Hi,
I've been running Malwarebytes for a few years now and it very rarely picked up any malware. In the past 2 weeks it has picked up at least 50 pieces of malware. I'm trying to figure out where it is all coming from. For most of my use, I visit 2 or 3 genealogy based websites. I can be on the computer for a few hours then run the malwarebytes and it comes up clean. I can use it another 2 or 3 hours and it comes up infected with a few pieces of malware (same few sites). I had my favourite sites on the favourites bar of Explorer and one time I'm not sure how I clicked on it, but a window came up about wanting to download something onto my PC which I refused. I thought perhaps the problem was connected to the favourites bar so deleted it but that hasn't solved the problem.
My husband mainly uses Firefox, and the scans seem to come up clean after he's been using Firefox. I am going to switch over to see if that stops it, but was wondering if anyone has had similar problems and can suggest what is causing all the malware and how to avoid it. I've been running the Malwarebytes at least twice a day lately and can't predict which will come clean and which will be infected.
Thanks for any suggestions.
capri
where is all the malware coming from
-
- cheese lizard
- Posts: 6241
- Joined: 16 Jan 2010, 00:14
- Location: Sydney Australia
Re: where is all the malware coming from
What other security software do you have installed and what operating system ?
Cheers, Claude.
-
- StarLounger
- Posts: 87
- Joined: 20 Jan 2011, 06:42
Re: where is all the malware coming from
Hi Claude,
It Windows XP and I have Avira virus protector. The virus protector has picked up a few viruses recently (normally none) but nowhere near as many as the malware.
capri
It Windows XP and I have Avira virus protector. The virus protector has picked up a few viruses recently (normally none) but nowhere near as many as the malware.
capri
-
- PlatinumLounger
- Posts: 5411
- Joined: 24 Jan 2010, 08:33
- Location: A cathedral city in England
Re: where is all the malware coming from
When you say "viruses" do you mean viruses? Or tracking cookies, or something similar?
Could you quote a couple of examples of what Malwarebytes is objecting to?
Could you quote a couple of examples of what Malwarebytes is objecting to?
John Gray
"(or one of the team)" - how your hospital appointment letter indicates that you won't be seeing the Consultant...
"(or one of the team)" - how your hospital appointment letter indicates that you won't be seeing the Consultant...
-
- cheese lizard
- Posts: 6241
- Joined: 16 Jan 2010, 00:14
- Location: Sydney Australia
-
- GoldLounger
- Posts: 3081
- Joined: 24 Jan 2010, 19:07
Re: where is all the malware coming from
While waiting further info.
(From a general perspective, just about any site can carry malware, but as we know some sites are less likely; the problem is that when doing research similar to what you mentioned it's possible to wander away, tempted by some promising search result.)
(Does Malwarebytes' Anti-Malware track down cookies ...? Never heard of it, seems like it doesn't.
https://malwarebytes.zendesk.com/entrie ... g-cookies-" onclick="window.open(this.href);return false;
http://blog.malwarebytes.org/intelligen ... t-cookies/" onclick="window.open(this.href);return false;)
It's a good practice to not click on anything in such windows, just close the browser; safest way in this case is via the Task Manager's Applications tab.capri wrote:I had my favourite sites on the favourites bar of Explorer and one time I'm not sure how I clicked on it, but a window came up about wanting to download something onto my PC which I refused.
(From a general perspective, just about any site can carry malware, but as we know some sites are less likely; the problem is that when doing research similar to what you mentioned it's possible to wander away, tempted by some promising search result.)
(Does Malwarebytes' Anti-Malware track down cookies ...? Never heard of it, seems like it doesn't.
https://malwarebytes.zendesk.com/entrie ... g-cookies-" onclick="window.open(this.href);return false;
http://blog.malwarebytes.org/intelligen ... t-cookies/" onclick="window.open(this.href);return false;)
Byelingual When you speak two languages but start losing vocabulary in both of them.
-
- StarLounger
- Posts: 87
- Joined: 20 Jan 2011, 06:42
Re: where is all the malware coming from
I never click on windows like that. Rather be safe then sorry.
here are some samples from a recent log (have deleted the actuals)
Registry Keys Detected: 5
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
capri
here are some samples from a recent log (have deleted the actuals)
Registry Keys Detected: 5
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
capri
-
- cheese lizard
- Posts: 6241
- Joined: 16 Jan 2010, 00:14
- Location: Sydney Australia
Re: where is all the malware coming from
MySearch is quite a pain. Have you searched for removal instructions and gone through the process ?
Whenever you follow removal instructions, make sure you reboot in safe mode beforehand.
Whenever you follow removal instructions, make sure you reboot in safe mode beforehand.
Cheers, Claude.
-
- PlatinumLounger
- Posts: 5411
- Joined: 24 Jan 2010, 08:33
- Location: A cathedral city in England
Re: where is all the malware coming from
In this context, PUP means Potentially Unwanted Program. But you probably knew that already!
John Gray
"(or one of the team)" - how your hospital appointment letter indicates that you won't be seeing the Consultant...
"(or one of the team)" - how your hospital appointment letter indicates that you won't be seeing the Consultant...
-
- StarLounger
- Posts: 87
- Joined: 20 Jan 2011, 06:42
Re: where is all the malware coming from
Thanks for the advice.
We used a removal problem and are hoping the problem is solved. We have been running the malware at least twice a day and all except one have come up clean. The one could just be normal. We'll keep running it twice a day for a while longer, then hopefully can drop back the number of times we run it.
capri
We used a removal problem and are hoping the problem is solved. We have been running the malware at least twice a day and all except one have come up clean. The one could just be normal. We'll keep running it twice a day for a while longer, then hopefully can drop back the number of times we run it.
capri
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: where is all the malware coming from
It might be a good idea to run some other Anti-Malware programs besides Malwarebytes. Some pick up strains that other may miss.capri wrote:Thanks for the advice.
We used a removal problem and are hoping the problem is solved. We have been running the malware at least twice a day and all except one have come up clean. The one could just be normal. We'll keep running it twice a day for a while longer, then hopefully can drop back the number of times we run it.
capri
A review of some other freebies can be found here.
http://www.techsupportalert.com/best-fr ... emover.htm" onclick="window.open(this.href);return false;
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.