Malwarebytes: Malicious Wesite Blocked

clutchc

Distinguished
I started getting this warning popping up in the lower right corner of my screen with almost every website I go to:
dX4Lt6S.jpg


It just started happening after I updated Firefox to the latest version (40.0.3) today. At the same time I did the monthly Microsoft Win7x64 updates as well. Apparently it is something from one of these causing this. To kind of verify, I checked my laptop... no issues. Then, I did the same updates on it, and now the problem is present on my laptop as well.

I found this online: http://malwaretips.com/blogs/i-simpli-fi-removal/
I updated and ran a scan with both Malwarebytes and Microsoft Securities Essentials. Both came back clean. The issue is still present however. I'm stumped what to do next. ??
 
Solution
Malwarebytes posted this on the thread I mention earlier. Seem they are hinting this is a strange false positive?

"The issue has been resolved. An update will be out shortly."
https://forums.malwarebytes.org/index.php?/topic/172512-blocking-umsimplifi/#entry988284

Weird that my laptop doesn't get the block notification but my PC was. Seem like a malware to me.

Update: This thread doesn't seem to be triggering my Malwarebytes malicious website protection anymore. Spent all this time scanning and and trying to find the spyware for nothing.

MarkW

Distinguished
Dec 7, 2009
196
0
18,710
That is not the address to malwarebytes. The real address is https://www.malwarebytes.org/

http://i.simpli.fi/ simply comes up with Error 403 - Forbidden.
http://173.192.208.197/ also comes up with Error 403 - Forbidden.

Apparently, they don't want us to come there.

Chrome seems to have to issues with getting there though, and gives no warnings.
 

clutchc

Distinguished


I never said it was the address to malwarebytes. Besides, the address changes with every pop up.
It's obviously trying to send me to a malicious website.
 

elneelo

Estimable
Sep 9, 2015
9
0
4,510


Interesting. Was sure that would work. You could always uninstall firefox briefly, and test again with the antivirus. It is currently listed as an active process, so it could have something to do with that. (Reset the PC before antivirus scan).

An FF reset won't do any harm, so you might as well try :) I'm afraid I'm stumbling around in the dark here though.
 

CWEric

Estimable
Jun 13, 2015
170
0
4,710
Wow, as I see this thread and click it, Malwarebytes block the same url as your image before I saw your OP. I have Firefox but I don't use it, just Chrome. Haven't had any IP block for a long time and I recently did some scans a few days ago. I have not downloaded anything except stuff from Bleeping Computer. :/

This is what I get:

Malicious Website Protection, Domain, 174.37.217.201, i.simpli.fi, 60951, Outbound, C:\Program Files (x86)\Chrome\Application\chrome.exe

It seem it only pop when I go to a page on this website that mention it.

A lot of people are posting about this block url spyware connection on Malwarebytes. Thread started around the same time we all getting this spyware connection threat detected and block. No solution on where it is coming fro yet. Malwarebytes must had updated their website signatures adding this spyware to their website blacklist. So actually who knows how long we had this.

https://forums.malwarebytes.org/index.php?/topic/172512-blocking-umsimplifi/
 

clutchc

Distinguished
@elneelo and CWEric
I just tried Internet Explorer instead of FF. Same issue with it. Except the "process" originates in the IE file folder instead of the FF folder. I feel better knowing I'm not the only one with it, tho... lol.
 

CWEric

Estimable
Jun 13, 2015
170
0
4,710
Malwarebytes posted this on the thread I mention earlier. Seem they are hinting this is a strange false positive?

"The issue has been resolved. An update will be out shortly."
https://forums.malwarebytes.org/index.php?/topic/172512-blocking-umsimplifi/#entry988284

Weird that my laptop doesn't get the block notification but my PC was. Seem like a malware to me.

Update: This thread doesn't seem to be triggering my Malwarebytes malicious website protection anymore. Spent all this time scanning and and trying to find the spyware for nothing.
 
Solution

clutchc

Distinguished


Ah... a Malwarebytes problem. That's interesting. That may also explain why I couldn't access their forum earlier. Too much traffic?
I just did a Win restore to yesterday (before the Win 7 updates). The issue appears to be gone now. (?) But I'm still testing. However, if it is a Malwarebytes update issue, I may wait until it gets resolved before I download the latest malwarebytes signatures again.
 

CWEric

Estimable
Jun 13, 2015
170
0
4,710
Actually, good point. I also did a system restore too.. I'm going to reupdate.

Window update reapplied. Still no url block notification by Malwarebytes for me. Yeah I didn't think Microsoft would be behind this or they would really be in hot water.