Jump to content
Retden

RTP Detection Blocked Website Outbound Malicous Trojan

Recommended Posts

Hello, on 3/24/20, I started getting RTP detection Malicious Website Blocked Outbound Category Trojan alerts on two separate systems (win7, win 8.1). They all have the same IP address identified 198.105.254.64 (Akamai Technologies) but different domains and filenames. Filenames are Explorer.exe, Chrome and sometimes blank. They will start after system boot (no browser active) and sporadically throughout the day (chrome active). I ran Threat scan and it was clean. I ran ADWcleaner and it quarantined two PUPs. I restarted system and still have same issue. I added Malwarebytes Chrome extension and still have the same number of events in Chrome. Attached is some Event Details, ADWcleaner log and Farbar logs. Thanks in advance.

MBDetect.txt AdwCleaner[S03].txt FRST_25-03-2020 13.05.16.txt Addition_25-03-2020 13.05.16.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Windows Defender is important for your security.

Read these instructions and proceed.

Malwarebytes for Windows antivirus exclusions list
https://support.malwarebytes.com/hc/en-us/articles/360038522974

---

Please post the Fixlog.txt and let me know what problem persists.

p.s.
Is IE (Internet Explorer) synced with other devices?
 

fixlist.txt

Share this post


Link to post
Share on other sites

Hello, attached is the fixlst.txt I created per instructions. I have not seen any detections since yesterday afternoon. There was a forum topic created yesterday by EsterD and answered by Zynthesist stating that ip address 198.105.254.64 would have the ip block removed. Related? I do not have Internet Explorer synced but I had Chrome synced to the win 7 system. I did a clean and reset on Chrome and flipped sync off when this started. Thanks for the help.fixlist.txt

Share this post


Link to post
Share on other sites

You posted mu Fixlist.txt I was expecting the Fixlog.txt.

If all is well forget about it.

Share this post


Link to post
Share on other sites

Nasdaq, I haven't received a threat notification since 2:48 on 3/25. I believe all is well. Thanks for your help.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.