Jump to content

Consistent blocked outbound connections.


Recommended Posts

Hello,

A few days ago I noticed MBAM had started constantly blocking outbound connections from svchost.exe. IP addresses that appear to be primarily located in Russia.  I have MBAM Premium and I've run multiple scans with it and I've found no malicious software. I can't seem to get to the bottom of this myself and I was wondering if I could get some help in the matter. Before resorting to this post, I also ran AdwCleaner and it removed some registry entries. Attached are all the relevant logs. Thanks in advance. 

 

AdwCleaner[C1].txt

FRST.txt

MBAM-ProtectionLog.txt

MBAM-ScanLog.txt

Addition.txt

Link to post
Share on other sites

  • Staff

Hello Nyghtshade, welcome to Malwarebytes Forum

I can assist you with this matter, but first, please remove the pirated Adobe program(s) from the machine as we do not condone software piracy.

Pirated programs are one of the biggest sources of infection that we see, they generally include a variety of slime that can compromise the PC in a number of ways and is likely the cause of your present situation. Thank-you.

NEXT

Please do the following:

Download attached fixlist.txt file and save it to the  Desktop/Anti folder where FRST64.exe is saved

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

In the 22 hours since I originally made this post I noticed I have received no further notifications regarding blocked outbound connections, not for sure if the outbound connections simply ceased or if they were going to IP's not yet flagged as malicious.

 I saved the fixlist file into the same directory as FRST64 and ran the fix. After a restart the attached fixlog file was generated.

Was this 'downloader.exe' the source of my issues? This all started after I received a prompt to download a "preload.js" file originating from tag.imonomy.com which after some digging I discovered came from embedded ads in uTorrent.  I did not allow the file to download, and I promptly uninstalled uTorrent and found myself a more respectable bittorrent client. 

 

 

Fixlog.txt

Edited by Nyghtshade
Link to post
Share on other sites

  • Staff

It's not possible to know for certain, but likely.

If you can live without using torrents I urge you to do so. When you cannot trust the source, who knows what bad guys you are bringing aboard. Compromising your machine and your important files is not worth the risk.

I recommend doing frequent backups.

Please run the following to be sure there are no remaining infected files:

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan

  • Tick the box next to YES, I accept the Terms of Use.

  • Click Start

  • When asked, allow the activeX control to install

  • Click Start

  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan

  • Wait for the scan to finish

  • When the scan completes, press the LIST OF THREATS FOUND button

  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop

  • Include the contents of this report in your next reply.

  • Press the BACK button.

  • Press Finish

Link to post
Share on other sites

  • Staff

Hello Nyghtshade

Apparently it's nothing to do with your machine as there have been a number of reports of it crashing before completion.

Please give this a try

Download the Sophos virus removal tool and save it to your desktop

http://downloads.sophos.com/tools/withides/Sophos Virus Removal Tool.exe

  • Double click the installation icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click the "Start Scanning" button
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....

 

Link to post
Share on other sites

  • 5 months later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.