Jump to content

I keep getting constant "Address has been blocked" notifications

Recommended Posts

See title. How do I stop this?

I attached a screenshot down below. And here is the log:

<?xml version="1.0" encoding="utf-8" ?>
      <COLUMN NAME="Time">27/05/2022 15:55:20</COLUMN>
      <COLUMN NAME="URL">hxxp://counter.wmail-service.com/v1/646D9ECF-CADA-4F26-8E58-E638A6891386?v=Downloads_Counter104</COLUMN>
      <COLUMN NAME="Status">Blocked</COLUMN>
      <COLUMN NAME="Detection">Internal blacklist</COLUMN>
      <COLUMN NAME="Application">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</COLUMN>
      <COLUMN NAME="User">TAMARA\tamar</COLUMN>
      <COLUMN NAME="IP address">2606:4700:3030::6815:456</COLUMN>
      <COLUMN NAME="Hash">F43D9BB316E30AE1A3494AC5B0624F6BEA1BF054</COLUMN>


Schermafbeelding 2022-05-27 164432.png

Edited by Adriana
Link to comment
Share on other sites

  • Adriana changed the title to I keep getting constant "Address has been blocked" notifications

A number of postings about this malware on the MalwareBytes forum; i.e. rogue scheduled task:


The rogue scheduled task that was the source of the whole matter has been removed, along with the associated sub-folders. This was a mis-use ( a rogue use) of a Microsoft VBS file thru the exploitation of powershell for the purpose of coin-mining ( it is thought). One may describe it as a obfuscated scheduled task. The one that was on this machine is pretty much similar to the others I have dealt with.


Edited by itman
Link to comment
Share on other sites

  • Administrators

Please make sure to enable:
- detection of potentially unsafe applications
- the LiveGrid Feedback system

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...