Jump to content

websites easyplayerfix and rmgserving.com causing outbound traffic problem


Recommended Posts

Hi, I couldn't find information related to this topic, so I am posting.  My chrome browser was acting somewhat suspiciously, so I checked malwarebytes exceptions, and found easyplayerfixap.be .  Since I had no idea what that was, I deleted the exception.  On browsing with the attempt to understand whether I should be concerned, I landed on easyplayerfix.be, which caused malwarebytes to start blocking outgoing messages to rmgserving.com every 2 seconds.  Even when I closed the browser something was still attempting to send.  Upon a reboot, the messages stopped.  I've checked the logs before, this was the first time they included repeated outgoing blocks (relevant part of log below).  Otherwise, I have not had any trouble.  

 

Protection, 9/20/2015 9:40 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Starting,

Protection, 9/20/2015 9:40 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Started,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, b.rmgserving.com, 53786, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, b.rmgserving.com, 53786, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, b.rmgserving.com, 53787, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, b.rmgserving.com, 53788, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, b.rmgserving.com, 53787, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, b.rmgserving.com, 53789, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, b.rmgserving.com, 53790, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, b.rmgserving.com, 53791, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, b.rmgserving.com, 53792, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, d.rmgserving.com, 53796, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, b.rmgserving.com, 53793, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, b.rmgserving.com, 53794, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.43, c.rmgserving.com, 53799, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, b.rmgserving.com, 53795, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, d.rmgserving.com, 53800, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, d.rmgserving.com, 53796, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, d.rmgserving.com, 53798, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, c.rmgserving.com, 53803, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.43, c.rmgserving.com, 53799, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.43, d.rmgserving.com, 53805, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.43, c.rmgserving.com, 53802, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, c.rmgserving.com, 53807, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, d.rmgserving.com, 53800, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, d.rmgserving.com, 53801, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, c.rmgserving.com, 53803, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.56, c.rmgserving.com, 53804, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.43, d.rmgserving.com, 53805, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.43, d.rmgserving.com, 53806, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, c.rmgserving.com, 53807, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Detection, 9/20/2015 9:58 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Domain, 23.14.84.49, c.rmgserving.com, 53808, Outbound, C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe,

Protection, 9/20/2015 10:01 AM, SYSTEM, DAVID-PC, Protection, Malware Protection, Starting,

Protection, 9/20/2015 10:01 AM, SYSTEM, DAVID-PC, Protection, Malware Protection, Started,

Protection, 9/20/2015 10:01 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Starting,

Protection, 9/20/2015 10:01 AM, SYSTEM, DAVID-PC, Protection, Malicious Website Protection, Started,

 

(end)

Link to post
Share on other sites

Hello and :welcome: :
 

It sounds as if you could be infected and/or dealing with a bad chrome extension.

Information about IP blocks here: What does it mean when I get an alert that Malwarebytes Anti-Malware has blocked a malicious site?

 

We are not permitted to work on possible malware-related issues here in this section of the forum.
Such work is conducted in a special forum area reserved for that purpose, or at the help desk.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

Thanks,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.