gryphon48 Posted April 10, 2017 ID:1116309 Share Posted April 10, 2017 I have the same issue.. Ip address: 136.243.131.62. port: 27537...changes often. type: outbound and the process: C:\Windows\Systemapps|Microsof...kyb3d8bbwe\MicrosoftEdgeCP.exe. I just restored my hdd from an external backup. worked ok for awhile and is now populating again when I open edge or email. Scans from MBM and zone alarm turn up nothing however, I have a current scan with MBAM that is over 3:45 mins now and stuck in current file scan for some reason. It did direct me to a porn site temporarily while I clicked on a different link on a web search. That made me wonder if the block was legit or is my computer already infected. I don't surf porn so I know something is not right... sync-eu.exe.bid. Thanks gryphon48 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 11, 2017 Root Admin ID:1116454 Share Posted April 11, 2017 Hello @gryphon48 and Can you please post back the protection logs from Malwarebytes so I can take a look. Also please follow the directions here and post back the FRST logs as an attachment. Available Assistance for Possibly Infected Computers Thanks Ron Link to post Share on other sites More sharing options...
gryphon48 Posted April 11, 2017 Author ID:1116516 Share Posted April 11, 2017 Hi Ron, A couple of updates since my first post... I updated MBAM to v 3.0 and ran the scans and it quarantined iobit and advanced systemcare ultimate 10. It dismantled the program so I just uninstalled them after quarantine. Haven't seen the sync_eu popup in awhile but want to make sure it is still not hidden in the computer somewhere. Thanks, PS.. I tried to keep ASC before and MBAM disabled ASC before and asked MBAM support to remove ASC from detection and they said they couldn't so I just chose to ignore detections on the scan. I liked ASC but if they are the cause of this sync-eu virus then I don't need it Addition.txt FRST.txt Link to post Share on other sites More sharing options...
gryphon48 Posted April 11, 2017 Author ID:1116518 Share Posted April 11, 2017 Sorry, forgot these... 1st log.txt 2nd log.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 12, 2017 Root Admin ID:1116766 Share Posted April 12, 2017 No, they are not the cause of this particular detection. Normally we don't block them but recently they've had items that fall under out PUP (possibly unwanted programs) detection. If or when they fix that then we'll again remove the detection. This detection if from a domain we block due to multiple threats. Let's go ahead and run some other scans to make sure you don't have anything pointing to one of those sites anymore Please restart the computer first and then run the following steps and post back the logs when ready.STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Link to post Share on other sites More sharing options...
Recommended Posts