Jump to content

Malwarebytes outgoing connection blocked popup


LeDi
 Share

Recommended Posts

I got a malware infection Tuesday evening (11th) stupidly by opening something I had downloaded that I was slightly suspicious of. I managed to regain control and used both windows defender and malwarebytes to remove the vast majority of the infection. 
I am guessing that there is some residue of the malware infection as every so often malwarebytes has a popup saying an outgoing connection has been blocked since about midday yesterday. 

The IP addresses start with: 

111.90 - 7 instances this morning (4 at 11:21am and 3 at 10:41am) with a further 6 instances yesterday (3 at 2:29pm and 3 at 2:10pm)
38.134 - 13 instances yesterday night (Wednesday, all at 8:49pm)
78.140 - 8 instances yesterday afternoon (Wednesday, 4 at 2:48pm and 4 at 1:14pm)
 

Thanks in advance for your help,

Lewis.

 

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

Hello @LeDi and :welcome:

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64 
Ran by Lewis (Administrator) on 19/04/2017 at  9:23:10.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 2 

Successfully deleted: C:\users\Public\Documents\guid (Folder) 
Successfully repaired: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk (Shortcut)

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/04/2017 at  9:24:51.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v6.045 - Logfile created 19/04/2017 at 09:35:25
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-18.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Lewis - LEWISPC
# Running from : C:\Users\Lewis\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\GlobalWeather


***** [ Files ] *****

File Found:  C:\TOSTACK
File Found:  C:\WINDOWS\rsrcs.dll


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1227 Bytes] - [19/04/2017 09:35:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1300 Bytes] ##########
 

 

2017-04-19 08:42:25.791    Sophos Virus Removal Tool version 2.5.6
2017-04-19 08:42:25.791    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-04-19 08:42:25.791    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-04-19 08:42:25.791    Windows version 6.2 SP 0.0  build 9200 SM=0x100 PT=0x1 WOW64
2017-04-19 08:42:25.791    Checking for updates...
2017-04-19 08:42:25.808    Update progress: proxy server not available
2017-04-19 08:42:31.835    Option all = no
2017-04-19 08:42:31.835    Option recurse = yes
2017-04-19 08:42:31.835    Option archive = no
2017-04-19 08:42:31.835    Option service = yes
2017-04-19 08:42:31.835    Option confirm = yes
2017-04-19 08:42:31.835    Option sxl = yes
2017-04-19 08:42:31.836    Option max-data-age = 35
2017-04-19 08:42:31.836    Option vdl-logging = yes
2017-04-19 08:42:31.846    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-04-19 08:42:31.846    Machine ID:    a6d441bd9b664527836c9f8b6901d8db
2017-04-19 08:42:31.847    Component SVRTcli.exe version 2.5.6
2017-04-19 08:42:31.847    Component control.dll version 2.5.6
2017-04-19 08:42:31.847    Component SVRTservice.exe version 2.5.6
2017-04-19 08:42:31.848    Component engine\osdp.dll version 1.44.1.2281
2017-04-19 08:42:31.848    Component engine\veex.dll version 3.68.1.2281
2017-04-19 08:42:31.848    Component engine\savi.dll version 9.0.7.2281
2017-04-19 08:42:31.849    Component rkdisk.dll version 1.5.31.1
2017-04-19 08:42:31.849    Version info:    Product version    2.5.6
2017-04-19 08:42:31.849    Version info:    Detection engine    3.68.1
2017-04-19 08:42:31.849    Version info:    Detection data    5.38
2017-04-19 08:42:31.849    Version info:    Build date    04/04/2017
2017-04-19 08:42:31.849    Version info:    Data files added    219
2017-04-19 08:42:31.849    Version info:    Last successful update    (not yet updated)
2017-04-19 08:42:34.184    Downloading updates...
2017-04-19 08:42:34.185    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-04-19 08:42:34.185    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-19 08:42:34.185    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-19 08:42:34.185    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-04-19 08:42:34.185    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-04-19 08:42:34.185    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-04-19 08:42:34.185    Update progress: [I49502] sdds.data0910.xml: found supplement IDE539 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-04-19 08:42:34.185    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE539 LATEST path=
2017-04-19 08:42:34.185    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE539 LATEST path=
2017-04-19 08:42:34.185    Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product IDE539 LATEST path=]
2017-04-19 08:42:34.185    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
2017-04-19 08:42:34.185    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
2017-04-19 08:42:34.185    Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
2017-04-19 08:42:34.185    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-04-19 08:42:34.185    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-04-19 08:42:34.185    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-19 08:42:35.024    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-04-19 08:42:35.024    Update progress: [I19463] Product download size 162626989 bytes
2017-04-19 08:42:38.847    Update progress: [I19463] Syncing product IDE539 LATEST path=
2017-04-19 08:42:38.847    Update progress: [I19463] Product download size 2453408 bytes
2017-04-19 08:42:39.808    Update progress: [I19463] Syncing product IDE540 LATEST path=
2017-04-19 08:42:39.808    Update progress: [I19463] Product download size 916733 bytes
2017-04-19 08:42:40.198    Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-04-19 08:42:40.239    Installing updates...
2017-04-19 08:42:40.843    Error level 1
2017-04-19 08:42:45.919    Update successful
2017-04-19 08:42:51.638    Option all = no
2017-04-19 08:42:51.638    Option recurse = yes
2017-04-19 08:42:51.638    Option archive = no
2017-04-19 08:42:51.638    Option service = yes
2017-04-19 08:42:51.638    Option confirm = yes
2017-04-19 08:42:51.638    Option sxl = yes
2017-04-19 08:42:51.639    Option max-data-age = 35
2017-04-19 08:42:51.639    Option vdl-logging = yes
2017-04-19 08:42:51.648    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-04-19 08:42:51.648    Machine ID:    a6d441bd9b664527836c9f8b6901d8db
2017-04-19 08:42:51.649    Component SVRTcli.exe version 2.5.6
2017-04-19 08:42:51.649    Component control.dll version 2.5.6
2017-04-19 08:42:51.649    Component SVRTservice.exe version 2.5.6
2017-04-19 08:42:51.650    Component engine\osdp.dll version 1.44.1.2281
2017-04-19 08:42:51.650    Component engine\veex.dll version 3.68.1.2281
2017-04-19 08:42:51.650    Component engine\savi.dll version 9.0.7.2281
2017-04-19 08:42:51.650    Component rkdisk.dll version 1.5.31.1
2017-04-19 08:42:51.650    Version info:    Product version    2.5.6
2017-04-19 08:42:51.651    Version info:    Detection engine    3.68.1
2017-04-19 08:42:51.651    Version info:    Detection data    5.38
2017-04-19 08:42:51.651    Version info:    Build date    04/04/2017
2017-04-19 08:42:51.651    Version info:    Data files added    219
2017-04-19 08:42:51.651    Version info:    Last successful update    19/04/2017 09:42:45

