Malwarebytes Anti-Malware Update Discussions

Digerati · August 11, 2020, 04:12:47 PM

QuoteBTW: I didn't need to close the program, but had to grant "administrator" permissions.

Yeah, I figured that would probably work, but since even then, open files can still avoid being deleted even with admin permissions, I just took the lazy way out. So I just exited the program, deleted the files, and started it again.

Plus, I have W10 Pro and I never know what administrator permissions W10 Home users can grab.

Anyway, good to see your way works too. Thanks.

Corrine · August 11, 2020, 04:41:46 PM

Quote from: DR M on August 11, 2020, 02:44:21 PM
Same symptoms here, but I will wait a bit before doing something manually.

Something I noticed:

In my daily reports I have this:

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Pale Moon\palemoon.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain: www.cjoint.com
IP Address: 163.172.14.176
Port: 56092
Type: Outbound
File: C:\Program Files\Pale Moon\palemoon.exe

We need Metallica here. :)

Metallica is always welcome here! As to Cjoint.com, a translation of the site from French to English shows it to be a site for uploading photos/documents, etc. and the IP address shows that it is has been hosted at that address for over 17 years on a server in the U.K.

The site isn't blocked by Pale Moon for me. Have you used that site to upload any files?

DR M · August 11, 2020, 04:46:18 PM

QuoteThe site isn't blocked by Pale Moon for me. Have you used that site to upload any files?

Never used such a site.

But I thought that MBAM is blocking palemoon.exe not that site.

This appears in every report, every day.

plodr · August 11, 2020, 08:44:36 PM

Thanks Digerati for testing and Pete! for confirming.

I may just get rid of all those useless reports too. Interesting. I only see 5 items. One from 2019 and the last few which I can't delete from July and August. So it appears I don't have much cleanup to do.

plodr · August 11, 2020, 09:05:38 PM

I fired up my laptop and had a look. One report is listed in the console. I looked in the Program Data and 2 are listed. The one that is showing but also another dated July 11. I wonder if this glitch hides the reports from the console after a month but they continue to remain on the system?

Anyway, I removed the July 11th report. If I can not see it in the console, I don't want it taking up space in a folder I will rarely look at.

Now all I have to do is to try and remember to look on my desktop on August 24th and see if the July 24th report vanishes from the console.

Digerati · August 12, 2020, 02:12:02 PM

The console only displays the last 30 days of reports so that would explain why the July 11 report is not seen there.

plodr · August 12, 2020, 02:55:09 PM

Ah, I assumed that since it only shows the last 30 days, it removes them after that time as part of the updating process. That apparently is not the case and if you don't cleanup, then you have all these useless reports filling up a folder.

Digerati · August 12, 2020, 03:49:49 PM

QuoteAh, I assumed that since it only shows the last 30 days, it removes them after that time as part of the updating process. That apparently is not the case and if you don't cleanup, then you have all these useless reports filling up a folder.

I would make the same assumption. When I first saw "30 days" I looked around to see if there was an option to change that to "All" or "Last 7 days". Nope. :(

I am now assuming the fact we cannot even delete those displayed reports that the cleanup process has been buggy since V3 came out. But I am puzzled that no one noticed before now. I see no reason anyone would need or want reports going back years - especially those reports that found no threats.

Pete! · August 12, 2020, 04:10:47 PM

Plodr & Corrine may get a kick out of this.

After deleting them all yesterday, today's scan was my only report.
It wasn't very revealing, so I exported it to a text file.
An interesting report ....

QuoteMalwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/20/18
Protection Event Time: 5:20 PM
Log File: fda1e96e-bd1a-11e8-89ca-a41f7288b0a3.json

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.441
Update Package Version: 1.0.6935
License: Premium

-System Information-
OS: Windows 10 (Build 17134.285)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Malware
Domain: m.freedomlist.com
IP Address: 45.79.69.243
Port: 53339
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

Corrine · August 12, 2020, 05:29:10 PM

I seem to recall that I reported at one time or another that a Chinese company was now using that domain. According to the site description via Bing search:

Quotefreedomlist.com is the leading China bearings sourcing and supplier discovery platform connecting China bearings manufacturers, bearings suppliers, traders and wholesalers with worldwide buyers from the international market.

v_v · August 12, 2020, 11:02:11 PM

Chinese bearings? The last that I remember was that I thought that it was being used by a Chinese source for cosmetics (and other bogus items), called "MandarinMusing".

Ahhh yes, I looked again just now and it is the same MandarinMusings with cosmetics at the top of the web page and all sorts of miscellaneous products below that including bearings, chemicals, plant extracts, 'hard drugs', etc. I always thought that the site was bogus and that it was just a "trap" page to attract people looking for something, who would then click on some of the links there and get infested with some sort of malware. So yes I could see why it would be classified as a "malicious website."

It is sad that the name of our once upon a time and fondly remembered online community had to end up this way. (Sigh)

plodr · August 13, 2020, 01:30:21 PM

So you scanned today and the "log details" shows something from September 2018. Again weird.
My reports on my desktop computer show reports from 2020 but don't match the date when the scan occurred.

Digerati · August 13, 2020, 02:41:13 PM

BTW, after manually purging those report files (as shown in post #29 above) I had 3 reports (1 manual and 2 scheduled) shown in the console. I just tried to delete the oldest and it was successfully deleted. So it seem purging all those old reports manually also fixed the problem with purging from the console. :)

Pete! · August 13, 2020, 05:29:36 PM

Quote from: Digerati on August 13, 2020, 02:41:13 PM
BTW, after manually purging those report files (as shown in post #29 above) I had 3 reports (1 manual and 2 scheduled) shown in the console. I just tried to delete the oldest and it was successfully deleted. So it seem purging all those old reports manually also fixed the problem with purging from the console. :)

That did NOT work for me.
I had two scheduled scan reports (yesterday & today), I couldn't delete either from the console. Neither individually nor with "Delete all".

BTW: Today's report again reported blocking Freedomlist.com on 9/20/2018 and not much else.

Digerati · August 14, 2020, 02:38:24 PM

Hmmm, don't know what to tell. I just tried it again, selected a report from 8/11, clicked the trash can, verified I wanted to delete it and it was gone. And just to make sure, I exited Malwarebytes and checked the Reports list again, and it was still gone.

Sorry I cannot help you otherwise. No doubt their support page would have you run the Support Tool.