wambaozhixing Posted October 1, 2018 ID:1272804 Share Posted October 1, 2018 I installed Malwarebytes due to some suspicion that I was infected and ran it. Clearly there was something going on and Malwarebytes did some cleaning. After it was done, I keep getting this popup every 15 seconds, saying: Website blocked due to Trojan The IP it's trying to connect to is: 66.42.80.240 The port keeps changing on every popup. Type is: Outbound Connection. Category: Trojan I even added an Outbound and Inbound firewall rule in Windows Defender Firewall blocking this IP address, but the popups wont stop. Is this something serious? I've seen many topics on this forum, but none of them have a solution. Help would be appreciated. Link to post Share on other sites More sharing options...
nasdaq Posted October 3, 2018 ID:1273118 Share Posted October 3, 2018 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === These attacks are stopped by Malwarebytes and you are notified accordingly. Check the Notifications settings. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === If the problem persists: Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click Attach this file.Click the Add reply button. === Please post the logs for my review. Wait for further instructions Link to post Share on other sites More sharing options...
CBrauer Posted October 26, 2018 ID:1277779 Share Posted October 26, 2018 I'm am getting "Website blocked due to trojan" Attached is my Foobar output. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
nasdaq Posted October 27, 2018 ID:1277893 Share Posted October 27, 2018 Hi, Your logs are clean. If this has failed to solve the issues your Chrome may have been compromised. Quoted from my previous post. These attacks are stopped by Malwarebytes and you are notified accordingly. Check the Notifications settings. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === If your copy of Chrome has been compromised execute this. Remove Chrome from your Computer and reinstall a fresh copy later. If you remove the syncing of your account you must remove it before you save your bookmarks etc... Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ Before you remove Chrome Export your Bookmarks Chrome will export your bookmarks as a HTML file, which you can then import into another browser. How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks Before you remove Chrome Export your Passwords How to export your saved passwords from Chromehttps://betanews.com/2018/03/09/export-chrome-passwords/ Clear your Chrome cache and cookieshttps://support.google.com/chromebook/answer/183083?hl=en Remove Chrome using the the instructions on this page.https://support.google.com/chrome/answer/95319?hl=en Re-install Chrome and the Bookmarks. <<<>>> Keep me posted. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 7, 2018 Root Admin ID:1285441 Share Posted December 7, 2018 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts