Jump to content

I keep getting constant "Address has been blocked" notifications


Recommended Posts

Posted (edited)

See title. How do I stop this?

I attached a screenshot down below. And here is the log:

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Time">27/05/2022 15:55:20</COLUMN>
      <COLUMN NAME="URL">hxxp://counter.wmail-service.com/v1/646D9ECF-CADA-4F26-8E58-E638A6891386?v=Downloads_Counter104</COLUMN>
      <COLUMN NAME="Status">Blocked</COLUMN>
      <COLUMN NAME="Detection">Internal blacklist</COLUMN>
      <COLUMN NAME="Application">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</COLUMN>
      <COLUMN NAME="User">TAMARA\tamar</COLUMN>
      <COLUMN NAME="IP address">2606:4700:3030::6815:456</COLUMN>
      <COLUMN NAME="Hash">F43D9BB316E30AE1A3494AC5B0624F6BEA1BF054</COLUMN>
    </RECORD>
 </LOG>

 

Schermafbeelding 2022-05-27 164432.png

Edited by Adriana
Link to comment
Share on other sites

  • Adriana changed the title to I keep getting constant "Address has been blocked" notifications
Posted (edited)

A number of postings about this malware on the MalwareBytes forum; i.e. rogue scheduled task:

Quote

The rogue scheduled task that was the source of the whole matter has been removed, along with the associated sub-folders. This was a mis-use ( a rogue use) of a Microsoft VBS file thru the exploitation of powershell for the purpose of coin-mining ( it is thought). One may describe it as a obfuscated scheduled task. The one that was on this machine is pretty much similar to the others I have dealt with.

https://forums.malwarebytes.com/topic/286466-wmail-servicecom-riskware-blocked-powershellexe/?do=findComment&comment=1515334

Edited by itman
Link to comment
Share on other sites

  • Administrators

Please make sure to enable:
- detection of potentially unsafe applications
- the LiveGrid Feedback system

Link to comment
Share on other sites

6 hours ago, Adriana said:

I enabled the settings you mentioned.

Have the Eset alerts stopped?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...