PSYKO

Awesome I'll get that done, have a great night, thank you for your help so far! I'll be ready for the next step tomorrow!

oh cool, you guys are pure legends in my book haha, as requested here is the fixelog Fixlog.txt

Awesome, just get a bit freaked out by this sort of stuff, the fix is being applied now, may I know what was in it or is that some trade secrets stuff?

as requested :) and this is as stated before completely safe for me to be posting in an open forum? also i have followed everything to the letter. i do not want to waist your time and am grateful for your help mbst-grab-results.zip Addition.txt FRST.txt

Ok, I'll make sure to turn anything off and get it to you asap, aprox 3 hours

Ok I'll get on that asap, clearly there's something wrong, how bad is it?

as requested :) mbst-grab-results.zip

Will do! Might be a few hours but I'll get on it asap

Yes there was one more but I'm not at my computer at the moment, can I update you later? Why is it coming from "system" if I may ask?

No, not on this PC, I do on my phone and tablet but this PC doesn't have VPN on it anywhere

Hmm strange I thout I had, let's try again cvomp.txt See if that woks

cvomp.txtThe Ip showed up as being part of the game however all of the blocks were from "system" and were happening when I wasn't in the game at all I had 6 blocks last night and all of them were from system, with glasswire confriming that the nt kernal also had the IP connected to it If it was just the DCS game I would have ignored it, as per the last thread, however this one is a system block, that's what conserns me Here's the log file

Hi there, over the last week or so I've been getting real time blocks of an aparent compromised website, the problem is it's saying it's my system and that it's out going!!! Through glass wire I was able to track the IP down to the DCS exe and to my shock the nt kernal I ran the jp through VT and it only came back with one positive result Mbam scan showed nothing.. Whats going on? Is my PC compromised? What do I do next?

Sounds good, I'll post link here on their forums, might be good for info

Sorry for being such a needy muppet, thank you for all your knowledge and wisdom

Thank you so much, would this still be the case with a game that's not on steam or epic or anything like that? Im not sure if DCS world uses any of the same technology, I do know however that the port that the sites are coming through is the WebUI, which allows control of a server remotely. Ie, Change a mission I that concisered P2P? I'm not well versed in all this sort of stuff Just want to try understand as much as I can, don't get me wrong, I would rather mbam block every thing it possibly can, as agressively as possible! just need to make sure my network stays as safe as possible One of the reasons Iove mbam! So good

That k you for taking a look, So this is one of the servers that the game developer uses? Or is this a personal computer that the owner is trying to connect to mine? Should I be forwarding your results to the game devs?

hi there, i host a very small server for me and my mates to play on. i run it off an old PC that i had sitting around and thought i may as well use it for something! recently i have started getting real time blocking events happening, "website blocked due to Trojan" or "website blocked due to compromise" the port and exe that they are coming through to is the game exe that the WebUI uses to connect to the PC to control the server, the IPs that the events are coming from are different, and they happen at random times as you can imagine this is freaking me out somewhat, i am hoping someone here can shed light on the matter here are the exported log files do they look like FPs? or do i need to freak out? i should note that these events do not happen when the server exe is not running, I'm not sure whats going on, cheers guy

Sure thing

Is there any way to check/confirm if it was just a false positive or if something really has happened?

Ok can confirm that it is off, was never on, got my self confused with another thing haha Whats next?

I believe it is, I'll shoot home soon and double check it I should add that I don't have office or the outlook app on this pc, I uninstalled them both shortly after installing windows. I'll post here once I've checked this setting, thanks for such a quick reply by the way

So last night I went to add a shortcut to my desktop through steam, the uac pop up came up and approved, at the same time mbam popped this... Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/26/22 Protection Event Time: 9:41 PM Log File: 13bc01da-f534-11ec-9c01-04421aed5d58.json -Software Information- Version: 4.5.10.200 Components Version: 1.0.1709 Update Package Version: 1.0.56482 License: Premium -System Information- OS: Windows 11 (Build 22000.739) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe Shell32.dll,Control_RunDLL input.dll,,{C07337D3-DB2C-4D0B-9A93-B722A6C106E2}{HOTKEYS}, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Windows Control Panel Protection Layer: Application Behavior Protection Protection Technique: Exploit Office loading points abuse blocked File Name: C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe Shell32.dll,Control_RunDLL input.dll,,{C07337D3-DB2C-4D0B-9A93-B722A6C106E2}{HOTKEYS} URL: (end) It's a brand new windows install, installed it a week ago, I'm not really sure what's going on, if it's a false positive or not, I don't even know if it was the steam icon to desk top thing that made it pop, after this I ran a quick scan in mbam and win defender with no results Whats next have I been exploited or is it just an false positive and I can carry on with life? Anxiously awaiting your reply