Jump to content
ClaytonHP

Website Blocked Due to Trojan

Recommended Posts

I use Malware Bytes Premium 3.8.3.My computer runs Windows 10 Pro and uses Eset 12.2.23.0 for AV. 

Beginning on 09/18/2019 I began receiving a "Website blocked" Type Outbound, Category Trojan to 52.3.64.241:57801 every 1.5 hours. I have attached the text notification from MalwareBytes. I have run AV scans in admin mode and Malwarebytes scans with everything coming back clean. 

52.3.64.241 comes back as registered to Amazon but the domain is listed as ws.bootstrapdevelopment.com. I am unsure of next steps and if I should be concerned.

bootstrap.txt

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

    mbst_get_started.jpg
     
  7. Click the Gather Logs button

    mbst_advanced_gather_logs.jpg
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer

    mbst_getting_logs.jpg
     
  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

    mbst_log_saved_desktop.jpg
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

Greetings,

It appears that the block is coming from a software called BSD Application Updater made by a company called Bootstrap Software Development.  Based on your description it sounds like it is from one of their applications running in the background and likely executing some kind of update check or telemetry check-in on a regular schedule.  I located the following information from their website which describes a couple of different ways to disable the application updater if you wish to:

Disabling the BSD Application Updater
There are a few different ways to turn off the application updater:

From either MediaWidget or VideoWizard, hold down the CONTROL and SHIFT keys while clicking on the "Check For Updates" menu item.  The user should receive a prompt explaining what is about to happen.
From the BSD Application Updater tray menu (right click the tray icon), hold down the CONTROL and SHIFT keys while clicking the "Check Now" menu item.  Prompts are the same as #1.
Manually removing the registry entry.  If the updater can not remove the entry itself (for example, if it were running under an account that did not have permissions to modify the HKLM key), then the entry can be removed by hand.  They should run RegEdit.exe and navigate to the 'HKLM\Software\Microsoft\Windows\CurrentVersion\Run\' key.  Under this key, they should see an entry named "BSDAppUpdater".  This entry should be deleted.

Share this post


Link to post
Share on other sites

If that doesn't work and you still wish to disable it then let us know and we can likely assist you with that, but either way it doesn't appear to be malware or anything malicious so it's up to you.

Share this post


Link to post
Share on other sites

Thank you  - I removed MediaWidget app and disabled BSD Application Updater. This seems to have resolved the issue.

 

Share this post


Link to post
Share on other sites

Excellent, I'm glad that it worked and that your system was not infected.

If there is anything else we might assist you with please let us know.

Thanks

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.