the blocked I.Ps traced back to Qatar and eastern Europe.

Either way, I've come here because I'm not too sure what steps I should take. I really ought to acquire some computer knowledge beyond the basic user interface aspect of it.

Anyway, here are all the logs, as promised.

Let me know if you need me to do anything else, I'll be monitoring this thread for replies!
 

Answer:Malwarebytes blocks access to a potentially malicious website

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mod

Rescan with Hitman and have it delete anything under the heading:
Potential Unwanted Programs

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


O4 - HKCU\..\Run: [05B33F884ABE6A7AD1661731082A3B2D46C066CF._service_run] "C:\Documents and Settings\Omgadnowai\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service
After clicking Fix exit HJT.


Please run Ccleaner (not the registry scanner) just the cleaner itself to be rid of many temp files.


Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"05B33F884ABE6A7AD1661731082A3B2D46C066CF._service_run"=-
[HKEY_USERS\S-1-5-21-1275210071-688789844-839522115-1003\Software\Microsoft\Windows\Current... Read more

1 more replies
Relevance 79.95%

   
On net (several pages opened) when Avast started reporting 'Malicious Website Blocked'
on sites I usually don't open like 'best classic fails' 'best motorcycle fails' 'picture girls wish they never posted'
 
Received 20 Avast messages in 2 minutes
 
Malwarebytes also reported Malicious Website Blocked
 
BLOCKED WEB PAGES had the same
 
PROCESS: C:\Windows\SysWOW64\dllhost.exe
 
PORTS all had same
49258
51039
51048
URL
195.2.240.67
or
95.215.1.40
 
OS WINDOWS 7 64 SP1 all updates
IE MS 11
 
steps already taken
 
1. FULL SCAN  with box checked for rootkit
    Avast AV free and Malwarebytes results nothing found
2. Ran MS System File Checker
3.  MS Malicious software remover
 
Rebooted computer and opened browser no more 'Malicious Website Blocked' reports but I don't see what was done to resolve issue C:\Windows\SysWOW64\dllhost.exe from trying to open webpages or know if I still have a problem.
 

Answer:Avast - Malwarebytes 'Malicious Website Blocked' 20 in 2 minutes

Download and run wipe  and system ninja,
 
https://privacyroot.com/software/www/en/wipe.php
https://singularlabs.com/software/system-ninja/
 
Then.....
 
Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.
https://www.piriform.com/ccleaner/download
Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.
Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.To do this:
Hit options.
Settings.
Place a tick to run Ccleaner when the computer starts.

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.
 
Reboot your machine and then follow the  instructions below.
 
Step 1: eScanAV.
 
Disable your antivirus prior to this scan.
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Download the eScanAV Anti-Virus Toolkit (MWAV)http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
 
Source
http://www.escanav.com/english/content/products/downloadlink/downloadp... Read more

5 more replies
Relevance 79.95%

My computer has been slow. Malwarebytes active sheild is blocking outgoing malicious websites every minute or so. I have run Malwarebytes and Combofix as they have worked for me in the past, but this time, I can't locate or remove the virus.
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Chris at 1:59:08 on 2014-10-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3583.2220 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
I:\Windows\system32\wininit.exe
I:\Windows\system32\lsm.exe
I:\Windows\system32\atiesrxx.exe
I:\Program Files\AVAST Software\Avast\AvastSvc.exe
I:\Windows\system32\atieclxx.exe
I:\Windows\System32\spoolsv.exe
I:\Windows\system32\taskhost.exe
I:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
I:\Windows\system32\Dwm.exe
I:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
I:\Windows\Explorer.EXE
I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
I:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
I:\Program Files\Microsoft IntelliPoin... Read more

Answer:Malwarebytes constantly blocking malicious website-outbound

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552732 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 79.13%

I have Malwarebytes installed and I keep getting the message pop up: Successfully blocked access to a potentially malicious website type incoming and outgoing.
Is my computer infected?

Answer:Malwarebytes: Successfully blocked access to a potentially malicious website

" To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. "

You might wanna do this tis' a rule here

4 more replies
Relevance 79.13%

Hello,

I ran a Malwarebytes scan just today and have been getting very frequent pop-ups about malicious websites being blocked. The process is always C:/Windows/SysWOW64/dllhost.exe
I have been a victim of the about:blank on my Internet Explorer and after running hijack.exe and malwarebytes, it has not changed to about:blank from my homepage Google.

I am very nervous for my computer! Please help! Thanks in advance. I have attached m FRST.txt from the FRST scan. and the additional text for FRST.
 

Answer:Malicious Website Blocked from Malwarebytes: C:/Windows/SysWOW64/dllhost.exe

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Download Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all th... Read more

15 more replies
Relevance 79.13%

For the last 5 minutes I have been getting this pop-up every 10 seconds, the website is 195.161.25.18, type:incoming, process: svchost.exe.
I ran SuperAntiSpyware which found 18 tracking cookies which I removed, MalwareBytes found nothing and I did a CCleaner sweep. Advice?

Another one just showed up, the website is different: 77.78.229.60, also svchost.exe
Thank you.

edit: another pop-up, website 91.188.38.18 (don't know if this is relevant, so just in case)

Answer:MalwareBytes: Successfully blocked access to a potentially malicious website

Hello, well the IP is not a good one.http://myip.ms/view/ip_addresses/3282114816/195.161.25.0_195.161.25.255#p_ownerYou have the Paid MBAM?Please Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.>>>>I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the
icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially un... Read more

25 more replies
Relevance 79.13%

Hi.
 
I run a Windows 8 Core i3 64-bit machine (Windows Experience Index is 5.6).
 
For a couple of weeks since I installed it, MalwareBytes keeps blocking malicious websites continuously. It is scary because even when the computer is idle and there's no internet activity, MalwareBytes shows messages of blocking access to malicious websites. I have no clue where this activity coming from. Please help! Am I infected? The computer's been running decently but I am still scared. Along with MalwareBytes, I use Windows Defender as my main antivirus.
 
Do let me know if any other information is needed.

Answer:MalwareBytes blocks malicious website when computer is idle. Am I infected?

Malwarebytes Anti-Malware Malicious Website Blocking (IP Protection) is part of the Protection Module in the Pro version and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. Notification that an IP address has been blocked does not necessarily mean the computer is infected. Some legitimate programs on your computer (i.e. iTunes, Instant Messenger client, P2P programs, web browsers) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. These types of events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate.IP Protection is also designed to block incoming connections it determines to be malicious. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Malwarebytes is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts which it stores in the "protection-log".More information about IP Protection can be found in the Malwarebytes Anti-Malware Malici... Read more

17 more replies
Relevance 79.13%

I have Malwarebytes installed and I keep getting the message pop up: Successfully blocked access to a potentially malicious website type incoming and outgoing.
Is my computer infected?

