Jump to content

Recommended Posts

Hi, Malwarebytes keeps popping up every 10-15 seconds saying it has blocked a website from IP address 76.164.206.210 and every time the message pops up it has a different port listed. All are outbound and Im not using anything except this page and steam. I feel like this is something bad but im not great at computers can someone help?

Addition.txt

FRST.txt

Edited by ZyNfrix
Link to post
Share on other sites

Hello ZyNfrix and welcome to Malwarebytes,

I do not see any obvious Malware or Infection in the FRST log... Can you post the last 3 block logs from Malwarebytes..

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Website Block" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, repeat as required. Attach logs to your reply...

Thank you,

Kevin...

 

 

Link to post
Share on other sites

Run the following and post the logs...

Download and save RogueKiller to your Desktop from this link:

https://www.fosshub.com/RogueKiller.html/setup.exe

Right click setup.exe and select Run as Administrator to start installing RogueKiller.

At the next window Checkmark "Install 32 and 64 bit versions, then select "Next"

user posted image

In the next window skip Licence I.D. and Licence Key, select "Next"

user posted image

In the next window make no changes and select "Next"

user posted image

In the next window leave both "Additional Shortcuts" checkmarked, then select "Next"

user posted image

In the next window make no changes and select "Install"

user posted image

RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish.

user posted image

RogueKiller will launch. Accept UAC, then read and accept "User Agreements"

user posted image

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes select "Open Report"

user posted image

In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply

user posted image

Let me see that log in your reply...

Next,

user posted imageScan with HitmanPro

In any case don't remove on your own anything that Hitman Pro detects! This scanner is really good for checking, it has however been known for deleting files instead of curing them, in some cases this may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!

Please download HitmanPro by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on user posted image icon and select user posted imageRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button. You must agree with the terms of EULA (if asked).
  • Check the box beside No, I only want to perform a one-time scan to check this computer.
  • Click on the Next button.
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore.
  • If there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro!Navigate to C:\ProgramData\HitmanPro\Logs, open the report and include it it your next reply.
  • Click on the Next button.
  • Click on the Save Log button.
  • Save that file to your desktop.


Please include that logfile in your next reply.

Don't forget to re-enable your security!

Thank you,

Kevin...
Link to post
Share on other sites

The entries found in RogueKiller are legitimate and can be ignored, same for HitmanPro...  I note you mention using Steam, can you clear the the following folder from Steam....

Navigate here: C:\Users\{your username}\AppData\Local\Steam\htmlcache Delete all entries in that folder.... You will need to "Show Hidden Files and Folders" to identify that address: https://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Dose that make any difference..?

 

Edited by kevinf80
typo
Link to post
Share on other sites

I deleted everything in the folder. The IP address that had tried accessing my ports for 2 days straight didnt happen yesterday (Prior to deleting the cache in steam) I did however get a different website it was Domain: www.tradeadexchange.com IP Address: 104.197.47.161. Ive attached the report.

I just dont understand what these websites are doing. I mean i was getting the original pop up notification when i wasnt doing anything other than playing a game and whatever or whoever it was tried accessing ports for a solid 30-45 min for 2 days in a row. This new one i at least had chrome open and was watching netflix and it only tried twice in a span of a min. However both are outgoing. Is this some sort of virus or hacker or something? I haven't had this computer for a full month yet and have literally only used it to watch hulu, netflix and play games on steam. 

Blocked 4.txt

Edited by ZyNfrix
Link to post
Share on other sites

The last block appears to be attributed to Chrome, go fo a clean install:

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Remove all synced data from Chrome go here: https://support.google.com/chrome/answer/6386691?hl=en-GB follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome :

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en

Does that help..?
 
Thank you,
Kevin..
Link to post
Share on other sites

  • 2 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.Thank you and sorry we missed your topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.