Malicious Website Blocked - IP: 146.185.220.85

[tossit]

Hi Adam,

 

I have run FRST64.exe and listparts64.exe and the files are attached.

 

The modem & router seem to be working and other devices will connect wirelessly.

 

Have a look the files and advise.  I appreciate the assistance.

[LiquidTension]

Thanks Eric. 

 

To confirm, the only issues you are currently experiencing are outbound IP blocks by MBAM. Is this correct? 

[tossit]

Correct.  Outbound IP blocks by MBAM.

 

 

I have not noted anything else out of the ordinary with one exception.  In Internet Explorer 11  I did not that I can no longer sort my favourites list by drag and drop.  In addition most of the company icons on bookmark favourites have changed to the standard IE icon.

 

Eric

[LiquidTension]

OK. It's getting late here, so I shall return with instructions for you tomorrow. 

 

Thank you for your continued patience thus far. Sometimes the malware is well hidden, requiring numerous rounds of troubleshooting. But rest assured, we will get down to the bottom of this. 

[LiquidTension]

Hello Eric, 
 
Do you know what happened to your log files in previous posts?
 
Please do the following.

• Re-run FRST, ensuring you place a checkmark next to Addition.txt. Attach FRST.txt and Addition.txt
• Attach the last three MBAM Protection logs in your next reply.

• Locate the following file: C:\Windows\Minidump\092414-6796-01.dmp 
• Right-click + Send to > Compressed (zipped) folder.
• Locate the following three files, and drag into the ZIP file.
  • C:\Windows\Minidump\092414-6750-01.dmp
  • C:\Windows\Minidump\092414-7000-01.dmp
  • C:\Windows\Minidump\092414-6890-01.dmp
• ​Attach the ZIP file in your next reply. 
• Run the programme below. 
   

MiniToolBox

• Please download MiniToolBox and save the file to your Desktop.
• Close any open windows.
• Right-Click MiniToolBox.exe and select   Run as administrator to run the programme.
• Check the following items:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
• Click .
• A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.

[tossit]

Hi Adam,

 

See attached files.

 

Note:  I will have limited access to the troublesome computer for the next couple of days. Please do not close down this thread because of no activity.  I am very much interested in continuing to work with you to solve this challenge.

 

Eric

[LiquidTension]

Hello, 

 

Have you added a new Network card, or updated Network drivers recently?

 

Please do the following. 

 

STEP 1
CHKDSK (Alternative Method)

• Press the Windows Key  + s on your keyboard at the same time. Type CMD. Right-Click CMD.exe and select Run as administrator.
• In the command window type the following and press Enter on your keyboard.
  

  chkdsk c: /r

• If you are prompted to schedule CHKDSK to run the next time the computer restarts, type y and press Enter on your keyboard.
• Type Exit and press Enter on your keyboard.
• Restart your computer. CHKDSK will automatically run.
• Note: This process can take up to an hour.
• Press the Windows Key + r on your keyboard at the same time. Type eventvwr.msc and click OK.
• Click Windows Logs.
• Right-click Application and click Find.
  • If CHKDSK ran within Windows (you didn't have to restart the computer), type Chkdsk into the text field and click Find Next. The log should appear. Highlight the text, copy and paste in your next reply.
  • If CHKDSK ran after a restart, type Winlogon (XP) / Wininit (Vista/7) / Chkdsk (8) into the text field and click Find Next. The log should appear. Highlight the text, copy and paste in your next reply.
• ​For instructions accompanied by screenshots, please refer to the following article. 
   

STEP 2
 Uninstall McAfee Anti-Virus

• Download the McAfee Removal Tool, but do not run the programme. 
• Disconnect from the Internet. 
• Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for any McAfee programmes, right-click and click Uninstall.
• Follow the prompts, and reboot. 
• Run the McAfee Removal Tool. 
• Press the Windows Key  + s on your keyboard at the same time. Type Windows Defender and click the programme.
• Enable Windows Defender. 
• Reconnect to the Internet. 

[tossit]

Hi Adam,

 

No new network card installed.  I have not updated any network drivers that I know of.

 

I will run CHKDSK and Install Windows Defender (after uninstalling McAfee) shortly.

[LiquidTension]

Sounds good. Let me know how you get on. 

 

FYI, Windows Defender does not require installation. You need only enable the programme.

[tossit]

Hi Adam,

 

Update: I have not seen the Outbound IP blocks by MBAM in the last two days.

 

Mcafee and Malwarebytes still do not detect anything abnormal.  Protection logs appear clean.

 

Because I have not seen the Outbound IP blocks by MBAM I have not run CHKDSK and I have not enabled Windows Defender.  I was hesitant to run CHKDSK after reading the Windows Seven Forum article because it specifically warns against running CHKDSK when you have a SSD.

 

I will monitor for a couple more days and update you at that time.

[LiquidTension]

Hi Eric,

Thanks for the update.

Let me know how you get on in the next couple of days. If all appears well, we can run a couple of scans to confirm there are no malware remnants, and finish up.

Adam.

[LiquidTension]

Hello Eric,

How are you getting on? Do you still require assistance?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!