Jump to content

MarcoBytes

Members
  • Content Count

    22
  • Joined

  • Last visited

Community Reputation

0 Neutral

About MarcoBytes

  • Rank
    New Member

Recent Profile Visitors

237 profile views
  1. To conclude this affair ... you will be wanting to know which authorisation allowed the malware in. Ha! It was 'remote assistance' I re-authorised it, by clicking the box against its firewall entry. Within an hour or so, the malware had returned. I then unauthorised it, rebooted, and re-authorised all the 'Steam' games, and Spotify. The malware never returned. Great news for users of 'Steam' and Spotify. I have no idea whether there is some code residing on the hard drive, associated with this malware, ... just waiting for the firewall authorisation. However
  2. Hahaha ... Victory! (phew) It was the decision to test the PC 'disconnected from the web', that led to the solution. ... when the malware failed to appear; it was clear that they were 'getting through' the firewall. You could hear the penny drop... Checking the firewall authorisations, I discovered that they were numerous. ... the suspect ones were 'remote assistance' and 'steam' games. Removing authorisation (un-ticking the box) on all these suspects ... did the trick ✌️ (Spotify was also un-ticked). I rebooted, and left the laptop running, connected by WiFi
  3. Also, what about the 'Bogon' address 172.31.0.50 ? It is listed in the same section as the other addresses that you mentioned. This article advises that it is dangerous: It is worth reading the full article! Can I ask... Is there any default reason to have any Tcpip address codes listed in the FRST.txt [Internet (white list)] section?
  4. It has just returned now. I guess we need to remove the other address.
  5. Good news - The malware doesn't run, when the laptop is not connected to the web. Clearly, it is being allowed through my firewall. I have run the fixlist, and the Dell address 163.244.76.254 has been deleted. Fixlog attached. nasdaq ... you ask if I wish to remove the other address 212.27.40.240. I don't know. I don't know why it is there, nor what it does. If it is not needed, then why not remove it? I will now leave the computer running, with it connected to the internet. Let us see if the malware shows up. This may take a few hours. Fixlog.txt
  6. Thanks nasdaq, Currently the laptop has been running for 4 hours, with WiFi disconnected. I will continue this test overnight, and into tomorrow. If the malware doesn't return, it will be likely that it is coming from the web. This should tell us something. I will then run the fixlist. Or if it returns, I will run fixlist.
  7. Two site addresses - One very 'how can I put this' - the other is Dell Inc. Let's clear Dell first, and then look at the other 'situation'. 163.244.76.254 This a Dell site I don't think that there is any reason for the PC to be talking to Dell. If this is happening via a boot-load, it is better that it is stopped, if only to save resources. 212.27.40.240 This is FREE/Iliad (the company) ... or a sub-division ProXad ... or the same (but who knows) Capitalisation 2017 - €13 billion Subscribers 2017 - 20 million (IE. This is a BIG company) However,
  8. After the re-boot, I decided to just leave the pc running, and not load a browser, nor anything other than the pre-loads. I figured that this would eliminate the connection with the browsers. Damn! I have just noticed that the adware is back. The thing is ... it waits for a few hours before appearing. This is a very good survival mechanism, because each test takes a few hours to run. You don't know if the problem is solved, until it doesn't appear ... but how long do you wait? It's not the end of the world. It can be closed, and with quick use of the mouse, the ta
  9. Ran: ADWcleaner Malwarebytes Kapersky TDSSKiller All returned NO threats... Yet the adware window is still running, and Firefox is locked. One minor thing to note, is that when chrome was the default, it loaded chrome. With Firefox, it loaded firefox. It seems to be independent of the browser. Any suggestions as to what I should do now?
  10. I interacted with the adware by clicking on it. I'd set firefox to default, so it opened, and a tab and a variety of dialogue boxes opened rapidly. Perhaps I should have used a screen video record? However, I got 2 screenshots, that clearly show target addresses (attached) MBST was then run (attached) I then tried to close firefox, but it won't close. I can close it by stopping it from running, or rebooting. Before that, I'll run ADWcleaner to see what it finds, and then Malwarebytes. I've noted that another thread suggests a kaspersky tool. I'll download i
  11. I've had a thorough look at both chrome and firefox. Notifications were set to 'Ask' and there are no exceptions listed, other than the usual google sites in chrome. Pop Ups were set to off. I ran the chrome malware search ... it found nothing. Checked all exceptions ... nothing. Turned off permissions for ads (chrome). Overall ... other than the 'ads' not being turned off in chrome; nothing indicated bad settings. From the above; my gut instinct is that, this adware is not 'notification based' (I could be wrong). My consideration is that I should : Interact
  12. Had a quick look at other peoples problems, and noted that they had been asked to use mb-support-1.5.1.681.exe. Consequently I downloaded, and ran it. Results attached. mbst-grab-results.zip
  13. At this moment in time, I have left the adware window running. It is the top layer of the windows, situated in the bottom right hand corner of the screen. I'm presuming that ADWc or Malwarebytes might have a better chance of finding it, as it is obviously now a running process in memory. I'm wondering if it is worth running Malware bytes to see what happens... FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.