Jump to content

Windows Script Host error and blocked outbound connections


Recommended Posts

I was previous infected with a Trojan, which I was able to remove using Malwarebytes. However, after that I kept getting "Website blocked" popups from Malwarebytes that all show the same IP (173.33.7.199). Also, each time I restart my laptop, I get a Windows Script Host error. I was wondering how I might go about fixing these issues? Malwarebytes threat scan no longer shows any problems. I ran a scan with FRST64 (attached logs)

 

FRST.txt

Addition.txt

Untitled.png

Untitled - Copy.png

Link to post
Share on other sites

  • Staff

Thank you.

Let's continue with removal.

 

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

  • Staff

Please uninstall the following software:

DragonBoost (HKU\S-1-5-21-696593026-2107197769-1213877881-1000\...\119) (Version:  - ) <==== ATTENTION
ICBCChromeExtension (HKLM-x32\...\{ECDCDC1B-3B15-4664-AC51-56438284DD40}) (Version: 1.0.9.0 - ICBC) <==== ATTENTION
ICBCNewChromeExtension (HKLM-x32\...\{04C0D9B6-9B21-45AC-8EB1-A6F547A9DFCF}) (Version: 1.0.3.0 - ICBC) <==== ATTENTION
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION
英雄联盟 (HKLM-x32\...\英雄联盟) (Version:  - Tencent)
 

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

DragonBoost  << I can't find this anywhere on my laptop, so I have no idea how to uninstall this. 

And I know these are safe software.. should I still uninstall them? I would have to reinstall them in the future even if I do uninstall them now. 
ICBCChromeExtension (HKLM-x32\...\{ECDCDC1B-3B15-4664-AC51-56438284DD40}) (Version: 1.0.9.0 - ICBC) <==== ATTENTION
ICBCNewChromeExtension (HKLM-x32\...\{04C0D9B6-9B21-45AC-8EB1-A6F547A9DFCF}) (Version: 1.0.3.0 - ICBC) <==== ATTENTION
英雄联盟 (HKLM-x32\...\英雄联盟) (Version:  - Tencent)

I've removed the other one.

Edited by sfxes
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.