Outbound connection blocked: sunlongo.info

[Nanoid]

I have got the same issue, i get the block for sunlongo.info every day at the exact same time. can you guide me through removing it aswell?

Fixlog.txt

FRST.txt

Addition.txt

[AdvancedSetup]

Hello @Nanoid and

Let's try resetting your browsers first.

 

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the “reset sync” button and click on the button
At the prompt click on “Ok”.

.
Reset Your Browser Settings
.

1. In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
2. Select “Settings”.
3. At the bottom, click “Show advanced settings…”
4. Scroll down until you see “Reset settings”, Then click on the button “Reset Settings”.
5. In the dialog that appears, click “Reset”.

.
Close Chrome and restart it and check it out for me please

[Nanoid]

Alright i've reset my browsers but i will have to wait untill 18:48 this evening because it seems like it always occurs at that exact time (windows powershell opens up). it's very annoying to me since i play games and it will tab out any full screen program running at that time

[AdvancedSetup]

Ah,,, didn't realize it was a PowerShell issue @Nanoid

Please start an elevated Admin level Command Prompt and type the following exactly and press the Enter key after each line.

 

SCHTASKS /Query /FO LIST /V >"%USERPROFILE%\Desktop\MyScheduledTasks.txt"

reg export "HKEY_CURRENT_USER\Console" "%USERPROFILE%\Desktop\MyConsoleSettings.txt" /y

Then locate on your desktop the file MyScheduledTasks.txt and MyConsoleSettings.txt  then attach them back on your next reply and I'll take a look and see what's going on.

Thanks again

Ron

 

[Nanoid]

Alright, thank you for the quick response, The issue does persist after resetting my browsers.

I was able to get the files you asked for tho. The files are attached to this message. I was a bit interested and had a look at "MyScheduledTasks.txt" and found that task name "\{0E7A0547-090A-080D-7E11-057A040C117F}" is the task that runs every day at 18:48 and is powershell. Maybe this helps you finding out what the exact issue is faster.

Kind regards

Nanoid

MyConsoleSettings.txt

MyScheduledTasks.txt

Edited June 15, 2017 by Nanoid

[AdvancedSetup]

Thanks @Nanoid

Yes, that is the cause. Let me submit this to our Research Team and I'll get back with you sometime tomorrow with a fix.

Cheers

Ron

 

[Nanoid]

Alright.

And again thanks for your very fast response!

Your help is very much appreciated

 

[AdvancedSetup]

Quite welcome. If I've not replied by about 12 hours from now send me a private message reminder.

Ron

 

[Nanoid]

Will do!

[AdvancedSetup]

The Research Team has put in an update for this. Please run Malwarebytes again and check for updates. Then run a new Threat Scan and post back that log please.

Thanks

 

[Nanoid]

I have updated malwarebytes and attached the log to this meesage. there were no recognised threats

MalwarebytesScan.txt

[AdvancedSetup]

Sorry about that. Was told it's not ready. I'm working on a fix for you right now. Back in a few

 

[Nanoid]

My appologies after checking the file i noticed it was in dutch. In this message you will find the file in english

Edit: And thats fine. as long as were able to find a fix.  

MalwarebytesScanEnglish.txt

Edited June 15, 2017 by Nanoid

[AdvancedSetup]

I can fix it. Do you know how to use Zip files?

 

[Nanoid]

If you mean if i know how to zip and unzip files then yes. I do

[AdvancedSetup]

Please save this attached zip file to your computer. Extract the registry file inside to a folder or desktop where you can find it.

hkcu_console_fix.zip

Inside the zip is the file:  hkcu_console_fix.reg

Find that file and double-click on it to fix the registry entry that is part of the issue of causing the PowerShell command problem.

Next, run this FRST fix for the other items. Then reboot and let me know how things look. The PowerShell should no longer auto launch.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Ron

 

[Nanoid]

Alright will try this! sadly i will have to try the FRST tomorow since i'll be heading to bed soon. Got a bit exam tomorow so i'll need my rest! the powershell doesn't launch untill 18:48 anyways so i guess it'll be ok if i wait just a bit longer.

 

[Nanoid]

Whenever i run the tool it makes a fixlog but once i have rebooted my pc the file is gone any idea how this could be happening?

EDIT: never mind, My anti virus seems to remove the file when i reboot, i was able to recover it tho

FIXLOG.TXT

Edited June 16, 2017 by Nanoid

[Nanoid]

Alright so your solution seems to have fixed the problem! Thanks a lot for helping me out and i will not hesitate to contact you again when the issue returns!

 

Kind regards

Nanoid

[AdvancedSetup]

Haha, well the issue should not return.

Take care and stay safe out there

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
Download Delfix from here and save it to your desktop. (you may already have this)

• Ensure Remove disinfection tools is checked.
• Click the Run button.
• Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

• How Malware Spreads - How did I get infected
• Best Practices for Safe Computing - Prevention of Malware Infection
• Avoiding those unwanted free applications
• A close look at how Oracle installs deceptive software with Java updates
• IAC / Ask.com toolbars
• Malwarebytes Unpacked Blog

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

[AdvancedSetup]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!