Solved Malwarebytes Anti-Malware successfully blocked access to a potentially malicious site

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Farbar Service Scanner Version: 05-01-2013
Ran by DJ (administrator) on 14-01-2013 at 15:58:21
Running from "C:\Users\DJ\Desktop"
Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-01-04 17:19] - [2012-11-05 22:53] - 0560640 ____A (Microsoft Corporation) 36D6A3201721558A8AFBCC09C2DA4C2C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll
[2013-01-09 16:41] - [2012-09-20 01:31] - 0210432 ____A (Microsoft Corporation) 066B9710B36AB550E01EEFCA52155968

C:\Windows\System32\mpssvc.dll
[2013-01-04 17:20] - [2012-10-11 00:44] - 0904192 ____A (Microsoft Corporation) 3031573A739DBEE8923851929D0AF423

C:\Windows\System32\bfe.dll
[2013-01-12 00:54] - [2012-11-26 23:17] - 0718848 ____A (Microsoft Corporation) 9E6A544F465C582AB42444A217CF04DC

C:\Windows\System32\drivers\mpsdrv.sys
[2013-01-04 17:20] - [2012-10-11 00:15] - 0074752 ____A (Microsoft Corporation) 0D1609DD82C7440F5D5BF21A9D4D5C0C

C:\Windows\System32\SDRSVC.dll
[2012-07-25 20:08] - [2012-07-25 22:07] - 0148480 ____A (Microsoft Corporation) 92968277ED491E4B3DDA361E3952361E

C:\Windows\System32\vssvc.exe
[2012-07-25 18:36] - [2012-07-25 22:08] - 1482752 ____A (Microsoft Corporation) EA658570314042C914964FC72AB50E6B

C:\Windows\System32\wscsvc.dll
[2012-07-25 18:31] - [2012-07-25 22:08] - 0099840 ____A (Microsoft Corporation) FB0C1B7F94FA08E72F19F6F2CE7210E1

C:\Windows\System32\wbem\WMIsvc.dll
[2012-07-25 18:55] - [2012-07-25 22:08] - 0219648 ____A (Microsoft Corporation) 3D6B518B71C75C8FA4115A33615C107A

C:\Windows\System32\wuaueng.dll
[2013-01-12 00:54] - [2012-11-26 23:19] - 3345920 ____A (Microsoft Corporation) A8484C0CB54DB48180FB7CA00F1C3F8F

C:\Windows\System32\qmgr.dll
[2012-07-25 19:18] - [2012-07-25 22:07] - 0826368 ____A (Microsoft Corporation) D598C44A7072D3108D8D8102EC5E07F7

C:\Windows\System32\es.dll
[2012-07-25 18:50] - [2012-07-25 22:05] - 0507904 ____A (Microsoft Corporation) F9E01C2D9F8BC049E04CF5DC24A5F638

C:\Windows\System32\cryptsvc.dll
[2012-07-25 19:05] - [2012-07-25 22:05] - 0067584 ____A (Microsoft Corporation) F0E78B119D12BA81F163D48C0FF30B9A

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Farbar Service Scanner Version: 05-01-2013
Ran by DJ (administrator) on 14-01-2013 at 15:58:21
Running from "C:\Users\DJ\Desktop"
Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-01-04 17:19] - [2012-11-05 22:53] - 0560640 ____A (Microsoft Corporation) 36D6A3201721558A8AFBCC09C2DA4C2C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll
[2013-01-09 16:41] - [2012-09-20 01:31] - 0210432 ____A (Microsoft Corporation) 066B9710B36AB550E01EEFCA52155968

C:\Windows\System32\mpssvc.dll
[2013-01-04 17:20] - [2012-10-11 00:44] - 0904192 ____A (Microsoft Corporation) 3031573A739DBEE8923851929D0AF423

C:\Windows\System32\bfe.dll
[2013-01-12 00:54] - [2012-11-26 23:17] - 0718848 ____A (Microsoft Corporation) 9E6A544F465C582AB42444A217CF04DC

C:\Windows\System32\drivers\mpsdrv.sys
[2013-01-04 17:20] - [2012-10-11 00:15] - 0074752 ____A (Microsoft Corporation) 0D1609DD82C7440F5D5BF21A9D4D5C0C

C:\Windows\System32\SDRSVC.dll
[2012-07-25 20:08] - [2012-07-25 22:07] - 0148480 ____A (Microsoft Corporation) 92968277ED491E4B3DDA361E3952361E

C:\Windows\System32\vssvc.exe
[2012-07-25 18:36] - [2012-07-25 22:08] - 1482752 ____A (Microsoft Corporation) EA658570314042C914964FC72AB50E6B

C:\Windows\System32\wscsvc.dll
[2012-07-25 18:31] - [2012-07-25 22:08] - 0099840 ____A (Microsoft Corporation) FB0C1B7F94FA08E72F19F6F2CE7210E1

C:\Windows\System32\wbem\WMIsvc.dll
[2012-07-25 18:55] - [2012-07-25 22:08] - 0219648 ____A (Microsoft Corporation) 3D6B518B71C75C8FA4115A33615C107A

C:\Windows\System32\wuaueng.dll
[2013-01-12 00:54] - [2012-11-26 23:19] - 3345920 ____A (Microsoft Corporation) A8484C0CB54DB48180FB7CA00F1C3F8F

C:\Windows\System32\qmgr.dll
[2012-07-25 19:18] - [2012-07-25 22:07] - 0826368 ____A (Microsoft Corporation) D598C44A7072D3108D8D8102EC5E07F7

C:\Windows\System32\es.dll
[2012-07-25 18:50] - [2012-07-25 22:05] - 0507904 ____A (Microsoft Corporation) F9E01C2D9F8BC049E04CF5DC24A5F638

C:\Windows\System32\cryptsvc.dll
[2012-07-25 19:05] - [2012-07-25 22:05] - 0067584 ____A (Microsoft Corporation) F0E78B119D12BA81F163D48C0FF30B9A

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
I did the security check, and it removed 5 files. It wouldn't let me export, but I'm not seeing the messages from MBAM anymore.
 
Security Check doesn't remove anything.
Are you talking about Eset scan?
If so I still need Security Check log.
Re-read my original instructions.
 
Just got the message again. I did the ESET scan and it removed 5 things but I couldn't figure out how to export and I figured now its too late since you said you can only creates logs if it finds threats.
 
And security check won't open on my computer. a command prompt window comes up, but it just closes right away.
 
Let's try to reset your router...

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE
 
It happens at random, usually when I have a browser window open but im not sure if that has anything to do with it.
 
Pay close attention for another day or so and let me know.
Maybe some other program is triggering it.

I don't see anything malicious in your log anymore
 
You need to make sure.

If you want to give it a shot, uninstall Chrome...
  1. Close all Chrome windows and tabs.
  2. Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  3. Click Programs and Features.
  4. Double-click Google Chrome.
  5. Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.
 
Been watching it, it seems to only happen when I have a window open on the web, and normally its right when I open a new page/tab, but not every time.
 
Uninstall Chrome...
  1. Close all Chrome windows and tabs.
  2. Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  3. Click Programs and Features.
  4. Double-click Google Chrome.
  5. Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.
 
You must log in or register to reply here.

Similar threads

midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
122
James Ryan
J
A
A clever Google-hosted, malicious ad fakes the KeePass website
Replies
3
Views
295
Fastturtle
F
D
Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails
Replies
2
Views
116
toooooot
T

Latest posts

Back