Website blocked Inbound Connection Trojan

[ronaldmyth]

Hi,

 

I kept getting constant "website blocked due to Trojan" that is Inbound to my computer with various IP such as:

87.106.29.219 Port :445 

58.218.66.245 Port :139 

58.218.66.245 Port :445

I'm using Malwarebytes Premium 3.6.

 

please help me!

[ronaldmyth]

somehow i notice that i only get this pop-up message when i'm only watching youtube?

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

These attacks are stopped by Malwarebytes and you are possibly notified in your System Tray.
If that is the case follow these instructions.

Check the Notifications settings.
Change the setting Show Malwarebytes Notifications to Off
https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png

CHECK THIS TOPIC oCT 07
https://forums.malwarebytes.com/topic/237574-malwarebytes-keeps-popping-up-blocking-an-outbound-connection/

Malwarebytes, select > Reports > then checkmark (tick) most recent "Website Block" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

[ronaldmyth]

here it is

 

Addition.txt

FRST.txt

report1.txt

report2.txt

report3.txt

[ronaldmyth]

Scanning with the older version of adwcleaner (v5.014) somehow able to detect some files

C:\ProgramData\mntemp

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\Avg Secure Update
Key Found : [x64] HKCU\Software\Avg Secure Update

Odd that the new version (v7.240) didn't detect this...

Everything seems fine now that this files deleted.

[nasdaq]

Hi,

Remove this program in bold via the Control Panel > Programs > Programs and Features.
CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION

The program is not signed and could be compromised
If you want to run it get the latest version from this site.
https://www.cpuid.com/
===Reset Chrome...
Open Google Chrome, click on menu icon or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"
 
Restart Chrome.
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists check this out.

These attacks are stopped by Malwarebytes and you are possibly notified in your System Tray.
If that is the case follow these instructions.

Check the Notifications settings.
Change the setting Show Malwarebytes Notifications to Off
https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png

How is the computer running now?

 

p.s.

The items found by the old version of AdwCleaner should be ignored.

Trust the new version.

 

[ronaldmyth]

The CPU-Z is uninstalled (i never use it since 1 year ago) and reset the chrome (now suddenly my youtube is using the old design).

But i think i'm on the clear for now.

 

[ronaldmyth]

Is it possible that the one infected is my wi-fi or modem? Since i notice a strange can't connect while browsing with my phone like what happened on my pc, then the it got blocked by Malwarebytes.

[nasdaq]

Hi,

If your modem/router was corrupted you would have also a problem with our PC.

I would remove Chrome from my phone and reinstall it.

These instructions are for a computer.
I do not sync my Phone, the last time I had problems with chrome in my phone I deleted the application and just reinstall it.
Your call.

Remove Chrome from your Computer and reinstall a fresh copy later.

If you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Re-install Chrome and the Bookmarks.
<<<>>>

[ronaldmyth]

I haven't got any block notification anymore since 21/10 (notification still turned on).

I reinstalled the chrome and delete all cookies and caches yesterday night, never syncing any account to my chrome tho.

I also recently update my Windows 8.1 to the latest today, haven't got any incident yet on my PC.

Just in case i activated premium feature on my phone this morning and scan on both PC and Phone show no infection.

[nasdaq]

Stay safe.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks