I am a MSP and have had a customer bring in two of their pc's for the exact same issue. Our clients computer is being attacked/pinged every couple of seconds and it will not stop. The exact Malwarebytes message we are getting is.
Domain: 100k0.ddns.net
Ip Address: 142.202.240.42
Port:6606
Type: Outbound
File: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Our shop has tried everything to get rid of this nuisance. We have ran Malwarebytes, Superantispyware, ADW cleaner, JRT, Roguekiller, Tweaking, FRST and also deleted the Framework 4.0 folder located in the windows folder. The trojan I assume would not allow permissions to be switched from trusted installer to be able to erase the 4.0 framework folder, we were not able to erase that folder until we moved the drive to another computer. Only then were we able to switch permissions from trusted installer to user. Once that was done the notifications had stopped for an hour or two and didn't notice a single notification while doing the rest of the clean up on the computer. After the hour or two wait the notifications started back up again. The notifications still come and full force even when not connected to any internet either.
Our shop has been working on this for a couple days now and have read many forums trying to find solutions but there are non. Any help you can provide will be immensely appreciated. We would like to find out the root of this problem so we can prevent it for clients in the future and also of course a solution.
-Thank you