[Random incoming connections detected?]

Hi,

it was an inbound connection again on port 445 with a strange IP Adress. ( Even tho i blocked the Port in the Firewall itself?)

In that time i was using opera again, not firefox like before.

No link or App involved.

The export is in the attachments.

What I also did is, I picked out all the IP addresses that tried to connect to me and did a reverse IP check. So I found out where they are hosted.
I wrote a complaint to the corresponding places, and even received one answer so far:

Quote

We've received your ticket and it's forwarded to the Abuse department for further processing, we'll contact our client and request appropriate measures to be taken on their side, please allow at least 24 hours for the message to be received and processed.

In the meantime feel free to update us, should you find yourself under attack from any other of our servers.

I am curious what will result from it.

 

I also made all the Updates you mentioned above.

And if nothing else can be done, so be it. I'll just have to live with the thought that apparently someone wants very urgently on my PC😁

Block-yesterday.txt

[Random incoming connections detected?]

Just now, KingRoan said:

Hi,

okay, let's hope that from now on there will be silence😁

 

SecurityCheck is attached.

SecurityCheck.txt 7.8 kB · 0 downloads

WELL, it doesnt seem like it..

Got a new block message, ah ffs 🙃

[Random incoming connections detected?]

Hi,

okay, let's hope that from now on there will be silence😁

 

SecurityCheck is attached.

SecurityCheck.txt

[Random incoming connections detected?]

Hi,

yeah im very greatful for that protection!
Is it actually possible to predict what can happen if such a connection is succesfully established?

Teeworlds is a game i play, I was wondering already why I couldn't get on a specific server until I saw that it was blocked by MB. I will just stay away from the server.

However, the incoming connections do not come from the game.

I have the rule in place now that all incoming connections are blocked on port 445.

So now this means that these connections are blocked before MB detects them?

And many thanks already at this point for all the help^^

[Random incoming connections detected?]

Hi,

done!

 

mbst-grab-results.zip

[Random incoming connections detected?]

Hi,

i did all that.

Firefox was good after that and showed a normal behaviour.

I still continued to use another browser out of caution.

 

However, just now these connections were blocked 2 times again, in a period of 40 minutes.

So apparently it was not Firefox after all  :(

[Random incoming connections detected?]

Hi again,

So the Sophos scan was clean.
I have attached the only file that was created. It only says that some things could not be opened.

-

To come back to the connections:
After I blocked the RDP sessions in the settings, I accidentally went back into Firefox and it was blocked again.  That was 2 days ago.

After that I didn't open Firefox again and no more connections have been blocked since then. ( But I didnt use my pc much either)

So does this mean that there is something in Firefox?

 

 

 

 

SophosVirusRemovalTool.log

[Random incoming connections detected?]

Hi again,

 

i did that scan too. It found known programs that were already in the bin.

So here no hint either, how the connections come about.

Scan.txt

[Random incoming connections detected?]

Done too!

It only found Cheatengine, which is a known program.

But i deleted it anyways.

 

mbar-log-2021-12-23 (22-00-02).txt system-log.txt

[Random incoming connections detected?]

Hi,

the full scan is finished.

msert.log

[Random incoming connections detected?]

Okay, thanks!

So i did step four from that tutorial, "To Force Disable Remote Desktop Connections to this Computer in Local Group Policy Editor".

I checked my router, the firewall there is already enabled.

Now another question, how do these attacks happen?
Are there people who just randomly target IP addresses and try to connect to them?
Or do I have something on my PC that tells the attackers to "connect"?

 

[Random incoming connections detected?]

Hi there Maurice,

Firefox was open at the time and so was gmail, however I did not read any email.
Other browsers are installed too but i didnt use them in ages. Only use Firefox really.

After I wrote the post here, after some time I pressed the refresh button ( to see if there was already a reply) and right  after that another connection was blocked. I also put that one again in the attachment. Now i can spam the refresh button but nothing happens🤨.

Also, the scan with the program did not find anything.

 

AdwCleaner[S00].txt 61dfe2aa-6353-11ec-b97c-18c04d3625a0.txt

[Random incoming connections detected?]

Hello,

Since a few days I have the following problem, and that is that Malwarebytes always blocks compromised websites/connections at startup.

But I do not go to any websites.

I have attached the Malwarebytes logs along with the Farbar logs.

However, since I can't attach JSON files, I copied the contents of the files to a .txt file.

What I noticed in the newer logs is that the ProcessPath has changed from "Firefox" to "System"?
According to MBAM these are incoming connections?

I hope someone here can help me understand what these blocked connections are about

Thanks in advance!

 

FRST.txt Addition.txt 19e9bfd0-6046-11ec-b356-18c04d3625a0.txt dd765df4-60e2-11ec-86b2-18c04d3625a0.txt 36438490-634d-11ec-a746-18c04d3625a0.txt