Jump to content

NJeffcoat

Members
  • Content Count

    5
  • Joined

  • Last visited

1 Follower

About NJeffcoat

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. The computer restarted normally. Fixlog.txt attached. Sadly there's no immediate way for me to know if the problem is fixed. If there is/was a trojan then it is tricky because it wasn't consuming CPU/GPU usage and according to malwarebytes notifications it was hiding behind legitimate applications. So if it is gone i won't know unless i monitor the malwarebytes notifications for at least the next 48 hours. If it is still there i expect that within the next 48 hours malwarebytes should ping me about another blocked inbound connection from a random IP address. I will keep you informed on if i do or do not get another notification. In the mean time is there anything else i can do to see if there is a trojan hiding on my PC? Fixlog.txt
  2. Hey Malwarebytes team/forum. Recently I've been receiving notifications from Malwarebytes saying that it has blocked an inbound connection. Great! that means it's doing it's job. Or at least until yesterday when i took an extra moment to see what exactly it was blocking. Upon inspection of the notifications i saw several from the steam gaming platform, and one from Nvidia container. yesterday i tried looking into this blocked connection that was using Nvidia and tried posting to the forum only to be blocked by the forum's spam filter, oh well. so i took it into my own hands and uninstalled Geforce Experience and manually removed the folder containing the Nvidia container inside the Nvidia corporation folder just to be safe since i don't use the features provided by Geforce Experience aside from the FPS overlay, then called it a day. That is until just now when i got another block this time in regards to another inbound connection this time using the program Spotify. now i'm familiar with both steam, nvidia, and spotify as one is my game client, one is my graphics card, and another is my music program. What concerns me is that the inbound connections are not associated with any site or host-name, only IP address. so i googled the IP address and a few results came back with china (minus one from a data center in Canada). each notification lists the program behind these inbound connections and the files location, all back to the actual programs .exe's. Bummer i was hoping for an easy uninstall of some fake programs. so after some digging i found that this time (the block using Spotify) the file location was located inside "WindowsApp" folder (which is permission blocked by "trustedInstaller" a default outdated windows process[from my understanding]). This concerns me even more and i really don't want to try gaining access only to accidentally break something. So now convinced that i in fact do have a Trojan and it is attempting to receive network communication via legitimate applications i have come to this forum in search of more professional help. Once the malwarebytes scan is finished i will attach the result of the malwarebytes scan, the Adware cleaner scan, the Frst.txt / Addition.txt, and the Notifications (in .txt) from malwarebytes. Then i wil submit this post and hope that the weirdness yesterday with the forums spam filter is done. FRST.txt Addition.txt AdwCleaner[S24].txt scan export.txt notifcation.txt notifcation(1).txt notifcation(2).txt notifcation(3).txt notifcation(4).txt notifcation(5).txt notifcation(6).txt
  3. fun fact, so turns out one of the many tabs i had open was a DND site and the DM was playing around with the in app option to play music and I heard it because I never bothered logging out after the session.... sorry false alarm guys.
  4. here are the files from frst that you asked for. Addition.txt FRST.txt
  5. some background info, I recently purchase and put together a new pc and installed all my favorite stuff now i can have 20 chrome tabs, discord, Spotify, steam, and a game open all at once because I like to multitask and now I can. a little while ago I got Malwarebytes full version because I like it so much as well as nordvpn(which I run through i2p sometimes, but mostly just as a browser extension for chrome). the problem now is that sometime recently I began to hear random audio playing, at first it wasn't out of the ordinary as I normally have Spotify running in the background for something to listen to while I talk to people on discord. what made this weird(rather what tipped me off) was that I was playing world of warcraft and out of nowhere the theme music to elders scrolls online started playing. offput as to where this was coming from I muted everything I KNOW I had running and searched all my chrome tabs and found nothing. the ESO music would play, stop, then play again for like three times then just stop altogether. I ran task manager to find any out of the norm programs but nothing and Malwarebytes couldn't find anything. please help, currently, it's only a slight nuisance but it's a virus nonetheless on my brand new computer and I want it gone. attached is a summary of Malwarebytes threat scan whilst in safe mode /w networking summary.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.