nickel78
Honorary Members-
Posts
29 -
Joined
-
Last visited
Reputation
0 NeutralAbout nickel78
- Birthday 12/19/1978
Contact Methods
-
MSN
nickel780@hotmail.com
-
ICQ
0
Profile Information
-
Location
Ga, USA
-
Here are my mbae logs mbae.zip
-
i have a customer that got infected yesterday by opening an email attachment. The attachment was a word doc of a fake invoce. When he opened it, it advised him to enable Activex. After allowing it, he got a call from his bank about his account being compromised. I started cleaning the computer and installed Malwarebytes Anti-malware and Anti-exploit. After cleaning the computer with tools like JRT, TDSSkiller, Combofix, and other tools, I enabled the anti-exploit and have not been able to open any web browser since then because it comes up with a detection. I really need some help figuring out what to do to resolve this issue. I can attach the original document if that helps as well.
-
I could not get that particular file restored, but I could restore the same file in a similar folder that was detected as well. Maybe this will be just as good. This file was found in the directory: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46121.0_x64__8wekyb3d8bbwe The same file that cannot be restored was located in the directory: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe HxTsr.zip
-
I am using Outlook 2013, not 2016. I am running Windows 10 Pro x64. I purchased the full retail version when it was released because I run an IT business and didnt want to wait for the free update, so I am not using the free upgrade. I have attempted the reboot and file recovery method and it does not work. Thank you both for helping me on this issue.
-
The file is not present in the folder anymore. Malwarebytes quarantined it and it will not allow me to put it back, as described in my attached picture. What else can I try?
-
ok. with that being said, is there anyone that can give me some info on my problem?????
-
Anyone out there have any thoughts???
-
I keep getting a notification that a file has been detected and quarantined. I just want to know if it is legit or not. I am attaching the zip files of the logs and program data. Also a picture of the error I get when I try to restore the file Malwarebytes Anti-Ransomware.zip MBAMSERVICE.zip
-
Need to know if this is a false positive or not
nickel78 replied to nickel78's topic in Website Blocking
also here is todays log if you would like to see it protection_log_2010_08_06.txt -
Need to know if this is a false positive or not
nickel78 replied to nickel78's topic in Website Blocking
every time i have a web browser open, whether it be internet explorer or google chrome, this ip address gets blocked randomly. there is no certain sites that i go to to make this happen. it just popped up with just this site open -
malwarebytes is constantly blocking the same ip address daily - 91.207.192.37.
-
ok. thank you
-
i dont know if it is a false positive. thats what i need to find out
-
i am not sure if this is the right place to post this problem but im sure that someone will let me know. I am constantly getting a popup from malwarebytes saying that it is blocking an ip address of 91.207.192.37. just let me know what you need to know or if im in the wrong place. Thanks
-
Constantly blocked ip addresses
nickel78 replied to nickel78's topic in Resolved Malware Removal Logs
this is the only logfile in that folder Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28 \Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8 \Driver\atapi -> atapi.sys @ 0xb9f11852 IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a \Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 user & kernel MBR OK