Answer:Malwarebytes: Successfully blocked access to a potentially malicious website

Are you browsing a specific website when this appears?

7 more replies
Relevance 79.13%

Hi, I am new to this but seem to have a problem with Malwarebytes & I currently cannot standby or sleep my computer.  My mbamservice.exe seems to be running high (~120,000 K mem usage) and every few mins I get a pop-up from Malwarebytes saying: "Successfully blocked access to a potentially malicious website: 66.150.14.?? Type: outgoing" ??=.12, or .40 or .41 or .42.
 
I have seen a post here from someone else who had this same message on Oct 12 2012 http://www.bleepingcomputer.com/forums/t/471136/browsers-trying-to-connect-to-potentially-malicious-websites/
Forum Addict BC Advisor said to download & scan with TDSSkiller. Launch it. Click on change parameters-Select TDLFS file system. Click on "Scan".Please post the LOG report(log file should be in your C drive). Do not change the default options on scan results. Download.  
This found 0 threats.
aswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan. After scan finishes,click on Save logPost the log results here. If you get crashes in normal mode,run it in safemode with networkingDownload
Log results attached
ESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threats
Export the list to desktop,copy the contents of the text file in your reply
Note: this said “Another anti-virus software was detected. This may affect t... Read more

Answer:Malwarebytes potentially malicious website 66.150.14.?? + mbamexe high mem usage

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from one of these locations:
IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Wi... Read more

18 more replies
Relevance 78.31%

Malwarebytes keeps giving popups saying "Malicious Website blocked". The popups all have different domain names, ports & IP addresses but the only thing in common is the process C:\Windows\SysWOW64\dllhost.exe.

I ran Malwarebytes and Avast they both only found 1 thing each but not the item in question. Still getting popup alerts.
 

Answer:Malicious website blocked C:\\Windows\SysWOW64\dllhost.exe Malwarebytes popups

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 78.31%

Hi:
I need your help with the Malicious Website Blocked problem that Malwarebytes is flagging every so often on my computer. It is associated with the file dhost.exe with different domians and IP addresses. Tried different things that xfinity suggested to no avail. Plz help. Tried running various scans ! Running Windows 7 64 bit. I will run the AntirootKit and post the results.
thanks
 

Answer:malwarebytes warning: malicious-website-blocked-c-windows-syswow64-dllho st-exe

Hello,
http://malwaretips.com/threads/preparation-guide-before-requesting-malware-removal-help.20334/
 

1 more replies
Relevance 78.31%

I would greatly appreciate any assistance in helping me on this.
 

Answer:malwarebytes warning: malicious-website-blocked-c-windows-syswow64-dllho st-exe

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

12 more replies
Relevance 78.31%

Malwarebytes successfully blocked access to a potentially malicious site website 88.214.193.54.  I am getting this message every couple of seconds and doing a search I see this is a virus.  I need help as I have never had a virus and the removal appears to be complicated.  Can someone help?
 
Thanks!!!

Answer:Malwarebytes successfully blocked access to a potentially malicious site website

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkma... Read more

15 more replies
Relevance 77.49%

Well actually i have 2 or 3 PC with sameprombles. My english isn't good.
 

Answer:Malwarebytes - Malicious Website c:\windows\system32\svchoot.exe and popup virus (opresat.ru)

This topic will be closed due to presence of pirated content.

Piracy policy
 

1 more replies
Relevance 71.75%

This is my first post to the forum so first off, Hello. Secondly, thank you for taking time to look at this problem as I know your do this in your free time.

This is the computer my family uses so I am do not know just how long the symptoms started. It does consume much of the processing power of the computer and in addition to slowing it down, does lead to the occasional blue screen of death when it just gets overwhelmed.

I read through the posts of the November 20th thread and it sounded identical but am listening to your advice that is posted multiple times that each problem, while sounding similar, may be slightly different.

Thanks again
 

Answer:Malwarebytes Anti-Malware message - Malicious Website Blocked Message

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 71.75%

"malicious website blocked" popping up continuously by malwarebytes
IP:-46.161.41.146
typeutbound

please help me with this issue. i have scanned pc with malwarebytes , hitman pro , farbar malware removal , combofix , adwcleaner.
 

Answer:"malicious website blocked" popping up continuously by malwarebytes IP:-46.161.41.146 type:outbound

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.


Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled befor... Read more

12 more replies
Relevance 66.83%

I have three computers on the same network. All running Win 10 Pro.
About 2 weeks ago two of the computers stopped getting updated from MWB. I tried manually updating but get an error message saying that it couldn't connect to the update server.
I'm not sure if this coincided with the Windows anniversary update but all three computers have been updated.
I can't work out why 1 computer will connect but not the other 2.
I have tried turning off windows firewall but that didn't help.
I have tried connecting through a VPN. Same result.
I can't even access the free download on MWB site. It appears that all of their servers are blocked on these 2 computers.
Using the sticky at the top of this forum I used the third computer to get the update. I installed it on this computer hoping that the new version might fix the problem but it still can't access the update server.

This has me completely stumped.

Any help would be greatly appreciated.

Thanks

More replies
Relevance 66.83%

I have three computers on the same network. All running Win 10 Pro.
About 2 weeks ago two of the computers stopped getting updated from MWB. I tried manually updating but get an error message saying that it couldn't connect to the update server.
I'm not sure if this coincided with the Windows anniversary update but all three computers have been updated.
I can't work out why 1 computer will connect but not the other 2.
I have tried turning off windows firewall but that didn't help.
I have tried connecting through a VPN. Same result.
I can't even access the free download on MWB site. It appears that all of their servers are blocked on these 2 computers.
Using the sticky at the top of this forum I used the third computer to get the update. I installed it on this computer hoping that the new version might fix the problem but it still can't access the update server.

This has me completely stumped.

Any help would be greatly appreciated.

Thanks

Answer:Unable to connect to Malwarebytes server

Hi:

There are many possible reasons for updating issues.
To name a few: incorrect system date/time, software conflict (especially AV or firewall), system configuration issues or damage, networking problems, license validation issues, update server/CDN issues, even malware.

We would need a bit more information in order to tease this out to determine a likely cause and solution.

It sounds from your post as if you may have updated the system(s) to Win10 AU with MBAM installed?
If so, the OS upgrade may have caused minor corruption with MBAM.
(This is why MS and most of the major security software vendors suggest temporarily uninstalling your AV and security apps before upgrading to AU...)

