CyrodiilWarrior

Hello Malwarebytes community, I was surprised to see that the TheOldNet.com was blocked by Malwarebytes so I searched into it. I found a post from 2019 (the post) where someone stated that the website will be removed from their blocked database. I'm not sure if the website was ever removed or not, but it is currently blocked. Any feedback on this? I want to know if it is safe to use or not...

Okay. I've got the scan running right now - Full Scan. Just to say, the last Malwarebytes RDP connection attempt was on the Friday 10:48 and today is Christmas Sunday. Whilst I have been using my computer less often, I have still been using it each day. So it is a positive I guess that there has not been as many attempts as previously. I'll update you on the HouseCall scan results once complete.

I've followed the next step, I've used the Google DNS servers.

Fixlog.txt

On the detection history, if you click [Location] to filter by that, reoccurring (multiple attempts from same IP) but not in a row: 107.189.13.47, 109.232.223.115, 154.89.5.92, 203.150.199.74, 3.110.225.176, etc. They are of different times, sometimes different days. Yet they match more than once on the list.

Thanks for the further assistance Maurice. I have now completed the steps above. To mention also, I do turn off my computer each night and once it has fully shutdown, I switch off the plug socket. So 30/11/22 we found "Malware" (Malware.AI.2504767483) - C:\Users\Bradley\AppData\Local\Temp\is-LETJO.tmp\authtools.exe - after the Windows 11 clean fresh install, I am not sure how this came about on the machine. Perhaps sync from OneDrive or Microsoft Edge login sync. I had entirely wiped all my previous drives except a drive containing files like photos, documents, etc. Another thing to mention, I don't know if this would help. Yesterday or the day before that, I took a look at my ISP router settings and unticked Respond To Ping under the Firewall settings. I thought this could help. After doing this at different times, I received various attempts from 3.110.225.176 on Port 0. Clearly, this device tried more than once to connect to my machine. mbst-grab-results.zip

So for IP 3.110.225.176 there has been 4 inbound attempts in a row on Port 0, under category Trojan. I did the Malwarebytes update and scan also.

Scan appeared to be fine. Did update before too.

Category: Trojan ?

I noticed it wasn't turned off here. Only turned off in Windows 11 Settings. Perhaps this may help.

Hello, so I have been hoping for these detections to stop. They have still been continuing. Skim reading, all IPs seem different to each other. There is no way to see if the same IP has tried to connect more than once. So to recap, I have Remote Desktop Connection switched off. I also have TeamViewer on my computer which is a Remote Desktop Connection utility tool. I never have anyone control my PC remotely, rather assisting my cousin once in a blue moon. The regularly RDP detections and popups have become an annoyance.

mbst-grab-results.zip

Hello again, I've just seen this is re-opened. I have been receiving constant RDP detections, it's kinda frustrating. Is it "normal" to keep receiving these all the while? Bare-in-mind, I'm not doing anything to receive these. No web browsing. I was hoping these would eventually disappear for good. I wanted to ensure my machine was 100% clean and secure. Anything additional I can do? I took a look through folder structures and some seem strange to me.