emmsee

Thanks John, Impatiently I wait!!! cheers

Thanks John, That clarified that. BUT...... how can I get the block removed that Malwarebytes has on my IP address? Siteground just had this to say: "we will inform you if we find unwanted piece of code on your account. I have checked your hosting account and you are clean from malicious code." I get an email from Siteground every week informing me that our website is clean, so I'm puzzled that MWB is saying I have exploit code. I've also run a multi RBL check on our IP address and received 64 clean bills of health. cheers Mike

David, Do you mean one IP address as we pay for a fixed IP address and our host (siteground.com) assures me it is shared with no one? My contract is with Siteground.com and when I log in to my Cpanel or webmail it is via Siteground.com. A tracert terminates at ns1.siteground238.com Where did you find that SingleHop.inc is our host I'll ask Siteground what relationship they have with Singlehop Inc. I still don't understand what what 'exploit code' we are guilty of. How do I find out what we are supposed to be doing (wrong) (ilegally)? cheers Mike

Andrew, I'm not sure that I understand what you mean - are you talking about Siteground or 184.154.231.13 ? What exploits are you referring to? We are talking about a sporting club website here - were these 'exploits' reported? By whom? This is puzzling and to merely say 'due to exploits being identified on there' is not helpful and doesn't assist me to have the block removed. Please provide more assstance to help me have the block removed. regards Mike

What does 'this is not a F/P' mean. I'm assuming FP means False Positive. Can't you be more specific?

About 48 hours ago I failed to access the 'adventuresportnq.info' website, webmail, cpanel or wordpress dashboard. I am the site owner and administrator. Response on attempting to access the website was 'Network acess denied' I had disabled both the hardware (Windows 8.1) firewall and AVAST firewall - still no access I lodged a ticket with my host and asked my ISP if they were blocking the site -neither could give me an explanation as to why Access was being denied. I turned off 'enable malicious website blocking' in Malwarebytes and , Hey Presto, all access is restored. Turn it back on again and no access. I've tried to enter a URL In the exclusions but help reveals that I cannot add a URL to the exclusion / whitelist!! Guys, what gives - why are you blocking access to a sporting club website? I need to get this fixed pronto as I've had dozens of phone calls/ texts asking what the probem is - all from Malwarebytes users. regards Mike PS - No file attached as it is not relevant to the problem

Thanks for all your advice - it worked fine; no positives on the post boot scan. I cannot trace what would have caused an old 2004 version of GDIplus to be installed, however it is now repaired by following your advice re the SDK install. Again Bruce, Many Thanks Emmsee from Cairns North Queensland

So, where to from here?

I'm running Vista SP2 - wouldn't that have a different file size/hash? emmsee

Attached GDIPLUS.zip

In last nights scan Malwarebytes reported gdiplus.dll as malware.packer.gen, a keylogger. I run a scan nightly I searched for gdiplus.dll and have 55 copies. MBAM reports the c:\windows\system32 copy as the file that is being Malware, and a corresponding registry entry. My concern is that auditmypc says that gdiplus.dll is essential for the running of windows - specifically visual content and audio - see attachment. I have rerun the scan in developer mode and attach that file as well. Before I take delete action I want to be absolutely certain that it is Malware and that removing it wont make my system unusable. If it is what do I do to replace it? regards emmsee from DownUnder mbam_log_2010_02_01__09_44_28_.txt