So, the first thing to try would be a proper clean reinstall of MBAM.
The instructions are HERE.

Let's work on ONE computer at a time, to minimize confusion.

Notes:
If you run MBAM Premium, please have your license info (Key +/- ID) handy before you start. You will need the info to activate the program to Premium after reinstalling.If you run MBAM Premium, please DEACTIVATE your account before you start (dashboard > my account > deactivate).Please follow the instructions carefully, including rebooting when prompted by the removal tool (important!) and again after the reinstall.

Please let us know if that resolves your issue.

We'll go from there,

MM

11 more replies
Relevance 65.6%

Hey there! I experienced this problem last week and found this thread through a Google search. Eagle, I see this discussion happened in December. Would you recommend I go through the steps you outlined above as well?

Thanks in advance for the help!
 

Answer:Cannot connect to internet after using Malwarebytes; Proxy Server Error

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 65.6%

i had installed malwarebytes to rid of the adds and pop ups that I receive onto my web browser ( Google Chrome & Mozilla FireFox ) I let it scan my computer which had some effects of lagging my current in-use files. After it had finished scanning it asked me whether I wanted to delete the files or if I wanted to quarantine them, so I decided to quarantine all the files it had found a threat. It then had told me to restart my computer and after I had restarted my computer, everything was working fine but I couldn't connect to the internet due to : Unable to connect to the proxy server.
Since then I had uninstalled malwarebytes before I found the forum because I thought that were get rid of my issue. I had run my SRST scan and I also have attached my log for the malwarebytes run.
Since I am using a laptop to access the internet I am unable to do online scans on my insected computer.
I do not understand the functions on computers and such so well so I need greater assistance.
Thank you for any assistance that you give me.
 

Answer:Cannot connect to internet after using Malwarebytes; Proxy Server Error

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

11 more replies
Relevance 62.73%

Hi,

I'm a complete novice at technical stuff, so I need some hand-holding and patience. A reader of my website has recently informed me that my "website contains an "HTTP Malicious Javascript Encoder" from brasilianstoree.info. It was blocked by our systems, but it is very nasty and could harm others."

I also discovered today that when my website loaded, it was redirected to AskLots.com, and I think this may be part of the problem. I also think my ftp server was compromised due to an error with WordPress. I was getting a WordPress admin error that my wp-content/backup-db file might be visible to the public, and so it took me a while, but I found the solution to fix that. Having said all this, I'm still getting the site re-direction to AskLots.com. I've run AVG full scan, SpyBot, MalwareBytes, etc., etc., etc., but nothing is found. I've even searched my ftp files for "aff.php" after reading another forum's discussion about the same thing, but it found nothing. I just now downloaded and run Hijack This, and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:43 PM, on 8/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Ruthie\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files... Read more

Answer:Website has been hacked by a HTTP Malicious Javascript Encoder, Website redirection

The HIJACKTHIS output from your machine most likely has nothing to do with this problem. There is no virus, your site has been hacked. The "infection" is on the webserver.

WordPress has exploits discovered every couple months, and if I assume correctly, you have not been updating it when a new version comes out. The hackers have used one of the exploits to upload a .asp script or something similar which then edited your page, causing the redirects. Obviously, I (nor anyone else here) can be 100% sure what the problem is without further information.

Your best bet is to install the newest version of wordpress, use some "wordpress-hardening" guides that are out there to make it less susceptible to hackers, and then convert and migrate your existing database to the newest version if it can be salvaged.
 

5 more replies
Relevance 62.73%

Hi,

I'm a complete novice at technical stuff, so I need some hand-holding and patience. A reader of my website has recently informed me that my "website contains an "HTTP Malicious Javascript Encoder" from brasilianstoree.info. It was blocked by our systems, but it is very nasty and could harm others."

I also discovered today that when my website loaded, it was redirected to AskLots.com, and I think this may be part of the problem. I also think my ftp server was compromised due to an error with WordPress. I was getting a WordPress admin error that my wp-content/backup-db file might be visible to the public, and so it took me a while, but I found the solution to fix that. Having said all this, I'm still getting the site re-direction to AskLots.com. I've run AVG full scan, SpyBot, MalwareBytes, etc., etc., etc., but nothing is found. I've even searched my ftp files for "aff.php" after reading another forum's discussion about the same thing, but it found nothing. I just now downloaded and run Hijack This, and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:43 PM, on 8/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Ruthie\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Spybot - Search & De... Read more

More replies
Relevance 60.68%

Hello all!
 
My girlfriend decided to try and download something and apparently it wasn't from quite the right place I've run Malwarebytes and ADWCleaner, but I'm still getting a Malicious Website Blocked warning from Malwarebytes for an Outbound threat called choiceforme.website. I've run a number of full scans, but nothing seems to be able to clean it. It's coming from a chrome.exe deep in the users/.../appdata directories.
 
Thanks for all your help.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
Ran by LeeLemon (administrator) on LEELEMON-PC on 09-03-2015 23:40:55
Running from C:\Users\LeeLemon\Desktop\Programs
Loaded Profiles: LeeLemon (Available profiles: LeeLemon)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:... Read more

Answer:choiceforme.website Malicious Website Blocked

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Did you install this process?Do you know what this runner.exe does?C:\Users\LeeLemon\AppData\Local\4F04CBE0-52DC-194F-BCDB-88E77F9353A4\Runner.exeIf not the please submit the file at VirustotalFollow the instructions on this pagehttps://www.virustotal.com/Post the results for my review.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3207657109-3920658093-2391203142-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =... Read more

9 more replies
Relevance 60.68%

Just today, I noticed that realtime protection wasn't enabled on Malwarebytes, so I tried re-enabling it with no success. As well, when I tried updating, Malwarebytes was unable to access the update server.
 
A few days before this happened, I tried to download a song from an MP3 site, but instead of it being an MP3, it turned out to be a Windows executable that Malwarebytes detected as a PUP. I removed the PUP, but I think it may still have been responsible for the problem I currently have.
 
Also, when I try to run a scan in Malwarebytes, it gets hung up on some files. If I delete a file it gets stuck on, it'll just get stuck on another.
 
EDIT: Moved from MRT to Aii. No logs posted. ~bloopie

Answer:Can't enable real-time protection or access update server in Malwarebytes.

Edit: Added that scan from Malwarebytes gets hung up on files.

2 more replies
Relevance 59.86%

Hi Guys,

Would Sandboxie protect me from lets say a dropper or trojan type program, if I were to execute it?

Just like running questionable software in a VM for protection, can Sandboxie provide similar protection?

