Jump to content

Malicious Website Continously Tried


Recommended Posts

I came home today to find that my computer was popping up a box from Malwarebytes that a malicious website was being blocked...and it popped up over and over.

The website trying to be accessed is allonsy.hopto.org, with the IP of 41.66.28.72. Everytime the box pops up I see it is trying to access a different outbound port. The other kinda odd thing about it is the process says C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe.

I ran malwarebytes on my computer but it didn't find anything. If I disconnect from the internet, the popups stop.

My computer info;

OS Name    Microsoft Windows 8 Enterprise
Version    6.2.9200 Build 9200
Other OS Description     Not Available
OS Manufacturer    Microsoft Corporation
System Name    MARK
System Manufacturer    MICRO-STAR INTERNATIONAL CO.,LTD
System Model    MS-7596
System Type    x64-based PC
System SKU    To Be Filled By O.E.M.
Processor    AMD FX(tm)-8350 Eight-Core Processor, 4000 Mhz, 4 Core(s), 8 Logical Processor(s)
BIOS Version/Date    American Megatrends Inc. V3.6, 10/26/2012
SMBIOS Version    2.5
Embedded Controller Version    255.255
BIOS Mode    Legacy
BaseBoard Manufacturer    MICRO-STAR INTERNATIONAL CO.,LTD
BaseBoard Model    Not Available
BaseBoard Name    Base Board
Platform Role    Desktop
Secure Boot State    Unsupported
PCR7 Configuration    Binding Not Possible
Windows Directory    C:\Windows
System Directory    C:\Windows\system32
Boot Device    \Device\HarddiskVolume1
Locale    United States
Hardware Abstraction Layer    Version = "6.2.9200.16442"
User Name    Mark\ME
Time Zone    US Mountain Standard Time
Installed Physical Memory (RAM)    12.0 GB
Total Physical Memory    12.0 GB
Available Physical Memory    8.35 GB
Total Virtual Memory    17.5 GB
Available Virtual Memory    13.9 GB
Page File Space    5.50 GB
Page File    C:\pagefile.sys
A hypervisor has been detected. Features required for Hyper-V will not be displayed.    

Any advice is greatly appreciated.

 

 

 

 

Link to post
Share on other sites

Hello Sandpaper600 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image (may have changed to three (3) vertical dots.)
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your next reply...

Thank you,

Kevin...
Link to post
Share on other sites

Hi Kevin,

Thanks for taking the time to wade into this problem for me.

Malwarebytes didn't find anything. Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/17/2016
Scan Time: 2:54 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.09.07
Rootkit Database: v2016.10.31.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 8
CPU: x64
File System: NTFS
User: ME

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 1
Time Elapsed: 0 min, 21 sec

Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Odd that it says the scan was only one object and took :28 seconds. That was the last scan I did and it took about 90 minutes. Should I delete my old scan files and scan again?

The 2 logs from Farbar are also attached.

Mark

FRST.txt

Addition.txt

Link to post
Share on other sites

The settings for Malwarebytes have not been set as I asked, please read the instructions again and re-run Malwarebytes, post that log. Run FRST again as follows...

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Thank you,

Kevin...

 

Link to post
Share on other sites

Hi Kevin,

I want you to know that I'm not trying to be argumentative in the least and I do respect your skills in helping me with this problem.

That being said, I did have the Malwarebytes configured as you said. I normally have it configured in that way, except I usually have PUP & PUM set to "Warn user..." just because I want to see what was found.

I took screen shots of the setup and of the result screens this time.

I did not get a result log output from MBAM this time. It only shows the Protection Log. I even went to the file where MBAM saves the logs to check. It's not there.

I'm attaching all screen shots as well as the 2nd logs from FRST.

This may also be info of some help, or it may be nothing, but I had trouble running MBAM the first time today. It wouldn't start even the console. I restarted the computer and then I got the scan going. After 21 minutes the application locked up. I restarted the computer again and started the scan over and it went to completion, but as I said, did not post a log.

Mark

FRST.txt

Addition.txt

FRST Settings.jpg

MBAM Settings.jpg

MBAM Scan.jpg

MBAM Scan Results.jpg

MBAM History.jpg

Link to post
Share on other sites

Here are your settings from the log you posted supposedly from my instructions...

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 1
Time Elapsed: 0 min, 21 sec

Memory: Disabled
Startup: Disabled

Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

To me that showed as one object being scanned, not a full scan. Also some of the settings are disabled..... I can only read the logs that you post....

 

Link to post
Share on other sites

Yeah, I get that. I know that the log didn't reflect the scan. That log WAS for one item scan, but it was the newest one in the history cue. I think we can see that by the PUP/PUM setting. I suggest to you that a log wasn't generated from the first scan I did either. I don't think ANY scan logs have been saved since I've began having this trouble, other than that single item scan.

It's obviously saving the protection logs, but nothing else.

Link to post
Share on other sites

If scans I request are not successful just tell me, I`m here to help, nothing more than that...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply

Next,

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


Download & install the newset MBAM version.

Please download user posted imageMalwarebytes Anti-Malware
 
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.



Save the file to your desktop and include its content in your next reply.

If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Next,

Select the Windows key and X key together, from the menu select "Command prompt (Admin)"

Copy the following command at the prompt:

Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab

put cursor at the command prompt then Right click and select paste, hit enter. Two files will be saved to your Desktop.

Attach the "report.txt" file to your reply. - you can ignore the repfiles.cab file, it's only backup data
 
Let me see those logs in your reply..
 
Thank you,
 
Kevin

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Yeah, I kinda figured that's where you were going when you asked for the report. Actually the copy of Windows IS genuine, it's just that they couldn't supply me with the key, so I had to get my own.

I had legit copies of 98 & XP, but when I became disabled, I couldn't afford to do it legit.

Thanks for the help you DID give.

Take care...

Mark

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.