PDA

View Full Version : Blocking Websites...



ameerat42
11-02-2018, 11:06am
I have a 2 week trial of >>FULL VERSION<< MalwareBytes... I have had only AP open, and no other tabs.
Every so often a message pops up in the status bar that a website has been blocked. But I do not know how
it can block something that is not open:confused013:confused013

Here is a pic of such a blockage, which I thought wrongly was the site I was on...
134640

Any explanations would be appreciated:nod:

ricktas
11-02-2018, 11:12am
As per the information in your image.

An application called Desktop_Media_Service.exe is requesting access to that site and Malwarebytes is blocking it. You need to look at what this Desktop_Media_Service.exe is and what it is doing.

ameerat42
11-02-2018, 11:13am
Ta Rick. Will do...

John King
11-02-2018, 11:14am
The web site being blocked is the ad server. Could be it's infected with something, or is on a block list somewhere.

I also run Malwarebytes Premium on our PCs.

ameerat42
11-02-2018, 11:33am
OK, found this: http://www.advanceduninstaller.com/DesktopMediaService-204dad98260c9c378e96d55e42af24c3-application.htm
but it seems part of Windows:confused013

Checked the MalwareB log file: quite a few instances today only, but it hasn't happened since before this thread.

- - - Updated - - -

Ta, JK. Didn't see your post.

ricktas
11-02-2018, 11:44am
Looking at the whole details : C:\Program Files\JetMedia

http://www.advanceduninstaller.com/NativeDesktopMediaService-f8f13ad05769821e1ba99f0ef4a22a42-application.htm

Looks like it is part of Windows. Possible part of Windows Media Player as it appears to be involved in video serving. It is quite likely you just need to set an exception on Malwarebytes to ignore it,

ameerat42
11-02-2018, 11:46am
Ta for that. I will look into doing an exception.

John King
11-02-2018, 11:53am
I would be very careful/thoughtful before allowing any web exceptions in Malwarebytes ...

ameerat42
11-02-2018, 11:55am
Hadda goodlook at the log file, JK. I agree. I think it's just MWB doing its job.

John King
11-02-2018, 12:07pm
I would grab its URL and check it at the computer block list (CBL) and similar sites first.

ricktas
11-02-2018, 12:52pm
https://www.bleepingcomputer.com/forums/t/662869/have-i-been-ratd/

Possibly being accessed due to a firefox extension

John King
11-02-2018, 6:00pm
Actually, nothing respectable should be using a port number like that!

If I were you, I would do a threat scan with MWB.
Then do a complete system scan after the threat scan. Exclude the folder /windows/winsxs.

ameerat42
11-02-2018, 7:09pm
Scan has been my mIDDLe name for the past two days.
FULL is my first name. MWB, SuperSAS, WinDef, the kitchen sink!...

I've been sitting here during the PM, either on AP ONLY, and/or with a text file or an
image open... Every minute or few a window pops up with a new block, not many of which
are he same... I think it's just MWB doing its job. Definite I'm not, though :confused013

John King
11-02-2018, 7:18pm
Sounds as if you might have a serious problem with pox on your computer, Am. :( :eek:

Mark L
11-02-2018, 7:30pm
.... problem with pox on your computer, Am. :( :eek:

I had to do the google thing with that.
Going to the doctor for a prescription isn't going to work for that Am. Good news is no potential marriage related problems.;)

John King
11-02-2018, 7:44pm
:D

Unfortunately, Mark, there are far fewer competent computer diagnosticians than there are human ones!

Some of these viruses can be extremely hard to winkle out if they have copies of themselves in the registry, memory and multiple copies on disk.

ameerat42
11-02-2018, 8:44pm
Logging off all browsing to do another full scan using MWB...

- - - Updated - - -

Good! Fullest possible scan (rootkits, etc) from MWB Premium gives 0 threats.
I think all's well.

John King
11-02-2018, 8:52pm
Am, a full MWB scan should take anything up to 10-12 hours ...

In MWB, select Custom Scan, select all fixed HDDs, exclude ../winsxs folder.

Then have a good sleep!

ameerat42
11-02-2018, 8:55pm
Tick, tick, tick,... UN-tick.
Nope. Never has. Have 2 240GB SSDs and I'm w-i-d-e away-ke :confused013

John King
11-02-2018, 9:09pm
If you have a virus, it could also be hiding on any HDD attached to your system, not just your system drive/s.

If you do find anything, scan all your removable media as well, including memory sticks and cards.

ameerat42
11-02-2018, 9:25pm
Checked that (HDD) before and also nothing. Have no other media that I have
recently used.

John King
11-02-2018, 9:49pm
Did you track down that exe file Rick mentioned before?

Might be worth trying to uninstall that via Control Panel if it hasn't got its own uninstaller.

Meanwhile, back at the ranch, I will see if I can track down what it is and what it's for.

ameerat42
11-02-2018, 9:54pm
Yes, only to the extent of finding it is a Windows incorporated 3rd-party beast, so I left it alone.
Seems it has its fair job - whatever that really is? - to do.

I can report that since this second scan I have had NO blocking messages.:party7:

John King
11-02-2018, 9:55pm
How to uninstall this program is here:

http://www.advanceduninstaller.com/DesktopMediaService-204dad98260c9c378e96d55e42af24c3-application.htm

Needless to say, use the manual method. Their uninstaller could contain further poxware!!

ameerat42
11-02-2018, 9:57pm
Yep. Read that link before, but I will leave the prog.

John King
11-02-2018, 10:12pm
I'd be inclined to kill it off ... Its credentials, or lack thereof, don't recommend it to me :(.