The Sandboxie website leans a bit to web surfing and possible nasties that can be obtained by surfing to questionable sites. But how good is it if for example I run a keygen or "crack" which may have a byproduct of dropping an unwanted .exe in the reg "run" key or maybe even worse replace a system file with it's own evil offspring.
 

Answer:Sandboxie: Can it protect from potential malicious programs?

Here's my opinion on third-party sandboxes.

UAC is integrated tightly into Windows, as you know. To-date, nothing has bypassed it.
Internet Explorer is tied right into this, too.

Sandboxie is third party software that runs inside of Windows. Thus, said software could become infected itself... All that it has to do is exploit some flaw in Sandboxie to gain entrance into Windows.

Contrast: UAC requires user intervention on everything.
 

16 more replies
Relevance 59.04%

Quote:




We?re always working to improve Chrome extensions while keeping our users as safe as possible. In May 2014 we announced a new policy to protect Windows users by enforcing that extensions be hosted on the Chrome Web Store. The results were encouraging: we saw a 75% drop in customer support help requests for uninstalling unwanted extensions. Consequently, we will expand the reach of this protection to all Windows and Mac users in the coming months.

We originally did not enforce this policy on the Windows developer channel in order to allow developers to opt out. Unfortunately, we?ve since observed malicious software forcing users into the developer channel in order to install unwanted off-store extensions. Affected users are left with malicious extensions running on a Chrome channel they did not choose. As such, starting today we will begin enforcing this policy on all Windows channels. Mac will soon follow, with enforcement for all channels beginning in July 2015.




Chromium Blog: Continuing to protect Chrome users from malicious extensions

More replies
Relevance 59.04%

I think I have a virus that I haven't been able to get rid of. I have ran Norton antivirus but it came up with nothing, but now I can't update Norton or connect to certain web site, such as www.symantec.com, I keep getting "this page cannot be displayed". I have checked my hostsfile in system32 folder and it looks fine. I also am getting pop-ups occasionally, for which I have ran spybot, it helped but did not solve the problem. I am running winXP Pro, and here is a copy of my Hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 9:35:57 PM, on 6/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\System32\CTHELPER.EXE
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Common Files\Symantec Sh... Read more

Answer:Cannot connect to symantec website, or update Antivirus.

13 more replies
Relevance 59.04%
Answer:Can you connect to windows update website? looks like its offline

10 more replies
Relevance 58.63%

Referred from here: http://www.bleepingcomputer.com/forums/topic375552.html ~ OBAvast and Windows Upadate are unable to connect to the update server. DDS log posted below.DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Marissa at 17:23:52.61 on Tue 01/25/2011Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3933.2549 [GMT -6:00]AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\WUDFHost.exeC:\windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mo... Read more

Answer:Avast and Windows Update can't connect to update server

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

26 more replies
Relevance 58.63%

Hi -
 
Malwarebytes keeps popping up and saying it is blocking an outbound malicious threat to the same ip address - 66.77.96.140 freeze.com.  About 2 weeks ago I received an infected email and installed MBAM (paid version) to help me remove a virus from my computer.  At that time it started popping up repeatedly in response to a utorrent.exe file and so I uninstalled the untorrent software.  I am no longer running any file sharing software and have not downloaded any other new software or files since installing MBAM.  Up until just a few minutes ago when I started getting these popups about freeze.com, it seemed that I was all clear; apparently not.  I would be very grateful if someone could help me figure out what is going on and how to rid my computer completely and fully of whatever is apparently still on there.
 
I am not very technologically knowledgeable but will do my very best to follow directions.  Thank you very much.

Answer:Need help with malicious blocking from malwarebytes

Hello blazedog, The primary domain hosted by this IP is dl.installiq.com along with 6 other domains which are known adware distribution web sites.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xp... Read more

11 more replies
Relevance 58.63%

I have run malwarebytes and so there are malicious software found such as PUP, Trojan Agent, trojan FakeAlert so would it be ok if
I just directly removed it all right away?

Answer:Malicious software from malwarebytes

Hello, First I moved this to the Am I Infcted forum.Yes remove them. Then.....Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run Superantisypware (SAS): Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.
For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.An icon will be created on your desktop. Double-click that... Read more

5 more replies
Relevance 58.63%

Does avast protects against malicious driver installations and the attacks that use hooks to infect the system.
Further, how is avast's bb at detecting process hollowing attempts and protecting COM components and important registry keys?
 

Answer:Does avast protect against malicious driver installation and win hooks attacks

I think Yes, Avast does!
 

1 more replies
Relevance 57.81%

I am having problems with My Dell XPS 400 XP
I used CCleaner and then tried to run malwarebytes but each time it will freeze after a minute or two then the whole computer seems to be frozen and I have great difficulty getting it back on. Malwarebytes was sending me notices of 'blocking malicious threats' even though I could not run the scan. I did see the 'blue screen of death' last week. Hoping a look at a hijack log might help find the problem.
Thank You
.DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.5.1
Run by Judy at 12:43:18 on 2012-07-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2129 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpda... Read more

Answer:Malwarebytes 'blocking malicious threats' but won't run

Don't know how to zip and attach to note pad.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/25/2005 6:46:13 PM
System Uptime: 7/18/2012 4:26:14 PM (68 hours ago)
.
Motherboard: Dell Inc. | | 0YC523
Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 67.908 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (FAT32) - 931 GiB total, 845.425 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FDS1____\5&286E6A4&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: SONY DVD-ROM DDU1615
PNP Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FDS1____\5&286E6A4&0&0.0.0
Service: cdrom
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GWA4164B_______________D108____\5&286E6A4&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVD+-RW GWA4164B
PNP Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GWA4164B_______________D108____\5&... Read more

25 more replies
Relevance 57.81%

"Malwarebytes blocking malicious IP address"

This is the notification bubble every 30 seconds from my current install of MB, it says that, plus the IP address it is blocking.. what does this mean?

I still have a trojan?

It finished cleaning up the trojan I caught yesterday.. but still gives these notifications.

Answer:Malwarebytes blocking malicious IP address

Let me see the hijackthis log, there may be an IP address to remove in there

9 more replies
Relevance 57.81%

I keep getting a message flashing up in the bottom L/H corner saying malicious website blocked with the following IP Addresses
109 201 135 109
103 224 36 2
103 242 216 254
178 152 6 49
Can someone advise I suppose them being blocked is something but is there anything I can do.Thank's

Answer:Malicious websites being blocked by Malwarebytes

Apologies it should have read bottom R/H corner

6 more replies
Relevance 57.81%

Thank you in advance for your kind assistance. I don't know what I'd do without this wonderful website!Malwarebytes 1.50.1.1100 has been blocking multiple IP addresses for several months now, stating "Successfully blocked access to a potentially malicious website" each instance. This happens multiples times on a daily basis,Here is just a cross-section of those IP addresses:89.28.100.87212.113.35.101188.65.50.4689.28.18.3085.234.172.14991.188.44.7889.28.94.52222.186.223.86213.55.112.65212.113.58.20077.78.217.230212.117.168.82212.113.34.50218.7.221.63212.113.33.230219.146.254.21594.96.48.23389.28.61.55212.113.55.11094.96.83.36222.65.211.13083.128.130.25389.28.22.141218.8.48.20083.128.130.25394.96.7.6083.128.130.25358.241.29.17489.28.90.240I can't determine that any program I installed on my system is contacting these IP addresses, so I must assume that there's spyware or malware on my computer that's doing so.BTW, if it makes any difference, I'm running Windows XP on a Macintosh via VMWare Fusion 3 with the Windows system installed on a Boot Camp drive.Below is my HiJack This log I just ran:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:37:57 PM, on 3/16/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS&... Read more

Answer:Malwarebytes keeps blocking malicious IP addresses

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

18 more replies
Relevance 57.81%

I keep getting messages saying malwarebytes has blocked a suspicious website.I have malwarebytes premium when I go into my account and click on history there are a lot of quarantined files etc do I delete them

Answer:Malwarebytes keeps blocking malicious websites

Hi jock1e just read your reply and had a look again in the history section and don't understand what is in the date section for example what is
2013 13:47:29 Which is classed a folder and if these are dates they do not go in any order
Can you or someone else explain

8 more replies
Relevance 57.81%

I just need to get this virus off my computer!
 

Answer:Can't get rid of malicious attacks even with malwarebytes scan...

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 57.81%

As the title says. I feel like im being watched.. please help lol

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by javonmhawk (administrator) on ZEN on 20-05-2015 15:31:47
Running from C:\Users\javonmhawk\Downloads
Loaded Profiles: javonmhawk & (Available profiles: javonmhawk)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Tencent) C:\Program Files\????\QQPCMgr\10.9.16349.225\QQPCRTP.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessus-service.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessusd.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x8... Read more

Answer:Malwarebytes Blocking Malicious Sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by javonmhawk at 2015-05-20 15:34:47
Running from C:\Users\javonmhawk\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-1748747307-3260626592-723431498-500 - Administrator - Disabled)
Guest (S-1-5-21-1748747307-3260626592-723431498-501 - Limited - Enabled)
javonmhawk (S-1-5-21-1748747307-3260626592-723431498-1002 - Administrator - Enabled) => C:\Users\javonmhawk

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ???????? (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ???????? (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be unins... Read more

31 more replies
Relevance 57.81%

Hi,

MalwareBytes keeps popping up, saying it's blocking malicious IP addresses from accessing the internet. One such IP is 188.65.50.84, another is 89.149.202.125. I looked them up, and they originate from Russia and Germany. This makes me a little nervous. Help would be greatly appreciated Smile

System info:
Windows 7 x64
Avast Anti-Virus
AVG Anti-Spyware
Lavasoft Ad-Aware
PC Tools Spyware Doctor
MalwareBytes Anti-Malware

HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:47:33 AM, on 6/23/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG... Read more

More replies
Relevance 57.81%

Hi:

I was using my computer and I saw a pop-up message from Malwarebytes about it blocking me from a malicous website. I did a search and found out the IP address that was trying to connect to my computer was from the Netherlands.

The connection attempt is outgoing. So does that mean it's some on my computer calling to the bad website?

I should also mention that yes I do have utorrent on my computer at this time but haven't used it since installing it(I did a test install of my own CAB creation of Utorrent first on a virtual PC and then on my "real computer" but haven't used it).

Please help!

Answer:Malwarebytes Blocking malicious IP address!

IP Protection (malicious website blocking) is part of the Protection Module and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. Some legitimate programs on your computer have access to the Internet and that action can also trigger an IP alert. These events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate. IP Protection is also designed to block incoming connections it determines to be malicious. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Malwarebytes is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts. Information that explains IP Protection feature can be found in the Malwarebytes Anti-Malware IP Protection FAQs.What does IP Protection do?IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges...What does this notification mean?This notification means quite simply, that an IP addre... Read more

5 more replies
Relevance 57.4%

I have a Samsung Series 9 NP900X3C notebook with an i5 1.7Ghz processor, 4GB RAM and a Samsung 840 EVO 1TB SSD running Windows 8.1 64-bit with all updates current. A several days ago, my computer started slowing down and locking up a lot. The task manager showed a lot of Com Surrogate processes running. I could stop them and they would start up again using all of the processor, RAM an disk assets until the computer crashed. I installed AVG Zen and Malwarebytes Premium. A lot of problems were found and deleted. Everything seemed okay for a few days, now every several minutes, I get a notice from Malwarebytes stating it blocked outbound traffic to malicious website 66.45.56.109. I've run multiple AVG & Malwarebytes scans and nothing was found. The Task Manager doesn't show any increased usage of computer assets or excess numbers of processes. In one of your related forums, BoopMe assisted me run the following:
MiniToolBox
TDSSKiller
ADW Cleaner
Junkware Removal
ESET
Security Check
 
I am still getting the notification from Malwarebytes of blocked outbound traffic to IP 66.45.56.109.  It is always the same IP address.  Any assistance would be appreciated.
 

Answer:Malwarebytes blocking traffic to malicious site IP 66.45.56.109

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

2 more replies
Relevance 57.4%

I'm getting multiple websites being blocked while not being on any browser. They are from WOW64/dllhost.exe and use various ports, all of which seem to start with a number in the 50s, if that helps at all.

I'm pretty much a complete novice at this, but I know enough to be able to follow instructions, at least.

Any help at all is appreciated.
 

Answer:MalwareBytes is blocking malicious websites- except I'm not online

Correction: C:/Windows/SysWOW64/dllhost.exe is the process that MalwareBytes is continually blocking, not C:/System32/WOW64/dllhost.exe as I initially reported in the above description of the problem.
 

