Jump to content

Recommended Posts

Greetings! If you're in the US, I hope you enjoyed your Thanksgiving. Thanks in advance for your help with this!

On 11/20 (sorry I haven't opened a report before this but the holidays are busy) I got a notice on my laptop about a  blocked website. The block notices started at 2:33 pm and stopped at 4:32 pm, so roughly 2 hours. I keep Malwarebytes updated and consider myself a savvy web and email user (I work in IT) so I'm very mindful of malware. That said, I also run CCleaner, and a few months ago I downloaded a malware infected update for that software that had been planted on their site. As soon as the malware was detected I cleaned my system (the only infected files found were part of CCleaner). However, as you know that doesn't mean that nothing malicious was installed on my system and just hasn't been detected yet. 

Anyway, having read the forums about this block notice I have already run the November MS Malicious Software Removal Tool and it reported that there are 0 infected files. 

Here is the export of the first protection event:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/20/17
Protection Event Time: 2:33 PM
Log File: ac6c09d4-ce29-11e7-b41d-00ff8c74eff2.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3304
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: 
IP Address: 255.255.255.255
Port: [68]
Type: Outbound
File: C:\Windows\System32\svchost.exe

(end)

Please let me know if you need additional troubleshooting details and if I have a genuine malware problem or if this is a false positive.

Many thanks, happy holidays, 

April

Edited by Renarde
Duplicated word in title. Nothing to see here. Move along

Share this post


Link to post
Share on other sites
8 minutes ago, Renarde said:

or if this is a false positive.

Was a false positive.

Share this post


Link to post
Share on other sites

Well thanks Porthos! That was fast! I guess I setup a firewall rule to block all outbound traffic to that IP on port 68 for nothing. Better safe than sorry!

Happy holidays,

April

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.