Malwarebytes constant warning HELP please!

[Joe9T 10]

thought rapport was ok and trust worthy?

[Joe9T 10]

Damn, i was enjoying keeping up with this thread, now i'll have to go back to Sheffield/general discussions.

 

glad you enjoyed it pal and it proves that Sheffield Forum is the don! :0)

[waddler8 10]

 

thought rapport was ok and trust worthy?

 

 

It is. As Rapport is usually recommended by Banks I assume you bank online.

 

Filesharing/torrents are a known avenue for malware distribution. It wouldn't surprise me at all to find that this has come from something you've downloaded.

 

I PM'd Russ (RJK3) when I saw the file to say it did look suspect prior to you uploading it to VT.

 

"Total lack of information on it available via searches coupled with it being a .dll running from a location where executable code/data shouldn't really be running from."

 

As you can see - Avast missed it, MBAM missed it and only 3 vendors picked up on it at VT. PCTools is owned by Symantec so you would expect similar detections as they'll share the same sigs & defs.

 

What I meant by "=Trouble" is that downloading & Internet banking isn't something I'd do because the potential for infection is too great.

[Joe9T 10]

was it bad as although it was on my laptop mbytes kept blocking outward attempt to that web address that kept popping up all the time?

[Joe9T 10]

i really do not understand what was going off, but what you have advised has fixed it, whatever it was or was trying to do.

[waddler8 10]

It was definately bad. As per the link RJK3 gave:

The Trojan monitors both Internet Explorer and Mozilla Firefox Web browsers and redirects searches made using the following URLs:

 

• search.live.com
  
• google.com
  
• yahoo.com
  
• bing.com
  

 

The threat may redirect these search queries to the following address:

http://94.228.209.142

 

In your case it was attempting to redirect you to 212.95.32.134. MBAM's IP protection has that IP address in it's blocklist so was blocking any connection attempts.

[Joe9T 10]

Thank God that MBAM's protection was good then, but what would've happened if it hadn't blocked the attempts? Was it to gain passwords say for banking and other personal info or to literally crash my computer?

[Joe9T 10]

Good work chaps, i owe u

[waddler8 10]

Was it to gain passwords say for banking and other personal info or to literally crash my computer?

 

You really can't say for sure but I would think it unlikely. Simple search redirects like these are generally to force traffic to certain sites in an attempt to generate revenue for the site owners.