giorgos_spinkl Posted December 24, 2019 ID:1352493 Share Posted December 24, 2019 I got an alert from glass wire informing me that there was a suspicious host connection(it happened when I opened my browser). So I opened malwarebytes and performed a scan because it didn't find something I tried with adwcleaner. AdwCleaner found a pup folder and two registries that had been affected(I think it all started from a program named popcorn time which caught my attention because a friend said that it would give me access to movies for free legally but the program seemed sketchy so I uninstalled it). After I quarantined and restarted my computer the problem was still there. I used the command netstat in cmd and I found out that I had a lot of tcp connections that matched the names of hosts that my browser was connecting on. I checked for updated in malwarebytes and performed again a scan but it didn't find something. What can I do to remove those tcp connections? FRST.txt Addition.txt Link to post Share on other sites More sharing options...
nasdaq Posted December 25, 2019 ID:1352591 Share Posted December 25, 2019 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === This extension is problematic. OPR Extension: (No Name) - C:\Users\George\AppData\Roaming\Opera Software\Opera Stable\Extensions\bdbghbgbindbkaainmmmekddaokgbffn [2018-11-13] The name is normally "Honey". I would for now disable it. Your call if you wish to use it. If Opera is synchronized between your devices, I suggest you Sign out. Refer to this topichttp://help.opera.com/opera/Windows/2393/en/sync.html Follow the instructions under the Sync Section. When done restart Opera. You can Sign in after the test. ==== Is the problem persisting? Link to post Share on other sites More sharing options...
giorgos_spinkl Posted December 25, 2019 Author ID:1352595 Share Posted December 25, 2019 I removed honey and I checked if opera was synchronized but it wasn't. The problem continuous and it effects not only opera but microsoft edge Link to post Share on other sites More sharing options...
nasdaq Posted December 25, 2019 ID:1352604 Share Posted December 25, 2019 Hi, If the problem persists and you are Syncing Edge with other devices reset it. https://www.tenforums.com/tutorials/36286-turn-off-sync-favorites-reading-list-microsoft-edge.html === Link to post Share on other sites More sharing options...
giorgos_spinkl Posted December 25, 2019 Author ID:1352607 Share Posted December 25, 2019 Nothing has changed, Opera and Edge are still getting the same weird connections even though they aren't synched with any other account. Link to post Share on other sites More sharing options...
giorgos_spinkl Posted December 25, 2019 Author ID:1352608 Share Posted December 25, 2019 I made a thread on the glasswire forums too. Maybe it's a bug or something but it still seems weird that my browsers whould connect to this hosts. If you find a possible solution please inform me. Link to post Share on other sites More sharing options...
nasdaq Posted December 25, 2019 ID:1352612 Share Posted December 25, 2019 Hi, Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The Computer will restart when the fix is completed. It will create a log (Fixlog.txt) please post it to your reply. === Please post the Fixlog.txt and let me know what problem persists. fixlist.txt Link to post Share on other sites More sharing options...
giorgos_spinkl Posted December 25, 2019 Author ID:1352614 Share Posted December 25, 2019 Fixlog.txt Link to post Share on other sites More sharing options...
giorgos_spinkl Posted December 25, 2019 Author ID:1352615 Share Posted December 25, 2019 Also the problem persists Link to post Share on other sites More sharing options...
Dewbear Posted December 25, 2019 ID:1352623 Share Posted December 25, 2019 I also have this issue which first appeared December 23rd without any new downloaded activity. Glasswire warns me of "suspicious host connection" when I attempt to connect to my back using either the Chrome browser or Edge. In each case Glasswire shows the connection alert to "nexus.ensighten.com" initially. However this morning it is also shows chrome connecting to "bam.nr-data.net" and "idsync.rlcdn.com". No time to worry about this today. Merry Christmas everyone. Cheers Link to post Share on other sites More sharing options...
nasdaq Posted December 26, 2019 ID:1352682 Share Posted December 26, 2019 Hi, @ giorgos_spinkl "nexus.ensighten.com" looks good. Tested at VirusTotal. https://www.virustotal.com/gui/url/f56a200495cffd7bac79fe193aedc75c6cfabde6b6bfa9b0ce5edbd256ff9e7e/detection Did you get an answer from the Glasswire Forums? === Note to @ Dewbear You are not allowed to post in this topic. If you need help please start your own topic. Link to post Share on other sites More sharing options...
giorgos_spinkl Posted December 26, 2019 Author ID:1352683 Share Posted December 26, 2019 Turns out everything was ok. GlassWire just messed up. Thanks for the help Link to post Share on other sites More sharing options...
nasdaq Posted December 26, 2019 ID:1352693 Share Posted December 26, 2019 Glad we could help. Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 5, 2020 ID:1354236 Share Posted January 5, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts