• Content count

  • Joined

  • Last visited

About BillCherryAtl

  • Rank
    New Member

Contact Methods

  • ICQ
  1. Hello - Just a friendly suggestion when releasing updates to the Malwarebytes application. When the updates are released which come with a "run once" registry entry, it would be nice if that registry entry was identified as being part of the Malwarebytes update. Some of us have security software which alerts us when there is a registry change. The application is always strange and not identifiable to any program when it's properties are checked. Before I OK such a registry change, I'd like to know what it's about always being aware of nasty malware or viruses as a possibility. Am I making any sense ? Thank you.
  2. Question please. Does this update use a file called "is-GHJBN.exe" to update? A security program on my machine asked if I would ok a "run once" of "C:\Windows\is-GHJBN.exe /REG". Google tells me nothing about this file nor does the file's properties. However, I remember such strange files in the past being associated with Malewarebytes updates - is it true now? Thank you for any guidence.
  3. Thank you for confirming what I thought was the case. Too bad Malwarebytes does not identify the ownership in the application's properties - that would eliminate questions.
  4. Does this new release require the application C:\WINDOWS\is-EJBDH.exe /REG to run once on reboot? I have softeawre - Win Patrol - which alerts me to changes in my registry and this morning it asked permission to allow C:\WINDOWS\is-EJBDH.exe /REG to run once. It always bothers me when I can't find any information about something wanting to change my registry - search engines returned nothing. It seems to me this occurred on the last update with a similar foreign run once entry. I bet it's the 1.44 update but could someone confirm that for me? Thank you
  5. Thank you Exile - I expected this much because the request came right after the request to add Malwarebytes new version to my startup folder. cheers
  6. My update was automatic without a flaw. I've got a program called WinPatrol that looks for changes in my registry and additions to 'run once' programs or new 'start at boot' programs. Right after I gave permission for Malwarebytes to start at boot, Win Patrol asked if I wanted to allow a 'run once' program located : C:\WINDOWS\is-O8N5J.exe /REG Is this part of the Malwarebytes update? I checked the properties on the 'is-O8N5J.exe' executable but there was no information as to the origin. I'd appreciate any input.
  7. With regard to the "IP Blocked" alert I have a question. On my Malwarebytes I get an alert after booting and before I do anything. Alerts also come at other times but usually I've got a browser and other programs open. So I checked the IP's being blocked only to discover one was in China and another in Moldavia neither of which gives me a warm & fuzzy feeling. I've used my security software for scanning and the Task Manger, Process Explorer, and TCP Port view in an effort to identify just what is doing this - all efforts failed. I can not find a rogue program. Any suggestions on how to identify the culprit short of installing a paid firewall like Zone Alarm that would show programs trying to access the internet?
  8. Thank you. Posted on the other part of the forum.
  9. Hey folks. I've been receiving an alert that Malwarebytes has blocked out-going traffic with IP xxx.xx.xx.xx (it changes). I've attempted to use my Process Explorer and TCP port viewer to identify what's calling home. I've checked the IP's and in each case it is to places with which I have no connection like China and some advertising firm in California. I've done a HJT scan before checking it myself but could not find the culprit. It was suggested to me that In post it here knowing other eyes may see something I do not see. BTW, the calling home generally occurs shortly after boot but rarely after that. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:11:25, on 10/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\WinAlarm\WinAlarm.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PMAIL\Programs\winpm-32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Ziptionary BHO - {F9FF8423-50F2-4f80-A31D-D1A03DBE9D86} - C:\Program Files\Ziptionary\ziptionary.dll O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe" O4 - HKLM\..\Run: [WinAlarm] C:\Program Files\WinAlarm\WinAlarm.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [As-U-Type] C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Startup: Tiny Watcher Logon Time.lnk = C:\Program Files\Watcher\Watcher.exe O4 - Global Startup: As-U-Type.lnk = C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe O4 - Global Startup: Online Assistant.lnk = C:\Program Files\American Express Online Assistant\OnlineAssistant.exe O8 - Extra context menu item: &Dictionary - O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 7287 bytes Thank you for looking.
  10. I've tried using both TCP-view port and Process Explorer but neither one has been useful in identifying the culprit. It could be that a known safe program is being used as a surrogate or even svchost. It would be great to have a path to the source of the attempted outgoing connection.
  11. Thank you both. I do know how to identify the owner of the IP, the location of the IP, etc. What I want is to identify the executable in my computer trying to contact the IP. I now understand Malwarebytes can't do that but it certainly would be a great feature and very useful in finding nefarious malware.
  12. Hey Guys I'm new here so forgive me if this question has been asked and answered. What I'd like to know is if there is a method whereby I can identify the program trying to access the internet from my computer when I see the balloon pop up saying Malwarebytes blocked access to