Jump to content

Suspicious Notifications


Recommended Posts

Hi Everyone,

I am a new Malwarebytes member and this has to do to a message I keep getting from my other Anti-Virus program that runs my Fire-Wall,

this is the message I keep getting and I got this message way before I ever installed Malwarebytes to my PC "WE BLOCKED AN INTRUSION ATTEMPT FROM A COMPUTER ON A DIFFERENT NETWORK 34.196.43.135
INTRUSION DETECTION SYSTEM (IDS)
THE CATEGORY OF INTRUSION IS ATTEMPTED-dos, the intrusion level is Medium and it follows rule ID 177. The description is: DOS mstream client to handler."

Now I have scanned my complete computer with Malwarebytes scanner and it found nothing, but I have a feeling that someone has installed a Trojan in my pc from an accidental webpage view,

I contacted my anti-virus company and they said they believed it was just a web ad trying to get through and that's why it gave me this message. but to be honest I think they are wrong.

Anyone's help with this would be much appreciated.

Thanks IN Advance

Phantom4

 

Link to post
Share on other sites

  • Root Admin

Hello @Phantom4 and :welcome:

Please follow the directions from the following topic and see if that helps correct the issue.

 

 

If that does not correct the issue then please run the following and I will check back with you on Monday morning

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

 

 

Link to post
Share on other sites

Hi There <

And thank you for replying, I don't think you understood my question, Malwarebytes did not make me aware of this message "WE BLOCKED AN INTRUSION ATTEMPT FROM A COMPUTER ON A DIFFERENT NETWORK 34.196.43.135
INTRUSION DETECTION SYSTEM (IDS)
THE CATEGORY OF INTRUSION IS ATTEMPTED-dos, the intrusion level is Medium and it follows rule ID 177. The description is: DOS mstream client to handler. 
Intrusion from Network IP   40.91.125.0
192.168.1.148   Intrusion on 1-23-2020 "  

This message came through my Anti-Virus software VIPRE Internet security , Malwarebytes was installed already when the last message came through on 1-23-2020 , and Malwarebytes did nothing at all, never even realized someone or something was trying to access my computer from someone on a different network and to be honest I did not like the answer VIPRE Support gave me, they tried to say it was more then likely an ad from a web site trying to get in and was blocked.....  I don't think so....  They could not even tell me for sure that just because the notice said it blocked the attempted intrusion did not mean they didn't get around it some how>>. Malwarebytes didn't even register the event?  I scanned my complete computer with Malwarebytes Premiere and it found nothing except false hit for PUP on my Advanced System Care App. So do you see why I say SUSPicious activity and if Malwarebytes turned up nothing... well somethings not right.

Does Malwarebytes find trojans if one was placed in my computer from some bad website ?

I just don't feel like this software is finding what has been somehow injected into my computer..   

Thanks

Phantom4 

Link to post
Share on other sites

Hi There Again,

Ok I did all the scans you asked me to do, It actually deleted my one app I have used for years that I have never had any problem with and know this is not the problem so I reinstalled it ...that was Iobit  Advanced System Care Pro 13 which is a program I pay for.... 

I will attach the text files from the scans here, I can't tell anything from them, and thanks for taking the time to help me figure this out, it means a lot to me !

Phantom4

AdwCleaner[C00].txt Addition.txt FRST.txt Shortcut.txt

Link to post
Share on other sites

  • Root Admin

Hello @Phantom4

Without some very time intensive work it's very difficult to tell where, why, how a remote system contacted  your computer. However, it is quite normal for remote system to probe any open, available ports or systems connected to the Internet. That's why your ISP typically blocks many known threats but you also need to be running your own firewall to also block possible attempts of an intrusion. Aside from a firewall you can't really stop a remote system from attempting to probe a computer. Unless it is a persistent and ongoing probe lasting over multiple days I would ignore it as your antivirus, firewall seems to be doing it's job in blocking it. If it does continue on and the probe is incoming, not outgoing, then you can look at adding a firewall rule to block it specifically.

 

You have some old compromised versions of Java on your system which can potentially make it easier to attack your system. Please go to Control Panel, Programs, Add/Remove and uninstall all Java. If possible try to use your computer without Java. If you really have to have it then make sure you keep it up to date at all times. https://java.com

The majority of IObits software is not labeled as PUP but there are some pieces due to certain conditions of how they run or operate. You can add exclusions to Malwarebytes to prevent it from detecting it if you like.

You also appear to have an old version of Silverlight. Please check for updates to that plugin

 

Please temporarily disable your antivirus and run the following repair script which will check the validity of your core operating system files, it will also clear temp files and some other maintenance, then reboot and run a disk check as well. Once it has completed and rebooted make sure your antivirus is re-enabled.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thank you

 

Link to post
Share on other sites

Hi There Again,

Ok I followed the instructions exactly,  It did not request a restart or a Fix just generated the text file I'm attaching to this response. Thank you for taking so much time on this,

it shows that we as customers are important to the company. If you'd be so kind to let me know what this text report is telling me I would appreciate it.

Thanks Again

Phantom4

FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello @Phantom4

Let's try again please,

 

Without some very time-intensive work, it's very difficult to tell where, why, how a remote system contacted your computer. However, it is quite normal for a remote system to probe any open, available ports or systems connected to the Internet. That's why your ISP typically blocks many known threats but you also need to be running your own firewall to also block possible attempts of an intrusion. Aside from a firewall, you can't really stop a remote system from attempting to probe a computer. Unless it is a persistent and ongoing probe lasting over multiple days I would ignore it as your antivirus, firewall seems to be doing its job in blocking it. If it does continue on and the probe is incoming, not outgoing, then you can look at adding a firewall rule to block it specifically.

 

You have some old compromised versions of Java on your system which can potentially make it easier to attack your system. Please go to Control Panel, Programs, Add/Remove and uninstall all Java. If possible try to use your computer without Java. If you really have to have it then make sure you keep it up to date at all times. https://java.com

The majority of IObits software is not labeled as PUP but there are some pieces due to certain conditions of how they run or operate. You can add exclusions to Malwarebytes to prevent it from detecting it if you like.

You also appear to have an old version of Silverlight. Please check for updates to that plugin

 

Please temporarily disable your antivirus and run the following repair script which will check the validity of your core operating system files, it will also clear temp files and some other maintenance, then reboot and run a disk check as well. Once it has completed and rebooted make sure your antivirus is re-enabled.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thank you

 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.