Malwarebytes blocking incoming and outgoing connections

[Win7isbest]

Okay I run Win7 Pro 32bit on this particular computer and firefox 71 is the default browser (up to date via the about firefox under help in the menu). In the past few days firefox caused windows to say an unknown error occurred but firefox does not crash and I can use it. Aside from the weirdness of it nothing else occurred and this pc is only used occasionally, nothing found on the 19th and 30 of Dec 2019 which shows how little this pc is used generally when I scanned with McAfee and Malwarebytes.  This changed on the 1/3/2020 when Malware Premium began blocking connections when I booted this up again to use.

On 1/3/2020 I downloaded a few video files using qbittorrent, and afterwards qbittorrent had connections blocked incoming and outgoing.  Firefox was also running at the same time (last sentence of first paragraph references the behavior shown with firefox).  I had updated definitions so I shut down both programs qbittorrent and firefox and disconnected from the internet.  Malwarebytes detected nothing so no results file from that time, but McAfee detected a trojan.  That was all that McAfee could could say since it was not in the database, either it was new or a generic trojan.  Anyway the infected file was quarantined and deleted by McAfee. 

I reconnected to the internet and Firefox seems to not be a target, but qbittorrent still had Malwarebytes blocking connections. I ran a new scan with Malwarebytes today and posted the FRST, Addition, and Malwarebytes scan log below. What is happening?

 

1-4-2020 malwarebyte scan.txt FRST.txt Addition.txt

[Porthos]

2 hours ago, Win7isbest said:

but qbittorrent still had Malwarebytes blocking connections.

 

As for why Malwarebytes blocked qbittorrent , this is because qbittorrent , and all Bittorrent software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through qbittorrent ) and because of this, sometimes uTorrent will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are downloading through qbittorrent may be perfectly safe, some of the sites hosted on some of the IP addresses that qbittorrent connects to may be malicious.  Such connections are not a threat however, and you may exclude qbittorrent from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add qbittorrent .exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.

 

File sharing involves using technology that allows internet users to share files that are housed on their individual computers. Peer-to-peer (P2P) applications, such as those used to share music files, are some of the most common forms of file-sharing technology. However, P2P applications introduce security risks that may put your information or your computer in jeopardy.  Risks of File-Sharing Technology

I hope this helps.

[AdvancedSetup]

Hello @Win7isbest

If you're still having issues please follow the directions below and post back new logs

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

• If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• If you don't have Malwarebytes installed yet please download it from here and install it.
• Once installed then open Malwarebytes and select Scan and let it run.
• Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
• If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

• Right-click on the program and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan Now.
• When finished, please click Clean & Repair.
• Your PC should reboot now if any items were found.
• After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens, click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
• Please attach the Additions.txt log to your reply as well.

 

Thanks

 

 

[Win7isbest]

Okay, after tending to personal affairs I came back.  I ran the adwcleaner and removed preinstalled.hp thing (it is a microsoft office thing apparently upon looking it up).  I did not change any settings I ran it vanilla.  Now that desktop can not connect via wired or wireless to the internet.  I am using my primary PC to post this.  In addition to wiping out my internet for that desktop it also wiped out all Win7 restore points.  I know this because 100 gigabytes have been freed up and system restore reports no restore points to be found.  Your AdwCleaner borked that desktop's internet and restore points when I followed instructions.  WHAT NOW?

[Win7isbest]

I reset my router, before you ask.

[Win7isbest]

Ok I calmed down, and looked at the error messages windows troubleshooting gave about not being able to connect to the internet.  After Checking my firewall rules and adapter settings, and resetting local network dns.  I remembered I use windscribe vpn on the computer in question.  I checked the settings for that and somehow the firewall the Windscribe VPN uses was active.  What this means apparently is you can be blocked from internet use when the VPN is INACTIVE.  Turned off the VPN firewall (Windscribe is in the off mode) and now can connect and browse.  I do not know how that happened but internet restored.  I am confused honestly about what happened, the only thing that makes sense on my end is the fact the click area for turning the VPN firewall on or off is a large button and the mouse I use on that PC does do unintentional clicking due to long use.  Sorry if I made you do a "What happened here" situation on your end.

[AdvancedSetup]

Since this issue is resolved the topic will now be closed to prevent others from posting here.

If you need assistance please start your own new topic and someone will be happy to assist you.

Thanks