SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Windows 7

Successfully blocked access to a potentially malicious website.

(28 posts)
  • Started 1 year ago by DJDraven
  • Latest reply from mfletch
  • Topic Viewed 4106 times

Straspey
Posts: 556

And I reiterate -

The message is coming directly from the Malicious Website Blocking feature of Malwarebytes Anti-Malware.

I guarantee that if you disable this feature, those messages will stop popping up.

Posted 1 year ago
Top
 
Straspey
Posts: 556

Have a look at the following link to a FAQ on the MBAM Forums Website - It may help to shed some light on the issue:

IP Protection Module

In v1.40, Malwarebytes introduced IP Protection into Malwarebytes' Anti-Malware, to prevent the user being infected in the first place. The following is information on what this does, and how it works.

What does IP Protection do?

IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges, for example, NetDirekt, which is host to the Internet Service Team.

How does it do this?

When you ask your browser to connect to a website, Windows uses DNS or the HOSTS file (depending on configuration), to convert that domain name into it's corresponding IP address (e.g. example.com <> 1.2.3.4). MBAM intercepts the packet communications, to determine whether or not the IP address is known for malicious activity, and if so, blocks the communication.

How does it inform you?

MBAM informs you a malicious IP has been blocked by presenting a bubble notification at the bottom of the screen (next to the system tray), and it also writes a log file.

Read More:

http://forums.malwarebytes.org.....ntry162100

Posted 1 year ago
Top
 
DJDraven
Posts: 10

Posted 1 year ago
Top
 
DJDraven
Posts: 10

# AdwCleaner v2.009 - Logfile created 11/27/2012 at 23:39:30
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : NikonDJ84 - NIKONDJ84-PC
# Boot Mode : Normal
# Running from : C:\Users\NikonDJ84\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\NikonDJ84\AppData\Local\funmoods-speeddial_sf.crx

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\NikonDJ84\AppData\Roaming\Mozilla\Firefox\Profiles\2aprdo0s.default\prefs.js

C:\Users\NikonDJ84\AppData\Roaming\Mozilla\Firefox\Profiles\2aprdo0s.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Funmoods");
Deleted : user_pref("extensions.funmoods.aflt", "download");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "13BE6498C36075BE2A0056C08E8336C2");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted : user_pref("extensions.funmoods.id", "001FC6CA2AAB408E");
Deleted : user_pref("extensions.funmoods.instlDay", "15667");
Deleted : user_pref("extensions.funmoods.instlRef", "download");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2222:47:13");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2222:47:13");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2222:47:13");

*************************

AdwCleaner[S1].txt - [4107 octets] - [27/11/2012 23:39:30]

########## EOF - C:\AdwCleaner[S1].txt - [4167 octets] ##########

Posted 1 year ago
Top
 
DJDraven
Posts: 10

So good news I guess. I remembered that for some reason when I have Malwarebytes installed it keeps me from using the website MRTZCMP3. So I Uninstalled it and the website works and the message is gone. Does this mean I can't use Malwarebytes if I still want access to MRTZCMP3? Or is there some kind of trusted sites list. In addition to that it looks like the funmoods are still there so I guess if anyone could help with that and let me know a way to fix it I would be good. Thanks.

Posted 1 year ago
Top
 
DJDraven
Posts: 10

Just noticed that it appears the funmoods are gone. I have restarted my computer and the funmoods have not popped back up. If I click the downward arrow to the right of the google logo on the google search bar at the top and go to mange search engines and it does not appear to be there. I was wondering does it just randomly come back or should it come back every time you restart the computer?

Posted 1 year ago
Top
 
Straspey
Posts: 556

How To Remove The “Fun Moods” Browser Hijacker Virus

What Is The Fun Moods Virus (Start.Funmoods.com)?

The Fun Moods virus (also known as Face Moods, funmoods) is adware and spyware published by Volonet LTD, categorized as a complete browser hijacker that is capable of changing internet browser settings and browser helped objects, such as the homepage (startup page), browser add-ons and extensions, and managed search engines (default search: start.funmoods.com) which cause internet searches and inputted URLs to redirect to Fun Mood’s search engine Start.Funmoods.com or other third party drive-by websites. Fun Moods is often referred to as a “redirection” virus because of this.

Read all the step-by-step details at he link below:

http://botcrawl.com/how-to-rem.....ker-virus/

Posted 1 year ago
Top
 
mfletch
Posts: 1434

Funmoods should be gone now from your computer after running the AdwCleaner

Posted 1 year ago
Top
 



Topic Closed

This topic has been closed to new replies.