« previous next »
Pages: [1]

Author Topic: Malwarebytes keeps blocking website access when I'm not browsing.  (Read 6125 times)

0 Members and 1 Guest are viewing this topic.

March 02, 2017, 04:24:01 PM

Sagmis

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
Malwarebytes keeps blocking website access when I'm not browsing.
« on: March 02, 2017, 04:24:01 PM »
Hello,

Malwarebytes keeps blocking website access when I'm not browsing. I figure this was a bad sign and went looking for a solution, RogueKiller found the following files, and I just want to confirm that they are safe to remove before deleting something in the registry and that this will solve the problem.

Thanks for any help you can provide.


RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : derek_000 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/02/2017 09:16:13 (Duration : 00:40:45)

¤¤¤ Processes : 1 ¤¤¤
[Adw.Cloudguard] CTService.exe(2412) -- C:\Program Files (x86)\Cold Turkey\CTService.exe[-] -> Found

¤¤¤ Registry : 7 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\ProductSetup -> Found
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\ProductSetup -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\ProductSetup -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\ProductSetup -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5c466057-1719-46ad-86e4-8711fbfab22c} | DhcpNameServer : 10.0.1.2 ([])  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7BDD5860-2778-4126-92BF-A4D8F8478FA1} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe|Name=Battle.net Update Agent|
  • -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DCB0378F-2AFD-46B1-A236-A52281245A86} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe|Name=Battle.net Update Agent|
  • -> Found


¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Adw.Cloudguard][File] C:\Program Files (x86)\Cold Turkey\Microsoft.Win32.TaskScheduler.dll -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Grammarly for Chrome [kbfnbcaeplbcioakkpcpgfkobkghlhen] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA DT01ACA200 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 1907600 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ADATA SP610 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 243220 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 499195904 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
Logged
Reply #1March 02, 2017, 04:59:01 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2812
  • Reputation:
    100
    • View Profile
Re: Malwarebytes keeps blocking website access when I'm not browsing.
« Reply #1 on: March 02, 2017, 04:59:01 PM »
Hi Sagmis,

Welcome to Adlice.com Forum.
Please remove the following entries :
Code: [Select]
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\ProductSetup -> Found
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\ProductSetup -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\ProductSetup -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\ProductSetup -> FoundThe other detections are false positives and will be fixed as soon as possible.

Could you please attach Malwarebytes Access log with your next reply ?
Regards.
Logged
Reply #2March 02, 2017, 05:17:04 PM

Sagmis

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
Re: Malwarebytes keeps blocking website access when I'm not browsing.
« Reply #2 on: March 02, 2017, 05:17:04 PM »
Thanks for your help.

I have deleted the files and will post tomorrow if the problem has been resolved.

Here's the Malwarebytes report you requested. It appears to concern three different ports. There are about fifty reports these appear to be the only variants.

Please let me know if you need anything else, thanks again.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/2/17
Protection Event Time: 8:06 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1402
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0


-Website Data-
Domain:
IP Address: 239.255.255.250
Port: [63938]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe



(end)

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/2/17
Protection Event Time: 9:58 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1403
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain:
IP Address: 239.255.255.250
Port: [54841]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe



(end)

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/2/17
Protection Event Time: 9:54 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1403
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain:
IP Address: 239.255.255.250
Port: [59029]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe



(end)
Logged
Reply #3March 02, 2017, 05:21:32 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2812
  • Reputation:
    100
    • View Profile
Re: Malwarebytes keeps blocking website access when I'm not browsing.
« Reply #3 on: March 02, 2017, 05:21:32 PM »
Hi Sagmis,
Quote
239.255.255.250
Addresses starting with a number between 224 and 239 are used for IP multicast.  IP multicast is a technology for efficiently sending the same content to multiple destinations.  It is commonly used for distributing financial information and video streams, among other things.
I think it's a false positive from Malwarebytes.

Regards.
Logged
Pages: [1]
« previous next »