2 more replies
Relevance 57.4%

Hello,I just purchased Malwarebytes anti-malware today. I have been running the free version for years. I needed the realtime protection since my daughter got a trojan and I had to re-install windows.Thank for the great software guys.One question. Realtime protection is now on for Malwarebytes and it flaggs a malicious attempt every once in a while. I have performed full scans by Malwarebytes.Avast freeBitdefender online scanner.I have Malwarebytes realtime protection on and Avast realtime protection enabled. Again nothing is being flagged but the IP blocks are causing me concern.Full scans by all 3 say my system is clean. I do not notice any issues. I just have Malwarebytes flagging addresses. Is this something to worry about? How can I find what file or process is trying to get to the IP address.The IP addresses from the logs are15:16:33 IP-BLOCK 209.44.97.13115:16:46 IP-BLOCK 84.16.236.12615:16:46 IP-BLOCK 209.44.97.13815:16:47 IP-BLOCK 84.16.228.20415:16:47 IP-BLOCK 209.44.97.16215:16:47 IP-BLOCK 209.44.97.16617:14:43 IP-BLOCK 209.44.97.131Then I had none for a few hours. Any suggestions?Thanks again,Below is my hijack log from dds.scrDDS (Ver_09-12-01.01) - NTFSx86 Run by Mike at 17:58:40.59 on Tue 02/02/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2726 [GMT -5:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Ru... Read more

Answer:Malwarebytes antimalware flagging malicious attack

hi mtr18103,Your log is a few days old. If you still need help simply reply to my post.

1 more replies
Relevance 57.4%

Hello
Malwarebytes is detecting malicious items that are recreating. The computer is does not appear to be having problems. Thank you
Second DDS file on next message.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/3/2015
Scan Time: 3:30:02 AM
Logfile: MBAM-dawk.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.03.02
Rootkit Database: v2014.12.30.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lonnie Dawkins

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 552308
Time Elapsed: 14 hr, 2 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.SearchLock.A, C:\Users\Lonnie Dawkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol, Quarantined, [a05ea84a51382f07d2af4015e320aa56],
PUP.Optional.SearchLock.A, C:\Users\Lonnie Dawkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol\1.1.0_0, Quarantined, [a05ea84a51382f07d2af4015e320aa56],
PUP.Optional.SearchLock.A, C:\Users\Lonnie Dawki... Read more

Answer:Malicious items found by Malwarebytes recreating

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2011 6:59:33 PM
System Uptime: 12/25/2014 12:40:46 PM (222 hours ago)
.
Motherboard: Hewlett-Packard | | 163D
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 668 GiB total, 16.79 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 3.995 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 279 GiB total, 39.101 GiB free.
H: is FIXED (FAT32) - 0 GiB total, 0.082 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP614: 12/22/2014 3:00:26 AM - Windows Update
RP615: 12/25/2014 9:35:17 PM - Windows Update
RP616: 12/28/2014 10:32:58 PM - Windows Backup
RP617: 12/29/2014 1:32:43 PM - Removed Java 7 Update 67
RP618: 12/29/2014 2:55:44 PM - Removed Java 7 Update 67
RP619: 12/29/2014 3:12:47 PM - Windows Update
RP620: 12/29/2014 11:48:28 PM - Removed Java 8 Update 25
RP621: 1/2/2015 11:01:53 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 9.0 Sprint
Adobe Acrobat XI Pro
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe C... Read more

31 more replies
Relevance 57.4%

I am running Windows XP. I have intalled several new programs over the past couple of weeks. I have Malwarebytes' Anti-Malware and have the IP protection enabled. I also have Avira AntiVir Personal - Free Antivirus and keep them updated. I have been having an issue with my computer being very slow and freezing up over the past couple of weeks. Everytime I attempt to open a new site or start IE, it prompts and states it has blocked access to a malicious IP = 95.211.1.176 (it is 80% of the time this IP, but sometimes it is another one; can't remember it though). Also, when I run IE, Avira will alert me stating it has detected a "pattern of the HTML/Infected.WebPage.Gen.HTML script virus" and I will quarantine this. This has alerted me on sites such as Google, eBay, eBates and others. I am unsure what is going on. I have gone into my Windows\Temp folder and have found "Perflib_Perfdata_34c" which is unable to delete due to it "being used by another program." Also, Malwarebytes' has found several items that it has quarantined, and I would list them right now, but I am running a full scan and can't access the quarantine files. I don't really see anything different in the task manager, but I am not sure. Avira and Malwarebytes' don't find anything during scans. I also have TuneUp Utilities 2009 and try to keep my computer "cleaned up" through the workings of that program as well.I am unsure this has anythig t... Read more

Answer:Malwarebytes keeps blocking access to a malicious IP... Am I infected?

Update mbam and run a FULL scanPlease post the results-------------------------------ATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. ... Read more

8 more replies
Relevance 57.4%

I am continually getting these pop up messages when on my favourite fly fishing site .

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by john at 15:05:31 on 2012-01-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.894.390 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Secunia\PSI&#... Read more

Answer:malwarebytes pop up blocking access to a malicious site

Sorry for putting this in the wrong thread , and thank you for correcting my mistake .
Ted.

15 more replies
Relevance 57.4%

Hello all, I am having a computer meltdown.  This morning, I came to my desktop and noticed that my Microsoft Security Essentials had flagged a "Win32/Zbot.gen!/plock".  I removed the files from the prompts in MSE and downlowded malwarebytes.  At that point MwB began blocking several malicious websites:
 
fff5e.com
IP Address 31.184.192.90 (out of Russia)
searchnet.blinkxcore.com
95.215.1.57 (also out of Russia)
88.214.193.72 (out of the UK)
 
I also had red flags for Anogre.E, Java/CVE-2013-2460, Java/Obfuscator.W, Win32/Crowti.A, and TrojanPoweliks
 
These came from scans through Adware and MWB.  I also ran CCleaner, HitmanPro, Junkware Removal, RogueKiller, and TDSSKiller.  No solution. 
 
Now when I run scans in MSE and MwB there is nothing found, but I still get the "Malicious Website Blocked" about everything 2 seconds. 
 
I did google searches for the fff5e and searchnet terms for possible viruses, but the free removal tools promising to remove the attached viruses haven't worked.
 
Any help would be much appreciated. I'm extremely new to this.
 
I have the first MBAM .txt log and the FRST .txt and addition.txt

Answer:Malwarebytes is constantly blocking "malicious websites"

G'day mlaw31, and Welcome to BC !
 
Exploit:Java/Anogre.A is a detection for an obfuscated Java class component associated with the exploit kit called SweetOrange. Similar to any other exploit kit, such as Blacole, it first determines information about your browser. This includes the browser you use (for example, Internet Explorer or Mozilla Firefox), its version, and what plug-ins are installed.
SweetOrange can exploit vulnerabilities in Java, specifically the vulnerability discussed in CVE-2013-0422.
Exploit:Java/Anogre.A usually comes bundled with another file detected as Exploit:Java/CVE-2013-0422.
 
 
Please follow the instructions in ==>This Guide<== starting at Step 6.
 
