Jump to content

Search the Community

Showing results for tags 'botnet'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 2 results

  1. So I've been getting connections from strange IP's for a long time and Malwarebytes has always notified me of it and classified the attempts as malware. These attempts would usually happen around 4-5 times a week for the past 5 months or so and Malwarebytes Premium would show no additional information on the attempts apart from IP & Port. Recently though these attempts have been much more frequent (3-9 times a day) and coming from different IP's and sometimes even showing domains which also are different from each other. Instead of saying it was an attempt to infect my PM with malware it now says it was a Trojan instead. I've scanned my PC with Malwarebytes Premium, Adwcleaner and Avast with no results each time. Just recently I've been looking into the IP's with different online tools: https://exchange.xforce.ibmcloud.com/ https://www.virustotal.com/#/home/url These would show that most of the IP's that Malwarebytes would inform me as Trojan infect attempts are trying to infect me with the Zero-day malware. One of the recent IP's I had checked was this and it seems to be a spam bot (from a botnet most likely) trying to infect PC's with the Zero-day malware. https://exchange.xforce.ibmcloud.com/ip/81.18.134.18 Most frightening is the fact that after after using a VPN or even double proxies they still manage to connect to me. I'm using NordVPN and even then I am getting spammed. Majority of the attempts only show the type of the malware and the IP. Not domain or the file it was coming from (assuming I have something on my PC that lets them connect to me through changing my IP address. So is my PC, information and files in danger with how things are now, or am I safe? Sorry the text on the image is in Finnish. Also not sure if the topic is in a wrong category, move it if it is.
  2. So I've posted before about some odd happenings and never really found a solution but think I got a little closer. In my event logs, I have several power shell events like pshell console starting a server (among other things), Multiple WMI services starting, and browser redirects. Nothing has ever been found by Win defender or MBAM Premium (I really don't feel like they're working - on the surface they seem to working fine but I think it's an illusion). Hitman Pro did find a file Win32.Droma.abdb (first malicious file I've ever found) and that led me to googling that and found this article. http://niiconsulting.com/checkmate/2014/04/analysis-of-malware-detecting-behavior-anti-reversing-techniques/ ^^Please read! That almost explains my situation to a tee - I've even seen Russian/Chinese sites that will occasionally pop up on google suspiciously. If you look at my Registry or a Driverquery of my windows drivers, there are red flags everywhere. As far as I know I'm on the latest update of Win10 but I'm not sure anymore. I was hoping an expert could read the above article and know immediately what's going on or, if not, help me figure it out in order to get rid of it I've reinstalled windows after nuking it 5 times. I've been careful about any kind of syncing application (I don't even have chrome installed) and have reset the sync of any services I do use. I could go on but will stop here and wait for an experts advice should I run FRST? Oh yeah, some programs think I'm on Windows 8 (including mbam) and I thinks that's due to registry infection. i would LOVE to get a clean bill of health because this has consumed way to much of my life in the past ~8 months off an on. Thanks in advance! Fingers crossed
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.