John King
12-02-2018, 11:58am
Ummmm
Am, read this:

http://www.orange-defender.com/desktop-media-service_exe-virus-scan-3762-e4639c490f96b82993ea8d1406456207.htm

Not what I would call a high recommendation for this program! Lack of an uninstall program and running as a background service are each enough to make me feel highly suspicious.

ameerat42
12-02-2018, 12:12pm
Interesting reading, JK, esp the 3rd-last point.

So why is it included in Windows, I ask:confused013
BTW, last nights full scan of ext HDD showed nothing.
800 odd Gigs. Took a while.

John King
12-02-2018, 12:20pm
Yeah, mate, those full scans take a while! My main w/s takes around 24-28 hours for 9 TB.

Those files/folders don't exist on my Windows 7 Pro boxes (64 bit). Are you sure they are part of the OS install?

[Edit] Something that's logging keystrokes has no business being on any computer. Key loggers are always viruses, IMNSHO.

ameerat42
12-02-2018, 12:27pm
Gosh, 9 Terr:eek:rbytes!

More info on that here: http://www.freefixer.com/library/file/desktop_media_service.exe-277934/

Seems no definitive answer, as this is like a couple of other refs.

- - - Updated - - -

--And another thing: would you believe I could not find it in Microsoft Forums?

John King
12-02-2018, 12:47pm
Yes, that lack of concrete references also has me bothered and a bit confused. Maybe we should be using another search engine? Google is not what it once was :sad68:
I will try using some other search engines.

BTW there are another 9 TBs of offline/portable HDDs ... A 2 TB Toshiba drive lives in my camera bag when not being updated.

- - - Updated - - -

Have a look here.

Seems to cover best practice removal from the MWB forum. Applies to mainly different viruses, but came up when I searched with Yahoo.

https://forums.malwarebytes.com/topic/217894-infected-with-udiskmgr-igfxmtc-infections/

ameerat42
12-02-2018, 12:58pm
OTOH, there's this: http://startups.glarysoft.com/DesktopMediaService%20Service/desktop_media_service.exe/384434/

(I used Duck Duck Go)

John King
12-02-2018, 1:17pm
Nothing on answers.microsoft either.

Maybe just let MWB block its access to the Internet FTM? Keep a watching brief on its activity.

If you have bought MWB, raise a ticket with their support group about it, including the image you captured.

ameerat42
12-02-2018, 1:29pm
I have stopped it for now in Task Mgr, but I can't see how to disable it permanently there.

- - - Updated - - -

Hah! Found its "parent" - Native Desktop Media Service and stopped that.

John King
12-02-2018, 1:58pm
Go to Administrative Tools/Services and disable the service there to stop it from starting at next reboot.

ameerat42
12-02-2018, 2:15pm
I think I've done it through (the entrails of) Task Mgr, JK...
Actually disabled it here...
134660

And ta for PM info.

John King
12-02-2018, 2:18pm
That looks good, Am. Check that it is still DISABLED after your next reboot.

And no worries. Glad to be of any help I can be.

ricktas
12-02-2018, 4:04pm
Have you looked in : C:\Program Files\JetMedia to see what else is in that folder. As that is where this App is. It could well be that looking in that folder enlightens you further.

I just checked all three windows machines here and I (1) do not have that folder (2) have no application running that matches up with this desktop media server in any way. Generally if it was part of windows it would be in C:\Windows\ or otherwise it is generally c:\program files\microsoft\ The fact is has its own folder suggests it is some sort of standalone application.

ameerat42
12-02-2018, 4:15pm
Yes, Rick, I had a look. It's in:
C:\Program Files\Jetmedia\NativeDesktopMediaService
There are:
checker.exe
Desktop_Media_service.exe
Uninstall.exe

But I have successfully stopped it, and now MawareB takes over any blocking of sites.
Before MWB WinDefender used to/may still do as well?

John King
12-02-2018, 4:59pm
Hoho. Now run the uninstall program in that folder.

ricktas Good work checking your own PCs, Rick. It seems that the program is definitely a foreigner.

ameerat42
12-02-2018, 5:27pm
GUess what. This on only on the ASus laptop and not on the Toshiba Sat.
Both have the same version of Win 10 :confused013

John King
12-02-2018, 5:42pm
What a surprise, Am!

Get an XX seat licence for MWB Premium. Worth whatever it costs (much less pro rata for extra licences).

Compared with the flaming time and frustration that invariably attends these sort of problems. Most of the time I have had clients paying me for my time, but had plenty of them privately too.

It will also block either inadvertent or secret download of this sort of poxware in future.

ameerat42
13-02-2018, 11:49am
Last word on this...
(No, it's not Zn :p)

After checking all the other computers here and checking with a friend with a similar one
that none of them had it, I uninstalled that vexing program today. Ie, jettisoned Jetmedia
just using Win Uninstall...

John King
13-02-2018, 12:19pm
Good move IMO, Am.

Just remember that without MWB, you probably wouldn't have even known it was there ... :eek:.

ameerat42
13-02-2018, 7:10pm
Hmm! I hope not. After the Premium version trial I'll be back to Win Defender doing
most of it. I'm sure I've seen it blocking before:eek:

John King
13-02-2018, 7:22pm
If you are not going to subscribe to MWB, may I suggest v.1.x of Spybot (not v.2.x!) PLUS SpywareBlaster.

The former offers real time protection against all sorts of spyware. The latter blocks web sites it knows to be bad.

I also use a desktop firewall program that hasn't been updated since 2004! It doesn't need to be updated as it compares the checksum of any process trying to access either the internet or other computers on the local network with what the checksum was when the target program had its original access approved. If the checksum has changed, the firewall program default is to block access.