Jump to content

Network Attack? Threats or Not? Weird Internet Problem Recently


Recommended Posts

Hello, 

I just experienced nearly an hour of interrupted internet. The WIFI was so bad that there was basically no connection. I then turned to my phone's data hotspot and the connection was also at "connected with no internet" for most of the hour. I changed back and forth for nearly and hour trying to figure out what was wrong. I assumed it was the city internet (this city is experiencing massive construction right now and utility outages are common).

The thing that got me worried was this:

The first thing that happened as soon as the internet came back on was that Reason Core Security immediately detected something and alerted me to it (see attached screenshot).

This is highly unusual as Reason Core Security almost never notifies me of anything, in fact just yesterday I was wondering if I should delete it as bloatware which never updates (??still wondering??).

So now I'm wondering if it was some sort of network attack.  Because... why would there all of a sudden be a warning alert after an hour of internet connectivity struggles on different internet utility companies (phone, and hotel wifi). 

I did a Malwarebytes scan, and a Reason Core Security scan.

Minergate is something I installed months ago and gave up on due to poor results, have not deleted it yet because I thought I should figure out how to check it for any worthy few cents of balance it may have, perhaps I should trust my memory of it being useless and delete it (?is it a threat?) .

You'll notice that Malwarebytes has detected Reason Core Security files as a threat (Are these really the real files from Reason Core Security? Spoofed? IDK)

Here are Malwarebytes scan results:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/29/18
Scan Time: 7:28 PM
Log File: 0a4e876c-ab87-11e8-8156-000000000000.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6551
License: Free

-System Information-
OS: Windows 10 (Build 17134.228)
CPU: x64
File System: NTFS
User: DESKTOP-L7OJCP9\Tosho Hendlin

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 431132
Threats Detected: 27
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 30 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.ByteFence, C:\PROGRAM FILES\REASON\SECURITY\RSUI.EXE, No Action By User, [5993], [541952],1.0.6551

Module: 1
PUP.Optional.ByteFence, C:\PROGRAM FILES\REASON\SECURITY\RSUI.EXE, No Action By User, [5993], [541952],1.0.6551

Registry Key: 3
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Reason Core Security, No Action By User, [5993], [541952],1.0.6551
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E5BC8243-5609-4B9C-B75A-4DBCECCEBFD9}, No Action By User, [5993], [541952],1.0.6551
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{E5BC8243-5609-4B9C-B75A-4DBCECCEBFD9}, No Action By User, [5993], [541952],1.0.6551

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\.ethash-minergate, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\log, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\USERS\Redacted\APPDATA\LOCAL\MINERGATE, No Action By User, [937], [411853],1.0.6551

File: 19
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\.ethash-minergate\full-R23-38d7e4b9c575aa9a, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\.ethash-minergate\full-R23-5683748fa7f53897, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\.ethash-minergate\full-R23-a9b0e0c9aca72c07, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\log\etc.log, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\log\eth.log, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\log\minergate.log, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\log\xmr.log, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\.achievements, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\myemail@mail.com.achievements, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\myemail@mail.com.achievements.bak, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\miners.ini, No Action By User, [937], [411853],1.0.6551
RiskWare.BitCoinMiner, C:\Users\Redacted\AppData\Local\minergate\pools.config, No Action By User, [937], [411853],1.0.6551
PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS\Reason Core Security, No Action By User, [5993], [541952],1.0.6551
PUP.Optional.ByteFence, C:\PROGRAM FILES\REASON\SECURITY\RSUI.EXE, No Action By User, [5993], [541952],1.0.6551
PUP.Optional.Conduit, C:\USERS\Redacted\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [218], [454832],1.0.6551
PUP.Optional.Conduit, C:\USERS\Redacted\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [218], [454832],1.0.6551
PUP.Optional.Conduit, C:\USERS\Redacted\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [218], [454832],1.0.6551
PUP.Optional.Conduit, C:\USERS\Redacted\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [218], [454832],1.0.6551
PUP.Optional.Conduit, C:\USERS\Redacted\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [218], [454832],1.0.6551

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

2018-08-29 19_46_02-Reason Core Security Message.jpg

Edited by Coconut
Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run Malwarebytes and delete all the entries that were found.
===

Restart the computer normally to reset the registry.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Let me know what problems persists.

Wait for further instructions


 

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.