Jump to content

3rdhope

Members
  • Content Count

    16
  • Joined

  • Last visited

About 3rdhope

  • Rank
    New Member
  1. Found the scripts inside my router, Cleaned it up and upgraded its firmware.... ? No more problems, redirections or anything of the sort... It's a pitty i nuked most of my installed software. But thank you for your help. I atleast eliminated my PC from the one carrying the malware and focused on the router.
  2. Well, after some manual searching and brute-forcing i found the malware comes straight from my router. My router has been infected and my ISP did not update it with the released patch. This explains the the mining script, currently not sure if it relates to svchost problem. But for the mining script i am certain, it's the router that's compromised...
  3. I did not re-installl anything but the crypto mining script is back again. Aggressive little malware...
  4. Addition.txtFRST.txt Okay, so the pop still occures but this time it's not multiple ip addresses... only 104.238.186.189, everytime... for the file part on the pop it either doesn't list anything or it lists /system32/svchost.exe as the trojan... Then randomly as i browse websites, i get the same redirection to update browser(fake) from the screenshot above... and it tries to download the file which i obviously cancel and reload then the page will load fine... It's like it's redirecting or intercepting my traffic. Like a MITM attack and injects that fake webpage...
  5. still having the same problems. thanks for your efforts by the way... atleast i got rid of the cryptocurrency miner
  6. also i have started encountering this window on different sites, doesnt matter which website exactly, then it proceeds to try and download a .exe file that it claims i should use to update... but i always cancel the download and reload ....see attached screenshot... so i'm pretty much still infected and the trojan is getting agressive...
  7. The scan for adware came back clean, can't find the logfile tho... The pop up is still there... but the script that runs on wordpress sites is no longer there... The pop still exists tho...
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.