Jump to content

nickel78

Honorary Members
  • Posts

    29
  • Joined

  • Last visited

Reputation

0 Neutral

About nickel78

  • Birthday 12/19/1978

Contact Methods

  • MSN
    nickel780@hotmail.com
  • ICQ
    0

Profile Information

  • Location
    Ga, USA
  1. Here are my mbae logs mbae.zip
  2. i have a customer that got infected yesterday by opening an email attachment. The attachment was a word doc of a fake invoce. When he opened it, it advised him to enable Activex. After allowing it, he got a call from his bank about his account being compromised. I started cleaning the computer and installed Malwarebytes Anti-malware and Anti-exploit. After cleaning the computer with tools like JRT, TDSSkiller, Combofix, and other tools, I enabled the anti-exploit and have not been able to open any web browser since then because it comes up with a detection. I really need some help figuring out what to do to resolve this issue. I can attach the original document if that helps as well.
  3. I could not get that particular file restored, but I could restore the same file in a similar folder that was detected as well. Maybe this will be just as good. This file was found in the directory: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46121.0_x64__8wekyb3d8bbwe The same file that cannot be restored was located in the directory: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe HxTsr.zip
  4. I am using Outlook 2013, not 2016. I am running Windows 10 Pro x64. I purchased the full retail version when it was released because I run an IT business and didnt want to wait for the free update, so I am not using the free upgrade. I have attempted the reboot and file recovery method and it does not work. Thank you both for helping me on this issue.
  5. The file is not present in the folder anymore. Malwarebytes quarantined it and it will not allow me to put it back, as described in my attached picture. What else can I try?
  6. ok. with that being said, is there anyone that can give me some info on my problem?????
  7. I keep getting a notification that a file has been detected and quarantined. I just want to know if it is legit or not. I am attaching the zip files of the logs and program data. Also a picture of the error I get when I try to restore the file Malwarebytes Anti-Ransomware.zip MBAMSERVICE.zip
  8. also here is todays log if you would like to see it protection_log_2010_08_06.txt
  9. every time i have a web browser open, whether it be internet explorer or google chrome, this ip address gets blocked randomly. there is no certain sites that i go to to make this happen. it just popped up with just this site open
  10. malwarebytes is constantly blocking the same ip address daily - 91.207.192.37.
  11. i dont know if it is a false positive. thats what i need to find out
  12. i am not sure if this is the right place to post this problem but im sure that someone will let me know. I am constantly getting a popup from malwarebytes saying that it is blocking an ip address of 91.207.192.37. just let me know what you need to know or if im in the wrong place. Thanks
  13. this is the only logfile in that folder Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28 \Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8 \Driver\atapi -> atapi.sys @ 0xb9f11852 IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a \Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 user & kernel MBR OK
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.