Double

Members
  • Content count

    37
  • Joined

  • Last visited

About Double

  • Rank
    New Member
  • Birthday 07/24/1989
  1. Thanks arturt.. although the sticky says otherwise, i still appreciate your help. It may even help the staff
  2. Hi, I visit a certain forum occasionally, and usually when i do, i run across a blocked connection to 'yuq.me'. What is it, and is it a false positive? This (hxxp ://www. theisozone .com/forum/viewtopic.php?f=38&t=30007&p=241106&hilit=download+cloustores#p241106) prompted the website block. It links to a thread at The Iso Zone (www.theisozone.com), a friendly emulator community site/forum. By the way, have an adblocker ready just incase.
  3. http://youtu.be/SCcpauJp63c
  4. Thanks Spud for sharing that link, it was really interesting. I do have a question though, if you've got a PC with 80,000 images on it, and Malwarebytes said everything was clean, is it considered safe? I use Visipics to separate duplicates, and of the dupes it occasionally finds, the differences i find in some of these images are only related to bytes (KB/MB), not dimension or filetype. I always keep the images with the larger byte size because i feel like I'm saving the original file, keeping in mind that they might have been saved as PNG and re-converted by some as a JPG.
  5. I'm confused.. isn't the IP address the same as the domain? OnCelebrity is just a celebrity picture site, i don't see how anybody can experience fraud there..
  6. Is this a false positive? MBAM seems to have blocked this IP multiple times in one visit attempt. Found at http://oncelebrity.com/ , doesn't seem like a bad site. Posted log below: Update, 6/4/2014 12:29:57 AM, SYSTEM, FONTAINE, Manual, Malware Database, 2014.6.4.1, 2014.6.4.2, Protection, 6/4/2014 12:29:59 AM, SYSTEM, FONTAINE, Protection, Refresh, Starting, Protection, 6/4/2014 12:29:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Stopping, Protection, 6/4/2014 12:29:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Stopped, Protection, 6/4/2014 12:30:27 AM, SYSTEM, FONTAINE, Protection, Refresh, Success, Protection, 6/4/2014 12:30:27 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Starting, Protection, 6/4/2014 12:30:27 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Started, Detection, 6/4/2014 12:47:56 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57685, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:56 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57686, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:57 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57685, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:57 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57687, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:57 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57688, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57689, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57690, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/4/2014 12:47:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57691, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, (end)
  7. Still, couldn't MBAM do a better job of differentiating a change made by the user, and one made by malware? I'm glad that it is at least labeled as a 'PUM', but this only appears on MBAM 2.0, and isn't as helpful to the less savvy. For the longest time, I had been lead to believe that I was infected with a malware that was extremely conniving and hard to kill, 'jumping' from new installation to new installation, when the real cause was actually customizing the interface every time i setup one these 'new installations'. If i could have been given that answer a lot sooner, i would not have reinstalled my system as many times as i have.
  8. I unhid 'Computer' from the start menu, then unquantined what MBAM found, then restarted. On bootup, 'Computer' was hidden again (the way it had been before MBAM quarantined it), this confirms that the user hiding 'Computer' from the start menu is certainly a false positive. I can also see how malware might want to fool around with it.
  9. I asked the question and posted my log over at the Xplorer2 forums, and discovered by a user named Kilmatead that the PUMs were actually related to hiding 'Computer' from the start menu. The question I have now is, what should i do with the quarantined item? I've already hid 'Computer' twice now.. wouldn't MBAM find this PUM again?
  10. I am beginning to think the same thing, but how do i know that it's okay to release back into the wild? I've been using the product and it seems to run fine as it is, but I'm wondering if the PUM has since been reapplied. I may do another scan to check. I attached the MBAM log and a screenshot indicating that the 'Windows Explorer replacement' feature is currently enabled. No idea if this PUM would have appeared if i had not asked it to replace Windows Explorer during the install. log.txt
  11. Hi, i recently reinstalled my system to refresh some things, i do this occasionally. Before I reinstalled I did a scan with MBAM, everything came up clean. After reinstalling all my programs on the new installation, i received a notification from MBAM that it had found 'PUM.Hijack.StartMenu' during a routine scan. The programs I installed were from their official sites, others using Ninite (https://ninite.com/). I then decided to download a paid app called Xplorer2 (http://www.zabkat.com/) which I have abandoned in the past, because i thought it was the cause for a "Hijack.Drives" i caught long ago. For those unaware, Xplorer2 is basically a Windows Explorer replacement. I am beginning to think Xplorer2 is the same reason for the 'PUM.Hijack.StartMenu' i just caught. There is a setting inside Xplorer2 which allows you to make Xplorer2 the 'default' explorer, which does have to make necessary changes to the registry in order for the app to trigger in place of Windows Explorer. I'll attach an image of this feature and the MBAM log in the coming hours. What do you guys think? Is this a legitimate find, or should i un-quarantine it from MBAM if it's needed for Xplorer2? 'Hijack.Drives' is likely to similar to 'PUM.Hijack.Startmenu', just sounds slightly different because of the new MBAM 2.0 interface.. but i could be wrong. I found this little bit from Malwaretips.com:
  12. thanks for bringing that to my attention Daledoc :]
  13. Sorry i think I've misunderstood this part, what you are trying to say here? source code? how to search with the jpg extension? real time? Thanks, I'll keep that advice in mind.. but it's hard to believe it was designed to be run that way only. Ever since I got caught up in the Internet Security 2010 malware years ago, it sorta conditioned myself to enter safemode by default. I laugh at the infection now, but it was scary back then. I should also mention that in the past, I have found additional infections in safemode that otherwise would not have been found in normal Windows.
  14. Google recently made changes to Gmail, they now host content sent from every email. It's probably impossible for them to host every image on Google Images, considering how expansive the World Wide Web is. Another thing worth noting, pictures of all kinds can trigger these IP blocks, but you've got to know where to look, and it helps to be specific (e.g. 'Siberian Husky' instead of 'Husky'). Using the sites' Reverse Image technique on a local image on your computer can reveal sites that trigger IP blocks too.
  15. re-wording this.. adult content/women/etchard-to-find, raritieshigh resolution (usually up in the 2000x1500px range and higher)