2017-04-19 11:43:05.454    Could not open C:\Boot\BCD
2017-04-19 11:43:21.969    >>> Virus 'Mal/VMProtBad-A' found in file C:\Games\Crusader Kings II - Collection\steam_api.dll
2017-04-19 11:43:32.695    Could not open C:\hiberfil.sys
2017-04-19 11:43:33.852    Could not open C:\pagefile.sys
2017-04-19 11:56:11.030    Could not open C:\swapfile.sys
2017-04-19 11:56:11.102    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-19 11:56:11.103    Could not open C:\System Volume Information\{88d00124-24d8-11e7-82c8-fcaa145f5ba9}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-19 11:56:11.103    Could not open C:\System Volume Information\{b82ac9e0-1f68-11e7-82c6-fcaa145f5ba9}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-19 11:56:45.400    Could not open C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Current Session
2017-04-19 11:56:45.401    Could not open C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2017-04-19 11:58:07.208    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Lewis\AppData\Local\Temp\Search.lnk
2017-04-19 12:00:42.760    Could not open C:\Windows\System32\config\BBI
2017-04-19 12:00:42.792    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-04-19 12:00:42.793    Could not open C:\Windows\System32\config\RegBack\SAM
2017-04-19 12:00:42.794    Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-04-19 12:00:42.795    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-04-19 12:00:42.796    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-04-19 13:47:07.463    Could not open LOGICAL:0005:00000000
2017-04-19 13:47:07.467    Could not open F:\
2017-04-19 13:47:07.467    Could not open LOGICAL:0006:00000000
2017-04-19 13:47:07.467    Could not open G:\
2017-04-19 13:47:07.813    The following items will be cleaned up:
2017-04-19 13:47:07.813    Mal/VMProtBad-A
2017-04-19 13:47:07.813    Mal/HiBrowLnk-A
2017-04-19 14:15:42.663    Threat 'Mal/VMProtBad-A' has been cleaned up.
2017-04-19 14:15:42.663    File "C:\Games\Crusader Kings II - Collection\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'.
2017-04-19 14:15:42.663    File "C:\Games\Crusader Kings II - Collection\steam_api.dll" has been cleaned up.
2017-04-19 14:15:42.663    Removal successful
2017-04-19 14:15:42.793    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Lewis\AppData\Local\Temp\Search.lnk
2017-04-19 14:15:43.428    Disinfection successful
2017-04-19 14:15:43.934    Error level 0
 

FRST.txt

Addition.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.