3rdhope

Found the scripts inside my router, Cleaned it up and upgraded its firmware.... ? No more problems, redirections or anything of the sort... It's a pitty i nuked most of my installed software. But thank you for your help. I atleast eliminated my PC from the one carrying the malware and focused on the router.

Well, after some manual searching and brute-forcing i found the malware comes straight from my router. My router has been infected and my ISP did not update it with the released patch. This explains the the mining script, currently not sure if it relates to svchost problem. But for the mining script i am certain, it's the router that's compromised...

I did not re-installl anything but the crypto mining script is back again. Aggressive little malware...

no problem ?

Addition.txtFRST.txt Okay, so the pop still occures but this time it's not multiple ip addresses... only 104.238.186.189, everytime... for the file part on the pop it either doesn't list anything or it lists /system32/svchost.exe as the trojan... Then randomly as i browse websites, i get the same redirection to update browser(fake) from the screenshot above... and it tries to download the file which i obviously cancel and reload then the page will load fine... It's like it's redirecting or intercepting my traffic. Like a MITM attack and injects that fake webpage...

still having the same problems. thanks for your efforts by the way... atleast i got rid of the cryptocurrency miner

*mistake...

Here is the right file. made a file when choosing roguekills.txt

Scan came back negative... Fixlog.txt

also i have started encountering this window on different sites, doesnt matter which website exactly, then it proceeds to try and download a .exe file that it claims i should use to update... but i always cancel the download and reload ....see attached screenshot... so i'm pretty much still infected and the trojan is getting agressive...

This type it comes up with svchost.exe as the culprit 104.238 as the ip

The scan for adware came back clean, can't find the logfile tho... The pop up is still there... but the script that runs on wordpress sites is no longer there... The pop still exists tho...

Fixlog.txt malwarebytes2.txt

nope, i do not know any of them and i'm not located in any

here malwarebytesScan.txt Addition.txt FRST.txt

Hi, I keep getting this pop up about blocked website. The port changes each and everytime and outbound. No file/folder is listed Also, there is a script from xmr.omine.org that uses 100% of my CPU everytime i visit wordpress sites, doesnt matter which site., i've trying to remove this for two days now. I followed similar instructions from this forum but i couldn't resolve my problem.