CyrodiilWarrior
-
Posts
37 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by CyrodiilWarrior
-
-
-
Okay. I've got the scan running right now - Full Scan. Just to say, the last Malwarebytes RDP connection attempt was on the Friday 10:48 and today is Christmas Sunday. Whilst I have been using my computer less often, I have still been using it each day. So it is a positive I guess that there has not been as many attempts as previously. I'll update you on the HouseCall scan results once complete.
-
I've followed the next step, I've used the Google DNS servers.
-
-
On the detection history, if you click [Location] to filter by that, reoccurring (multiple attempts from same IP) but not in a row:
107.189.13.47, 109.232.223.115, 154.89.5.92, 203.150.199.74, 3.110.225.176, etc.
They are of different times, sometimes different days. Yet they match more than once on the list.
-
Thanks for the further assistance Maurice. I have now completed the steps above. To mention also, I do turn off my computer each night and once it has fully shutdown, I switch off the plug socket.
So 30/11/22 we found "Malware" (Malware.AI.2504767483) - C:\Users\Bradley\AppData\Local\Temp\is-LETJO.tmp\authtools.exe - after the Windows 11 clean fresh install, I am not sure how this came about on the machine. Perhaps sync from OneDrive or Microsoft Edge login sync. I had entirely wiped all my previous drives except a drive containing files like photos, documents, etc.
Another thing to mention, I don't know if this would help. Yesterday or the day before that, I took a look at my ISP router settings and unticked Respond To Ping under the Firewall settings. I thought this could help. After doing this at different times, I received various attempts from 3.110.225.176 on Port 0. Clearly, this device tried more than once to connect to my machine.
-
So for IP 3.110.225.176 there has been 4 inbound attempts in a row on Port 0, under category Trojan.
I did the Malwarebytes update and scan also.
-
Scan appeared to be fine. Did update before too.
-
-
Category: Trojan ?
-
I noticed it wasn't turned off here. Only turned off in Windows 11 Settings. Perhaps this may help.
-
Hello, so I have been hoping for these detections to stop. They have still been continuing. Skim reading, all IPs seem different to each other. There is no way to see if the same IP has tried to connect more than once.
So to recap, I have Remote Desktop Connection switched off. I also have TeamViewer on my computer which is a Remote Desktop Connection utility tool. I never have anyone control my PC remotely, rather assisting my cousin once in a blue moon.
The regularly RDP detections and popups have become an annoyance.
-
-
Hello again, I've just seen this is re-opened. I have been receiving constant RDP detections, it's kinda frustrating.
Is it "normal" to keep receiving these all the while? Bare-in-mind, I'm not doing anything to receive these. No web browsing.
I was hoping these would eventually disappear for good.
I wanted to ensure my machine was 100% clean and secure.
Anything additional I can do? I took a look through folder structures and some seem strange to me.
-
10 hours ago, Maurice Naggar said:
Those all show as "compromised websites". The threats are all externally located.
See this Malwarebytes support article
https://support.malwarebytes.com/hc/en-us/articles/360048565893-Receiving-message-Website-blocked-due-to-compromiseThanks for making this clearer. I am hoping they clear eventually and become less frequent. As some days like 6 popups in 1 day. Different times I am using the computer more/less.
-
The latest scan.
As for Malwarebytes, get like 6 RTP detections in a day. Even when web browser is closed and not doing anything on the PC. Times/dates listed.
-
When home I'll get the logs. So RTP detections can be 2 to 8 a day. When I'm not on an Internet browser, then can suddenly pop up randomly. The popups get annoying.
So Malwarebyes never found Malware and another tool we used. Then eventually one of the tools found it and removed it. I was worried in case there was anymore or if it infected any files.
RTP detections tend to me different random IPs but I think there has been sometimes where the same IP has displayed more than once.
I could be playing a game (Day Z), when I come off and check Malwarebytes log I notice the RTP detections and their time. Or I could leave my computer on and have no Web browser open, come back to the machine and notice RTap detections and their time on the log.
-
Okay so I've sorted out my Pro account now and regained access. My Malwarebytes is activated again and I deactivated the old previous devices.
I am still experiencing RTP detections, like 2 tonight. What are the next steps? I am confused how/why I am receiving these regular RTP detections and if hidden Malwarebytes may still exist.
-
Another thing to mention. Previously, I purchased Malwarebytes Pro. I have my main email and another email for my PayPal account. After reinstalling Windows 11 after all the RTP detections, I tried to reactivate Malwarebytes using my emailed key but it would not work. I emailed Malwarebytes support explaining the account issue but have not heard anymore. I have emails regarding my purchase, but I cannot use Pro. I believe when I purchased Malwarebytes Pro, it did not register it to my main email account. I am unsure if it was or was not linked to an email account. On my account page with my main email, my Pro subscription is not listed.
-
I forgot to mention. With TalkTalk ISP under Access Control, I have the Firewall switched on. I have Medium setting since High was stopping me from doing certain things, such as joining Minecraft servers.
LAN -> WAN: Allow all
WAN -> LAN: Block all below
NETBIOSRespond to ping is ticked. I wasn't able to use High sadly and there is a Custom option but that seems advanced. If I wasn't playing online games, I could very easily use High setting.
-
Okay. Adwcleaner scan was very quick and had 0 infections. I had done: Delete IFEO keys, Delete tracing keys, Delete Prefecth files, Reset Proxy, Reset IE Policies, Reset Chrome policies, Reset Winsock - with no web browser open during the scan.
I have Remote Desktop switched off too from before. I do have a TeamViewer client where I help my cousin sometimes via Remote Desktop, which works despite Windows settings having Remote Desktop as disabled.
I'll also keep an eye today on any Malwarebytes RTP detections, when I'm not working.
-
Any update? As had 7 blocked RTP detections by Malwarebytes today (05.12.22).
-
The open-source game - 0 A.D. - uses a Torrent download -
https://play0ad.com/download/win/- long in the past I have used Torrent for big game mods too as them being compressed makes them easier.
Perhaps an infection was among some old backup storage files. I wonder about my OneDrive too as that automatically re-downloads cloud files too. I am not sure if that backups AppData, but I know it backup Desktop, Documents, Pictures, Downloads, etc.
It is possible this had backed up AppData in the past for modded Minecraft. When you use Technic Launcher for Minecraft and download a Minecraft modpack, it stores the modpack files in the AppData directory.
-
So I'm running the long process of the ESET full-scan. I just want to mention the Malwarebytes popup.
RTP detection, action: blocked website
05.12.22, 08:53 UK time: 107.189.13.47
File: C:\Windows\System32\svchost.exeIf this is of any use or concern.
TheOldNet.com
in Website Blocking
Posted
Hello Malwarebytes community,
I was surprised to see that the TheOldNet.com was blocked by Malwarebytes so I searched into it.
I found a post from 2019 (the post) where someone stated that the website will be removed from their blocked database. I'm not sure if the website was ever removed or not, but it is currently blocked.
Any feedback on this? I want to know if it is safe to use or not...