Once the proper logs are created, then make a NEW TOPIC and post it ==> HERE<==
 
Do not run ComboFix. Just include the requested logs from the guide above. Please be sure to include a description of your computer issues and what you have done to try to resolve them.
 
If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why along with a description of your computer issues.
 
Please post the link to your new topic back here so we can lock this one, and then only the Malware Response Team should handle your problem.
 
 
Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs... Read more

1 more replies
Relevance 57.4%

I have a Samsung Series 9 NP900X3C notebook with an i5 1.7Ghz processor, 4GB RAM and a Samsung 840 EVO 1TB SSD running Windows 8.1 64-bit with all updates current.  A few days ago, my computer started slowing down and locking up a lot.  The task manager showed a lot of Com Surrogate processes running.  I could stop them and they would start up again using all of the processor, RAM an disk assets until the computer crashed.  I installed AVG Zen and Malwarebytes Premium.  A lot of problems were found and deleted.  Everything seemed okay for a few days, now every several minutes, I get a notice from Malwarebytes stating it blocked outbound traffic to malicious website 66.45.56.109.  I've run multiple AVG & Malwarebytes scans and nothing was found.  The Task Manager doesn't show any increased usage of computer assets or excess numbers of processes.  What should I try next?

Answer:Malwarebytes blocking access to malicious site IP 66.45.56.109

Hello sailing, let's review these logs ...Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users rig... Read more

10 more replies
Relevance 56.99%

I have run across several of my clients that have been getting the fake AV's that running rampant. I have installed the paid version of Malwarebytes on their PC's to protect against these. None of the AV apps that they are using is protecting them against these fake AV's & I've seen just about all of the mainstream AV app's on these machines. Most all of them are set to update automatically, so I'm sure their AV apps are up to date.

I read somewhere that Malwarebytes paid version (running along with a good AV app) would block these fake AV's from activating. Is there any truth to this rumor? Has anyone actually seen this protection work??

Thanks!!

Answer:Will Malwarebytes protect against fake AV's?

The full version of Malwarebytes Anti-Malware (Pro) includes a real-time Protection Module that uses advanced heuristic scanning technology to monitor your system and the ability to schedule updates. This technology runs at startup where it monitors every process and helps stop malicious processes before they can infect your computer. Keep in mind that this feature does not guarantee something will not slip through as no product can detect and prevent every type of malware. The database that defines the heuristics is updated as often as there is something to add to it. Also keep in mind that Malwarebytes does not act as a real-time protection scanner for every file like an anti-virus program so it is intended to be a supplement, not a substitute. Those who purchase the full version receive a license key via email which includes a lifetime of free upgrades and support. For corporate and business customers, annual licenses are required. After activation, Malwarebytes can be set to update itself and schedule scans automatically on a daily basis. A multi-layered defense using anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, safe computing and safe surfing habits provides the most complete protection.

5 more replies
Relevance 56.58%

TwinHeadedEagle - I also have been infected with the same ransomware - attached are the 4 files referenced above.

Any help would be greatly appreciated.
 

Answer:Malwarebytes blocking malicious websites including fff5ee

Hello,
Yes, ransomware is present. We can remove this infection, but you won't be able to restore your files.
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

6 more replies
Relevance 56.58%

Hello. I have been attacked with what seems to be a version of ransomware, not sure which one. Encrypted my documents, photos, videos, emails that were on hard drive. Ran Malwarebytes & Advanced SystemCare 7 to remove then CCleaner to clean system, browser & registry.

Now I am left with Malwarebytes notifications blocking malicious websites including the fff5ee domain with process of C:\Windows\SysWOW64\dllhost.com. Also processes running COM Surrogate also dllhost.

I ran & attached the FRST logs.

Thank you for any help you can offer.
 

Answer:Malwarebytes blocking malicious websites including fff5ee

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 56.58%

malwarebytes Anti-Malware giving malicious web message on email outgoing server when i try to send email. -it shows my outgoing server as the malicious site
 
on inbound giving me same message showing the following:
 
57504
inbound
C:\\windows/system32/svchost.exe
also refers to an i.p. address 
ingoing & outgoing email all of a sudden.giving me malicious website message pop-ups. the trail is getting ready to run out.
 
running trial version malwarebytes Anti-Malware and use microsoft security essentials
anyone know what this could be?
 
Malicious Website Blocked
Domain - (references my outbound email server)
I.P. address they give just takes you to Malwarebytes for information
Port: references a port number
Type:Outbound
C://ProgramFiles(*86)MicrosoftOffice\Office\14OUTLOOK.EXE
 
CAN SOMEONE HELP?
tHANK YOU!
DO I HAVE A VIRUS
????
 

Answer:malwarebytes Anti-Malware giving malicious web message

Hello LuAnne123 and  Yes - the severely limited information you provided does likely point to a malware infection. I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also attach (not copy/paste) both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic. Please do not tick, nor untick, any pre-configured FRST categories. If you wish to remain in the BleepingComputer community, please carefully read the 3rd pinned topic in this "Security" section, and then post the required information within the 1st pinned topic in this section.Thank you.

1 more replies
Relevance 56.58%

Everytime I open Windows Media Player, Malwarebytes pops up with a message that says, "Malwarebytes has successfully blocked IP 213.174.154.144". I did some research and that IP apparently leads to a filthy malicious site. The thing is though is that I've ran a full scan with MB and it comes up as nothing infected and I did a full scan with Super Anti-Spyware and it didn't show anything infected either. So it must be hidden well because it keeps popping up EVERYTIME I open WMP. Please help.Here is my DSS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 20:01:04.31 on Sat 09/25/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.373 [GMT -5:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Intel\IntelDH\CCU\AlertService.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\PROGRA~1\COMMON~1\A... Read more

Answer:Malwarebytes finding malicious IP in Windows Media Player

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 56.58%

I have a dell laptop thats running windows xp pro version 2002 service pack 3.

It started with redirecting on google and windows popping up with adds that you have to click ok not cancel to get rid of.

I ran rkill, then malwarebytes which got rid of 9 infections.
it still gets the adds.

Ran ad-aware, which got rid of more.
Now malwarebytes is constantly have to block access to malicious websites and still getting the adds.

Any help would be appreciated.

More replies
Relevance 56.58%

This happens when even when surfing pedestrian pages like Yahoo and Amazon. The Malwarebytes will popup from the systen tray and say it blocked accedd to a site. If I google the site it usually comes up blank whth just a bunch of whois hits. Here is the list of sites blocked.

