Jump to content

Keep getting outbound connection block to website


Recommended Posts

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Okay, let's go ahead and run the browser reset again. Make sure you double-check that all resets are done properly.

 

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the reset sync button and click on the button
At the prompt click on Ok.

.
Reset Your Browser Settings
.

  1. In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
  2. Select Settings.
  3. At the bottom, click Show advanced settings…
  4. Scroll down until you see “Reset settings”, Then click on the button Reset Settings.
  5. In the dialog that appears, click Reset.

.
Close Chrome and restart it and check it out for me please

Link to post
Share on other sites

Hi Ron,

Today, prior to recommended browser cleanup, had dozens of popups before I even opened Firefox.  Dozens.  Anyway, then followed instructions, I did everything to Firefox and Chrome as stated as carefully as I could.  Also ran inetcpl.cpl to clean up Edge.  Then I ran a ProcMon a few times so I have logs/screenshots attached.  I would trigger the MBAM block by going to the CPANEL option on my host provider, used some filters too.  Caught activity in ProcMon while triggering the event of executing CPANEL on web host.

Then I wanted to do a few DNS checks so I went to Control Panel, Network Connections, Change Adapter Settings in order to view that IPV4 is set to determine DNS automatically.  I clicked on Driver properties and then Event Viewer went a little crazy.  Started to add console snap ons.  Had no idea what was happening.  So I took screenshots if helpful.  

Of course, now when I go to CPANEL, I don't get an error.  I hope that the Event Viewer installation of the driver on my adapter card as shown in screenshot, didn't cause more damage.

Also ran TDSKiller and HijackThis but no threats detected.

Could this be a certificate issue as stored in my browsers?  Maybe I need to install a new certificate on my site.  I requested one earlier so I will see if that solves anything.

 

 

 

 

 

 

procmonico.png

procmonfilter.png

eventviewerscreenshot.png

Logfile.CSV

Link to post
Share on other sites

Hi Ron,

Not sure if the two files are what you want. 

The .txt file is a renamed xml file since I can't upload vml here and I couldn't zip it either.

I don't know why I have no Protection Logs that are newer than 2017-02-08.  

Then I looked for anything that had today's date and that's the LOG file.  I had 20 website block pop-up alerts today without opening FIrefox and all of them preventing access to thewall.asoshared.com, where one of my domains lives.

Then to gild the lily, I tried to access CPANEL and got a website block to bart.asoshared.com, another site where one of my other domains live.

Thanks for your help.

By the way, do you think that so far - the alerts have been false positives?

 

 

 

MBAMSERVICE.LOG

protection-log-2017-02-08.txt

Link to post
Share on other sites

The sites that get blocked belong to the web host company A Small Orange which I mentioned in my first post. Their sub-domains are *.asoshared.com

The four webservers that I get popup blocks on are: thewall,asoshared.com, starlord.asoshared.com, pam.asoshared.com, and bart.asoshared.com.

I have one domain on each of those 4 servers. 

Can you please confirm that you removed the blocks on each of those four sites?  I already started migrating my own domains from A Small Orange to another Web Host Provider but until I can afford to do them all, I can't work with the constant blocks as it's very frustrating.

What concerns me is as I said previously is that I would get Popup Blocks even when I had no browser open.

Thank you again for all your help. 

 

 

Link to post
Share on other sites

  • Root Admin

You may have a service or application that runs in the background that connects to one of those sites ?

Please check for updates in Malwarebytes, then restart the computer and let me know if the blocks still happen or not and if so post back the most recent Malwarebytes protection log.

Thank you

 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.