Jump to content

I keep getting constant "Address has been blocked" notifications


Recommended Posts

See title. How do I stop this?

I attached a screenshot down below. And here is the log:

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Time">27/05/2022 15:55:20</COLUMN>
      <COLUMN NAME="URL">hxxp://counter.wmail-service.com/v1/646D9ECF-CADA-4F26-8E58-E638A6891386?v=Downloads_Counter104</COLUMN>
      <COLUMN NAME="Status">Blocked</COLUMN>
      <COLUMN NAME="Detection">Internal blacklist</COLUMN>
      <COLUMN NAME="Application">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</COLUMN>
      <COLUMN NAME="User">TAMARA\tamar</COLUMN>
      <COLUMN NAME="IP address">2606:4700:3030::6815:456</COLUMN>
      <COLUMN NAME="Hash">F43D9BB316E30AE1A3494AC5B0624F6BEA1BF054</COLUMN>
    </RECORD>
 </LOG>

 

Schermafbeelding 2022-05-27 164432.png

Edited by Adriana
Link to comment
Share on other sites

  • Adriana changed the title to I keep getting constant "Address has been blocked" notifications

A number of postings about this malware on the MalwareBytes forum; i.e. rogue scheduled task:

Quote

The rogue scheduled task that was the source of the whole matter has been removed, along with the associated sub-folders. This was a mis-use ( a rogue use) of a Microsoft VBS file thru the exploitation of powershell for the purpose of coin-mining ( it is thought). One may describe it as a obfuscated scheduled task. The one that was on this machine is pretty much similar to the others I have dealt with.

https://forums.malwarebytes.com/topic/286466-wmail-servicecom-riskware-blocked-powershellexe/?do=findComment&comment=1515334

Edited by itman
Link to comment
Share on other sites

  • Administrators

Please make sure to enable:
- detection of potentially unsafe applications
- the LiveGrid Feedback system

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...