Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Intrustion Attempts every few hours


Recommended Posts

There is a virus on my computer that is attempting to attack every few hours. I run Norton as my real time protection right now (since it's free with my service provider) and it is currently blocking them for me. I use the free version of Malwarebytes to do my scans usually since I have found the scanner catches more things. I've booted in safe mode and run the scanner that way and currently nothing is showing up. I've run Farbar Recovery Tool Scanner and will attach the Addition and FRST text files to this post. 

Addition.txt

FRST.txt

Edited by ririchu
Link to post
Share on other sites

I'm not seeing a way to edit my post anymore (sorry if I missed it!) but I wanted to note a few more things!

I HAVE done the scan both in and out of safe mode. First scan removed a decent amount of things, but I later found the intrusion attempts were still continuing, so I ran it again, where nothing was found. Ran it a third time in safe mode just to see if that made a difference and still found nothing. 

I'm also attaching an example of the information norton is giving me about an attack (they are all coming from the same IP address and URL)

 

norton.jpg

Link to post
Share on other sites

Hello ririchu and welcome to Malwarebytes,

Continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.

Or from this Mirror
 
  • Double click on Adwcleaner.exe to run the tool
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

user posted imageEmsisoft Emergency Kit
  • Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear:
    user posted image
     
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
    user posted image
     
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    user posted image
     
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    user posted image
     
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    user posted image
     
  • Please Copy and Paste the contents of the scan log in your next reply.

Let me see those logs in next reply, also tell me if there are any remaining issues or concerns..

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Here are all of the files you requested!

My only other concern right now is that every time I reboot my computer I am getting a prompt requesting User Account Control from c:\Windows\System32\mrt.exe which wasnt happening previously that I recall. I haven't approved it any of the times I restarted my computer since I am worried it may be a virus or something. Thanks!

AdwCleaner[C0].txt

malwarebytes summary.txt

Scan_170514-180101.txt

Fixlog.txt

Link to post
Share on other sites

MRT.exe is the Microsoft Malicious Software Removal Tool.  It usually comes in with latest updates on first Tuesday of the month and runs. The navigational address you quote is correct, if you still have concerns upload to VirusTotal...

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Windows\System32\mrt.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

 

Link to post
Share on other sites

Ok, lets check it out with FRST...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.


Thank you,

Kevin...

 

fixlist.txt

Edited by kevinf80
Link to post
Share on other sites

The file is legitimate, nothing to worry about. Next time you are prompted ok UAC and let it run.... Other than that, if no remaining issues or concerns continue as follows..

Navigate to and delete the following:

C:\ProgramData\Emsisoft
C:\Users\Andrew\Desktop\start emergency kit scanner - Shortcut.lnk
C:\EEK
C:\Users\{your user name}\Desktop\EmsisoftEmergencyKit.exe

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.