Malwarebytes popup meaning& what2do?

[Offline Research Kangaroo]

Just re installed malwarebytes from the interwebs because my old malwarebytes just magicaly uninstalled itself or something when i tried to update it.

 

Soooo... my new malwarebytes keeps having this message pop up every 5 seconds. i dont know what it means or how to get rid of it. 

 

 

I have done scans with 

hitman pro

malwarebytes

glary utilities cleanup

avg

spybot s&d

 

And none have found any threats 

 

 

It i think it might be related to my vpn privateinternetaccess.com as i have seen rubyw.exe before related to the vpn with issues i had before

[MasonV]

Looks like you got a major virus there bud (there's a program on  your computer that is trying to send data to an external site every 5 minutes). Time to take the appropriate actions to fix it.

[brownninja97]

have you scanned, malwarebytes actively tries to kill off crap which is trying to be a threat to your pc.

[TetraSky]

Go to the file they are showing and delete it ?

Or stop visiting the website that cause this to popup because it's obviously bad.

[NeatSquidYT]

Yeah, do a scan....

Or if that doesn't show anything, go to that address. (I'm not respsonsible for any damages caused by this post)

[Offline Research Kangaroo]

it pops up even though i just restarted my computer and have opened nothing. 

 

Ill try to see what the file thing is tho - I tried deleting the folder but i cant as its alredy in use it says. donno what to do

Go to the file they are showing and delete it ?

Or stop visiting the website that cause this to popup because it's obviously bad.

[mr moose]

it usually means that the program listed in that specific process is trying to access an ad from a web server that has been flagged as having malware on it. They can mostly be ignored, but It just goes to show how many ads out there are loaded with malware. But every now and then if it is a process you didn't install (not part of a legit program) then you could have a virus or malware and should do a full scan.

 

Examples are: the ads utorrent places while running, ads served to websites like cnet etc, some programs that display ads to pay for the content.

[Offline Research Kangaroo]

it usually means that the program listed in that specific process is trying to access an ad from a web server that has been flagged as having malware on it. They can mostly be ignored, but It just goes to show how many ads out there are loaded with malware. But every now and then if it is a process you didn't install (not part of a legit program) then you could have a virus or malware and should do a full scan.

 

Examples are: the ads utorrent places while running, ads served to websites like cnet etc, some programs that display ads to pay for the content.

Im not running utorrent, not downloaded anything from cnet etc (i always use the programs own website for downloads)

And this message pops up even when i have nothing open, newly restarted pc.

 

I did a scan with malwarebytes and it came up with nothing

 

Also have done scans with spybot s&d + avg antivirus

[Mojo-Jojo]

HitmanPro to the rescue

 

Registher in the settings window with your mail address (You won't get spam) and do a scan.

 

The IP is found in http://www.stopforumspam.com/ipcheck/37.221.165.196 which leads me to believe the file is part of malware.

 

If you still can not delete the file, go to task manager and stop the process rubyw.exe from running, then delete the folder.

[mr moose]

Im not running utorrent, not downloaded anything from cnet etc (i always use the programs own website for downloads)

And this message pops up even when i have nothing open, newly restarted pc.

 

I did a scan with malwarebytes and it came up with nothing

 

Also have done scans with spybot s&d + avg antivirus

 

they were just examples, it happens because the ads your browser or another program is trying to display are being served from a flagged IP address. 

 

What is rubyw.exe? Is it part of a proxy or VPN type solution?

 

did you download it? is it part of another program you have installed?

[bronsonp4htdude123455]

Just re installed malwarebytes from the interwebs because my old malwarebytes just magicaly uninstalled itself or something when i tried to update it.

 

Soooo... my new malwarebytes keeps having this message pop up every 5 seconds. i dont know what it means or how to get rid of it. 

 

also i donno how safe it is to show you guys this with some ip stuff on it so please tell me if i should remove it if its problematicsssssss

go into add or remove programs remove anything that looks sketchy or you didnt remember downloading if you dont know google it. after that remove all and any antivirus / anti spy / anti malware. then go and download super anti spyware. http://www.bleepingcomputer.com/download/superantispyware/dl/106/

then run it then try tdsskiller.

Bleepingcomputers.com is your friend in removing malware.

[TetraSky]

Ill try to see what the file thing is tho - I tried deleting the folder but i cant as its alredy in use it says. donno what to do

Restart in safe mode (f8 at boot, right after the POST but before Windows boots) or use a Linux distro like Mint (put the DVD/USB key in, should automatically start in live mode) to access and delete the file from outside of windows.

[Offline Research Kangaroo]

they were just examples, it happens because the ads your browser or another program is trying to display are being served from a flagged IP address. 

 

What is rubyw.exe? Is it part of a proxy or VPN type solution?

 

did you download it? is it part of another program you have installed?

 

 

now that you mention it i have seen rubyw.exe before and i -think- that it was related to vpn privateinternetaccess.com im paid for. tek syndicate uses it.

 

Im not connected to the vpn though so i dont know whats going on

 

 

 

I have done scans with 

hitman pro

malwarebytes

glary utilities cleanup

avg

spybot s&d

 

And none have found any threats 

[mr moose]

now that you mention it i have seen rubyw.exe before and i -think- that it was related to vpn privateinternetaccess.com im paid for. tek syndicate uses it.

 

Im not connected to the vpn though so i dont know whats going on

 

 

 

I have done scans with 

hitman pro

malwarebytes

glary utilities cleanup

avg

spybot s&d

 

And none have found any threats 

 

I think you will find what is happening is that because it's a VPN, Even though it is not connected, it's probably still recreating itself as a new process and causing malwarebytes to think its a pup (potentially unwanted program).  It's fine, unless someone who knows more than me chimes in with better information, it's more than likely just a false positive.

[Opcode]

PIA doesn't play well with Malwarebytes. A large thread about it last year can be found here.

[TheGuyNL]

This is a problem with privateinternetaccess. It polls with random servers to check it's DNS settings. Nothing to be scared about, but I recommend using a OpenVPN client and use that to connect to PIA.

 

Check this topic: https://forums.malwarebytes.org/index.php?/topic/143933-mbam-pro-blocks-private-internet-access-pia-vpn-rubywexe/