ataraxy
Honorary Members-
Posts
29 -
Joined
-
Last visited
Reputation
0 Neutral-
Thanks. I'm not sure if this is the right place for a suggestion, but could the notification for blocks be upgraded to show that Malwarebytes is blocking the whole IP address because of the trojan, rather than just saying "trojan". That way I have the information that I need to go back to the site owner so that this can be resolved.
-
ataraxy started following Could you please check lexfridman.com
-
Could you please check the block on lexfridman.com. URLVoid shows all their checks thinks it is okay: https://www.urlvoid.com/scan/lexfridman.com/ Thanks Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 30/05/2023 Scan Time: 20:31 Log File: 2c05daf8-fed5-11ed-9d59-7085c25ed56b.json -Software Information- Version: 4.5.28.266 Components Version: 1.0.2005 Update Package Version: 1.0.70201 Licence: Premium -System Information- OS: Windows 10 (Build 19045.2965) CPU: x64 File System: NTFS User: DESKTOP-924NB8O\atara_8qkh5k2 -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 2 min, 2 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
-
Great! Thanks for confirming. I can use that in my reports about the site.
-
When trying to unsubscribe from an email list at trk.cpro20.com I got a warning from Malwarebytes - see below. URLVoid shows one other organisation thinks there is a problem, but 33 who think that it is okay: https://www.urlvoid.com/scan/trk.cpro20.com/ Could you please check and let me know who has the correct information. Thanks Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 19/02/2021 Protection Event Time: 16:50 Log File: 5fe8c2ba-7276-11eb-8ae6-7085c25ed56b.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.37281 Licence: Premium -System Information- OS: Windows 10 (Build 19041.804) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: trk.cpro20.com IP Address: 2001:8002:e21:f002::f5ff Port: 80 Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
-
Sounds reasonable. Thanks!
-
Could you please check the classification of fund.school. Malwarebytes currently blocking it, even though URL Void shows it as okay https://www.urlvoid.com/scan/fund.school/. I don't claim that it's a great site - it's being used by someone who just spammed the contact form on my web site - but if they are okay, I would like to be able to tell them about the spammer. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 27/01/2021 Protection Event Time: 18:34 Log File: 0e291fee-6072-11eb-a84e-7085c25ed56b.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1146 Update Package Version: 1.0.36271 Licence: Premium -System Information- OS: Windows 10 (Build 19041.746) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: fund.school IP Address: 104.238.93.235 Port: 80 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)
-
Malwarebytes is detecting testdisk-7.0.win.zip as malicious. Since it's been sitting on my PC since 2016, I suspect that's a false positive. VirusTotal suggests it is okay: https://www.virustotal.com/gui/file/3c1fdbaca0ac686677f88b6bbf18d04c82f2c4047488c2e52da8e2347574b320/community Malwarebytes report: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 06/11/2020 Scan Time: 02:17 Log File: 0505106e-1f7a-11eb-9174-7085c25ed56b.json -Software Information- Version: 4.2.2.95 Components Version: 1.0.1096 Update Package Version: 1.0.32494 Licence: Premium -System Information- OS: Windows 10 (Build 19041.610) CPU: x64 File System: NTFS User: DESKTOP-924NB8O\atara_8qkh5k2 -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 0 min, 17 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.4231076329, D:\DATA\DOWNLOADS\TESTDISK-7.0.WIN.ZIP, No Action By User, 1000000, 0, 1.0.32494, DC84BCEF686F1AC0FC3119E9, dds, 00971019, 035792105F3221E1A8758E7F3F575418, 3C1FDBACA0AC686677F88B6BBF18D04C82F2C4047488C2E52DA8E2347574B320 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) testdisk-7.0.win.zip
-
Malwarebytes is blocking https://covid-drm.org/ It looks okay at https://www.urlvoid.com/scan/covid-drm.org/ so could you please check it. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 15/05/2020 Protection Event Time: 17:49 Log File: 9055d3fc-9680-11ea-b1b9-7085c25ed56b.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.896 Update Package Version: 1.0.23862 Licence: Premium -System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: RiskWare Domain: covid-drm.org IP Address: 172.104.242.238 Port: 443 Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
-
Malwarebytes is blocking zipgenius.it. It looks okay on https://www.urlvoid.com/scan/zipgenius.it/ so could you please check it. Thanks Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 06/07/2019 Protection Event Time: 17:58 Log File: d06c2428-9fc3-11e9-b9c0-7085c25ed56b.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11420 Licence: Premium -System Information- OS: Windows 10 (Build 17763.557) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: www.zipgenius.it IP Address: 89.40.174.36 Port: [52492] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)
-
Malwarebytes is blocking tightvnc.com. Is there are problem with this site, or is this a false positive? It looks okay on https://www.urlvoid.com/scan/tightvnc.com/ Thanks Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/06/2019 Protection Event Time: 15:02 Log File: e57499b9-8b3c-11e9-be0a-7085c25ed56b.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.10974 Licence: Premium -System Information- OS: Windows 10 (Build 17763.503) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: www.tightvnc.com IP Address: 178.57.221.94 Port: [61736] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)
-
Many outbound blocks utorrent
ataraxy replied to ataraxy's topic in Malwarebytes for Windows Support Forum
Thanks. My post was mainly a response to but for some reason it was split off into its own thread. -
I just upgraded to v3 today, and I'm seeing the same thing. I don't know whether it is due to the upgrade, or whether it is because as a result of the upgrade, I got the 14 day free trial of the premium version. As utorrent seems to the be working okay - I'm only seeding at present, but stuff seems to be going out - I guess that there are various users that are being blocked.
-
Thanks. Ran a scan with the new definitions and no problems.
-
OpenCandy is being detected in the uTorrent v3.4.9.42606 executable (not the installer). This is with Malwarebytes v2.2.1.1043 Free, database 2016.10.07.03. The file is attached. uTorrent v3.4.9_42606.7z