Jump to content

Polleke

Members
  • Content Count

    12
  • Joined

  • Last visited

About Polleke

  • Rank
    New Member
  1. I have not had any notification since the 6th July, although nothing was found nor removed by various tools (MB, FRST, Zemana, etc.). Could you explain to me why you think that the notification is related to a browser hijacker? Could it also be caused by malicious software? Is the destination IP 77.73.68.x not known in malware database to determine where and what to look for? - https://twitter.com/viriback/status/1060561333240938496 - https://twitter.com/i/web/status/1101475880927481856 In the notification, it is stated that outbound port 8 is used (I guess this is TCP port, which is an undefined/unused port).
  2. I have not seen any events concerning IP 77.73.68.x since MalwareBytes blocked them. So I de-installed and installed again. I will monitor it the coming days. Strange enough I have not cleaned/removed anything since none of the anti malware tools could find a threat......
  3. The Firefox "Three Ships" applet/JS is installed to access the e-Learning environment at my university. But this 77.73.68.x range is in Russia, so something (not yet known / undetectable) is setting up a connection (using port 😎 which raises an MalwareBytes event.
  4. So what IP do you want me to put back? Shall I just use 8.8.8.8 (Google DNS)?
  5. What are these firewalls rules (port 1688, 5357. 5556, 5557) used for?
  6. Are you referring to 192.168.62.70? That is a private IP address range which is not routable over the internet. I ran CurrPorts (http://www.nirsoft.net/utils/cports.html) with logging, but I did not see any session to 77.73.68.175
  7. Yes, 192.168.62.70 is Pi-hole DNS. Attached the FRST quarantine folder. Quarantine.zip
  8. I applied the fix, but it removed my DNS server (Pi-hole anti adware on Raspberry Pi). www.pmin.nl is just a starting homepage. Trojan Remover 6.9.5, IP Camera Viewer 3 and Winmerge are valid applications. Attached FRST and Zemana logs. Fixlog.txt Zemana logs.txt
  9. I like to understand the event: Category: Trojans IP Address: 77.73.68.175 port 8 and 77.73.68.17 port 8 ISP Fishnet Communications LLC Usage Type Data Center/Web Hosting/Transit Domain Name rnet.ru Country Russia City Shushary, Sankt-Peterburg I followed the steps described in: https://forums.malwarebytes.com/topic/248304-trojans/?_fromLogin=1 1. Scan with Malwarebytes 3 2. Scan with AdwCleaner 3. Scan with Farbar Recovery Scan Tool Is this an event describing my PC trying to setup a connection to 77.73.68.175? If so, what application is doing this? Addition.txt AdwCleaner[C00].txt AdwCleaner[S00].txt FRST.txt Malware Bytes event report trojan outbound blocked websites.txt Malware Bytes summary.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.