Hackers are more and more "sophisticated" or better.....

…live at the expense of others

This malware (CacheFlow) is a chameleon.

It checkes other add ons, deactevate itself not to be detected, activates itself after 3 days when installed (undetected) and can thus see all activities and also carry out consents.

Look i.e. there .

Cloaking with the help of Google Analytics.

The worst thing is that this malware downloads personal data before encrypting your data to suppress you, otherwise it uploads your data to the Internet, making it worthless to restore a backup.

So be careful with your personal datas. I use safes and external storages for it. But I tell no news when I do so- surely.

I have those exe files (attachment 3.jpg), but they are not on my hard disk:


Continuing from his findings, we managed to find many other extensions that were doing the same thing. These other extensions offered various legitimate functionality, with many of them being video downloaders for popular social media platforms. We initially learned about this campaign by reading a Czech blog post by Edvard Rejthar from CZ.NIC. He discovered that the Chrome extension ?Video Downloader for FaceBook?? ([b]ID pfnmibjifkhhblmdmaocfohebdpfppkf[/b]) was stealthily loading an obfuscated piece of JavaScript that had nothing to do with the extension?s advertised functionality. Continuing from his findings, we managed to find many other extensions that were doing the same thing.

ig tries to start when I’ve loaded Malwarebytes, but I don’t allow it to run but Malewarebytes still runs - and it doesn’t find any malicious software (sneaky backdoor software?) and no software finds anything. ig is said to belong to malwarebytes ( ? ) :

https://www.freefixer.com/library/file/ig.exe-300035/ What is ig.exe? - FreeFixer What is ig.exe? ... ig.exe is part of Malwarebytes Scanner and developed by MalwareBytes according to the ig.exe version information. ... ig.exe is digitally signed by ...
https://forums.malwarebytes.com/topic/254313-malwarebytes-creates-multiple-ig-exe/ Malwarebytes creates multiple ig exe - Malwarebytes for Windows ... 2 Dec 2019 ... I found another thread which says IG is part of the new scan engine in Malwarebytes version 4 but why ... ID:1348374 ... As noted above, the ig-*.exe files are only temporary copies of the base ig.exe; used during scanning ...

Malwarebytes Staff

2 4
4,192 posts
Posted December 2, 2019
Hi spinoxin,

Please refer to the following post: New instances of ig.exe constantly needs whitelisting - Malwarebytes for Windows Support Forum - Malwarebytes Forums

As noted above, the ig-*.exe files are only temporary copies of the base ig.exe; used during scanning and as part of on-execution protection provided by the Malware Protection component. If you use the ‘Quit Malwarebytes’ option and look inside the installation folder (%programfiles%\Malwarebytes\Anti-Malware by default), you will only see a single ig.exe.

but—> attachment 2.jpg aus obigem Link

comodo’s advice: Do only run it if it belongs to your daily program (or if you trust it … or so). We do not advice so.


14:59 MZ

Online Security Pro: Warning: Unsafe website blocked (go back to safety (recommended)

ffjgpapimgnmibnacmeilgjefnoofefp :

I opened a safe website of an insurance company. Suddenly, after closing this website and opening once more I got this warning.

Thanks to comodo and staff! :-TU :-TU

Could anyone of the staff look at the log files (by malwarebytes support tool)? I’ll send it per personal mail. Would be nice!

Sorry, I’ll upload the log-files in forums.malwarebytes.com

maybe “pm” meldan


sounds creepy. Can you upload it to virustotal.com

after you cleared the comodo sandbox and blocked it with hips. Did Comodo Killswitch show anything unusual or any new unknown files

It really seems to belong to malwarebytes:

I agree with you: sounds creepy.

There are many unknown files but opening features they belong to comodo dragon, Windows - i’ll clear sandbox a.s.o. and will report.

Thank you.

So, these two are always available, belonging to memory compression (attachment 7.jpg)

But before cleaning the sandbox there were many of them (i.e. attachment 4 + 6)

I’ll uninstall malwarebytes to see if the “ig.exe” appears once more.

Just opened Malwarebyte and started scanning, in Killswitch appears ig.exe in red and is closed very fast again.

This folder does not exist: C:\Users\xxxx\AppData\LocalLow\IGDump\bxmjealphsczzvfimowvrhhalfiyqfnh\ig.exe and wether valkyrie nor virustotal can find the file.

based on your pictures, I get the same unknown file types like .exe.mui, .pak, .nls,and so on. Heres a picture of mine from killshot for comodo dragon

Hitman Pro, Malwarebytes, comodo, adwcleaner - none of them found any suspicious items on my PC.
I installed Malwarebytes again - so far no ig-exe.

If you still running into issues. computer slowing down, bsob, and so on OR IF your not sure

using the program will help narrow down your problem.

Farbar Recovery Scan Tool Download <----I recommend saving it to the desktop, that way the 2 log files will go there One is called FRST.txt and the other is called Addition.txt

Thank you. Nearly everything is o.k. but BSoD again.

but BSoD again.
Thats not acceptable. Can you post it in bug reports section. If they can fix it, they' will probably give you a patch for your machine so you don't have to wait for the next version to come out with the fix. Just an idea?

I’m glad nearly everything is almost O.K.

very curious about these browser extensions, is cfw has anything to do with they or is it chrome’s responsibility?
no test or demonstration. cfw able to block such things?


@our beloved sister

It “only” happens when restoring the container.