Jump to content

MaxLebled

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by MaxLebled

  1. Everything's been good, it was just that strange instance of my network going down in the previously-mentioned way after those IP blocks. Figured it might be a MB bug (not the first one I'd have encountered) so I might as well post in case there was a bug to be found & solved
  2. Here's the MSERT log... there are a couple of embarrassing detections in there, of very old pirated software, that is lying around in backups of backups of backups (...) of backups. But rest assured I've never gone anywhere near these for nearly a decade—for at least 3 (!) computers ago. I nuked 'em out of my backups drive. msert.log
  3. How long should I expect the fix step to take? It doesn't seem to be working. FRST is displaying a moving progress bar, but fixlog.txt pretty much just contains fixlist.txt. As I type, fixlog.txt hasn't been written to since I started the process 15 minutes ago. Cookies weren't cleared from my browsers either. I have been running the tool as instructed, and with all background programs (MB included) closed. Fixlog.txt
  4. Here's the link to the original thread, which I forgot to insert, oops:
  5. Hello! Following this thread in another section, I was advised to run FRST and post the log here just in case. The short version of the story is that Malwarebytes reported blocking a bunch of outgoing connection attempts to 104.194.10.57, every 30 seconds, for about 15 minutes, after I visited a web page. (As of the time of writing, this is not reproducible anymore; I'm probably getting served different ads.) So this was most likely a blacklisted ad provider's address. The actual WEIRD part of that story is that something along the way made my internet connectivity go into a weird half-working state: DNS stopped working, LAN http connectivity (router interface page @ 192.168.1.254) stopped working, but... a multiplayer game's ongoing connection did not go down, and kept working?! Windows displayed the connection as "No Internet", too. Rebooting made all of that go away. No problem now. This is why I initially posted a thread to the program tech support section, as I was suspecting a bug in Malwarebytes more than an actual infection. (It wouldn't be my first time encountering a strange bug caused by MB!) However, better safe than sorry, so I've attached MSERT and FRST logs to this thread. I'll note that I was unable to run the standalone version of FRST—it seemingly freezes after reaching "Memory info" in the scan progress. (The process is still reported as running, but the interface completely freezes.) It did leave logs behind, and they looked identical to the FRST scan included with the "Malwarebytes Support Tool", which itself ran fine. So I'm attaching the logs from that one instead. msert.log FRST_28-04-2022 16.03.03.txt Addition_28-04-2022 16.03.03.txt 5b72fbb8-c74f-11ec-9392-e848b89ae3dd.txt
  6. I'm not getting them anymore either, which is why I'm inclined to think it was an ad that was connecting to a blacklisted IP — failing, and trying over and over. Further searches have led me to a forum post that mentions this specific IP related to ads as well. This page claims there is a link between the IP and the gamebanana domain name as well. I will run this tool and create a thread just in case, though—better safe than sorry! (I just want to write everything down in case that helps someone later down the line...)
  7. The detections were outgoing. I was able to reproduce them by visiting the webpage I mentioned in my previous post, so the source is known. What I couldn't reproduce was my Internet connectivity going down after a while; because there's a possibility this might have been a Malwarebytes bug, I figured posting the logs would be helpful. (I've hit strange MB bugs before, like the one that caused my PC to BSOD if a RTSP stream was accessed over LAN...! 😀)
  8. Cross-checked with my browser history and it seems very likely that it's this web page (opened at 15:06, but left in the background) that was responsible: https://gamebanana.com/members/1238771 Warnings from Malwarebytes about 104.194.10.57 are popping up again while I visit it, despite adblockers being enabled. Maybe there's a malicious ad somewhere. So that seems most likely to be the root cause, but as to how and why it could bring my internet connectivity down... hopefully the logs will help someone shine light on what happened?
  9. Here's the logs zip provided by the support tool. mbst-grab-results.zip
  10. Hello everyone. This is less of a malware removal help request, and more of a question. I was hit with something strange an hour ago. MalwareBytes started reporting a ton of "RTP detections" from chrome.exe, all with the same IP, 104.194.10.57. (I don't believe I was actively browsing at the time.) Additionally, the first "RTP detection" logged is categorized as "Trojan" under the "Event details" column, while all subsequent ones are categorized as "Malware." All "Actions" were "Blocked website." There were two RTP detections logged per minute between 15:05 and 15:21. At some point during that time, my Internet connectivity went down, but in an unusual way. I was connected to an online multiplayer game, but it kept working without a hitch — perhaps because it was using some direct IP connection instead of relying on DNS? But everything else stopped working. I couldn't load websites, even my router admin interface on my local network, and the system tray's network icon displayed as the little globe that indicates no connectivity (as opposed to the outline of a screen with a cable next to it) Out of curiosity, I tried the Windows troubleshooter, and the only thing it could suggest was to perform a network reset, which I didn't do. Here are some bits from the Windows Event Viewer that may be relevant: (15:06:00) DNS Client Events: Name resolution for the name telemetry.malwarebytes.com timed out after none of the configured DNS servers responded (15:06:02) Tcpip: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. (...) (15:16:45) DNS Client Events: Name resolution for the name heartbeat.dm.origin.com timed out after none of the configured DNS servers responded. (15:16:48) AFD: Closing a TCP socket with local port number 50767 in process 21288 is taking longer than expected. The local port number may not be available until the close operation is completed. This happens typically due to misbehaving network drivers After rebooting my computer, everything was back to normal. There have been no further "RTP detection" events logged in Malwarebytes. Malwarebytes scans have not reported anything detected so far, and neither has MSERT.exe. Did I stumble onto a MB bug that caused this weird issue? Should I be worried of an actual infection on my computer? Let me know if I can provide logs or any additional details regarding this.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.