3rdhope
Members-
Posts
16 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by 3rdhope
-
Found the scripts inside my router, Cleaned it up and upgraded its firmware.... ? No more problems, redirections or anything of the sort... It's a pitty i nuked most of my installed software. But thank you for your help. I atleast eliminated my PC from the one carrying the malware and focused on the router.
-
Well, after some manual searching and brute-forcing i found the malware comes straight from my router. My router has been infected and my ISP did not update it with the released patch. This explains the the mining script, currently not sure if it relates to svchost problem. But for the mining script i am certain, it's the router that's compromised...
-
Addition.txtFRST.txt Okay, so the pop still occures but this time it's not multiple ip addresses... only 104.238.186.189, everytime... for the file part on the pop it either doesn't list anything or it lists /system32/svchost.exe as the trojan... Then randomly as i browse websites, i get the same redirection to update browser(fake) from the screenshot above... and it tries to download the file which i obviously cancel and reload then the page will load fine... It's like it's redirecting or intercepting my traffic. Like a MITM attack and injects that fake webpage...
-
also i have started encountering this window on different sites, doesnt matter which website exactly, then it proceeds to try and download a .exe file that it claims i should use to update... but i always cancel the download and reload ....see attached screenshot... so i'm pretty much still infected and the trojan is getting agressive...
-
Hi, I keep getting this pop up about blocked website. The port changes each and everytime and outbound. No file/folder is listed Also, there is a script from xmr.omine.org that uses 100% of my CPU everytime i visit wordpress sites, doesnt matter which site., i've trying to remove this for two days now. I followed similar instructions from this forum but i couldn't resolve my problem.