09:54:57 mikedan MESSAGE Protection started successfully
09:56:30 mikedan MESSAGE IP Protection started successfully
10:41:21 mikedan IP-BLOCK 222.76.25.150 (Type: outgoing)
10:42:30 mikedan IP-BLOCK 116.111.184.202 (Type: outgoing)
10:57:59 mikedan IP-BLOCK 62.45.154.4 (Type: outgoing)
10:58:45 mikedan IP-BLOCK 89.28.118.50 (Type: outgoing)
11:26:52 mikedan IP-BLOCK 195.216.174.11 (Type: outgoing)
14:37:10 mikedan MESSAGE Protection started successfully
14:37:47 mikedan MESSAGE IP Protection started successfully
15:08:39 mikedan IP-BLOCK 83.243.13.40 (Type: outgoing)
15:22:30 mikedan IP-BLOCK 89.28.120.197 (Type: outgoing)
15:53:07 mikedan IP-BLOCK 83.243.13.40 (Type: outgoing)
15:53:14 mikedan IP-BLOCK 62.45.129.161 (Type: outgoing)
16:08:44 mikedan IP-BLOCK 222.65.80.151 (Type: outgoing)
16:23:07 mikedan IP-BLOCK 89.28.117.20 (Type: outgoing)
16:36:47 mikedan IP-BLOCK 91.188.57.212 (Type: outgoing)
16:51:41 mikedan IP-BLOCK 219.153.98.173 (Type: outgoing)
17:08:23 mikedan IP-BLOCK 89.28.117.20 (Type: outgoing)
17:08:49 mikedan IP-BLOCK 89.28.50.170 (Type: outgoing)
17:21:29 mikedan IP-BLOCK 203.93.211.210 (Type: outgoing)
17:21:47 mikedan IP-BLOCK 85.234.163.95 (Type: outgoing)
17:53:51 mikedan IP... Read more

Answer:Malwarebytes repeatedly blocks accesses to malicious sites

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430952 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

3 more replies
Relevance 56.58%

Source: How to protect your business from ransomware

"Unfortunately, this trend in cybercrime is not going away.

Now here?s the bright side: As dangerous as ransomware can be, it?s not insurmountable. So instead of closing your eyes and praying it all goes away soon, take a look at this infographic to see what you can do to protect your business from this pervasive threat."

View PDF version
 

More replies
Relevance 56.17%

wiundows update says can t connect to server also spydoc i suspect some changed server address but no idea what it should be internet explorer?? using xp you can email thx
 

Answer:windows update won t connect to server

12 more replies
Relevance 56.17%

I have finished doing the anniversary updates and all went ok. However yesterday being Tuesday I went to the Windows Update section to do any updates that were available and kept of getting a reply could not connect to the update server.

All of my other computers that had the anniversary update can still connect to the update server, but this one computer for some strange reason will not connect to the update server.

I have disabled Windows Defender as well as Malwarebytes and still it will not connect to the update server. The internet is working just fine, so that can't be the problem.

Any idea's what could be going on here...

Answer:Can't connect to Windows Update Server

Hi, try the troubleshooter at the bottom. Please post back with the outcome. Thanks.

21 more replies
Relevance 56.17%

I have finished doing the anniversary updates and all went ok. However yesterday being Tuesday I went to the Windows Update section to do any updates that were available and kept of getting a reply could not connect to the update server.

All of my other computers that had the anniversary update can still connect to the update server, but this one computer for some strange reason will not connect to the update server.

I have disabled Windows Defender as well as Malwarebytes and still it will not connect to the update server. The internet is working just fine, so that can't be the problem.

Any idea's what could be going on here...

Answer:Can't connect to Windows Update Server

Hi, try the troubleshooter at the bottom. Please post back with the outcome. Thanks.

1 more replies
Relevance 56.17%

So I am finally going to update my Touch to 3.0 (from 2.2.1). I connected it to my PC and opened iTunes. However, when I click "Update" it instantly says it can't connect to the update server because I have no internet connection. But as you can see, I do.

I vaguely remember this happening once before, and it had something to do with a setting in Internet Explorer (or Internet Options in Control Panel). I have done a couple of Google searches, but I cannot find where it says to change the setting. Does anyone know what I'm talking about?

I did do a search on Apple's website about this, and they said to check the Automaticly Detect Settings under LAN settings... I did that, but it didn't help.
 

Answer:iTunes cannot connect to update server. Need Help

Ok, I am not too sure how I fixed it, but I am currently downloading the 3.0 software. The ONLY change I made was on my Touch's Sync window, I went to the Applications tab and checked "Sync Applications" (because I wasn't able to sync apps from itunes to my touch). So after I synced the apps I kept looking around the net for a place to download it outside of iTunes. I followed a link on Apple's site, and, as usual, it opened iTunes... but this time IT WORKED!
 

3 more replies
Relevance 56.17%

On 3/15/15 a normal windows 7 update dwnladed. next time I opened the computer, IE says it can't connect to the server. No other browsers (crome or safari) work either. Other programs (Skype, outlook) do work and connect to the interent .Please help

Answer:IE can'r connect to server after a windows 7 update

Could be coincidence, if you know which update caused this it could be worth uninstalling it - it can always be downloaded again.Always pop back and let us know the outcome - thanks

6 more replies
Relevance 56.17%

Note the detections, other than the PUP there are temp avast files which are malicious. I hope this is a false positive
 

Answer:Avast files detected as malicious by Malwarebytes Anti-Malware

Malwarebytes used to detect itself as malicious, so this isn't as surprising.
 

4 more replies
Relevance 56.17%
Question: malicious website

Hello!

My computer appears to be infected with some malware-

malwarebytes antimalware keeps somcing up with these messages:

malwarebutes has successfully blocked access to potentially malicous IP 95.211.188.45 (or) 95211141105. (or) 94968684.
And avast keeps coming up with messages like:

avast has detected a secure connection from you email program (process svchost.exe) to the SMTP server 202.248.238.12 (nifty.com).
please advise! i have no idea what to do and would appreciate any help hugely.

Regards, sam

Answer:malicious website

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

20 more replies
Relevance 56.17%

I was scrolling through facebook, and I clicked a link. I learned my lesson, after I signed into the webpage and now it's posting things through my facebook. So, it's posting these things and I didn't realize, and it just keeps on posting them, and so I clicked on it, and it's making me frustrated because there is no way you can sign out.
http://viral-district.com/home is the link, and I'm really embarassed by some of the things they post. They say that they have a policy where you can email them and ask to remove your personal information from the site, but it doesn't give an email, it just says
"If you have any questions or concerns about our privacy policies, please contact us:
[CONTACT FORM URL] OR
[PHYSICAL MAILING ADDRESS]"
someone can you please, please, please help me?
 

More replies