Jump to content

What is Compromised??


Recommended Posts

I've seen other similar issues listed. Every 5 minutes Malwarebytes flags an inbound website blocked due to compromised.

the IP address is 1.223.0.107  It seems to be Korean, but I'm not certain. What should I do to eliminate this threat?

Link to post
Share on other sites

I having your post moved to the Malware removal section. In the meantime.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean of malware.

Can your please post or attach the Malwarebytes log for my review.

p.s.

Malwarebytes may just be protecting you from this  attack.

Link to post
Share on other sites

Thank you nasdaq.

I'm not sure exactly where to get the malwarebyte log. I believe as you do, that there is no malware on the system yet, but I've never seen these kind of attempts. The screens come up as in the attached .jpg with the two additional screens this morning saying that Malwarebytes has blocked a Trojan at 134.122.118.147 Port 55500 and blocked a ransomware attempt at 92.63.194.3 port 29963

This may happen all the time, and perhaps thankfully, Malwarebytes stops them, but I have never seen it happen over and over in rapid succession. Yesterday 5 minutes apart, today one after another. The system is rebooting frequently also (responding to a bug??), and has been for the past week or so. 

20200506_142308.jpg

20200506_162320.jpg

Link to post
Share on other sites

nasdaq, the hits continue at about the 5 minute pace. Is there anything that can be done to block the website IP address or something to further distance myself from these attempts. I'm gratified that Malwarebytes is blocking them, but over time, couldn't that be worked around?

 

Link to post
Share on other sites

Hello   @justkuz   

The blocks are on addresses that are attempting to do a forced  attempt to exploit remote-desktop-protocol. 

The Real Time Protection of Malwarebytes for Windows  is actively doing it's job to protect the system.

In most cases the attempted probes will automatically stop on their own. If it continues you can add the IP to the local firewall to prevent it from contacting the computer period.

I do expect that the block events stopped today.

.

You may  add the suspect IP addresses into the Firewall block list

If you wish to do so, here is one how-to guide
https://www.interserver.net/tips/kb/add-ip-address-windows-firewall/

Additionally or alternatively, if this is on Windows 10 PRO  and if you do not need or use Remote Desktop,  you can turn that off.
https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html
.
 

Here is how to block a port number in Windows

https://thegeekpage.com/how-to-block-ports-in-windows-10-firewall/

 

How to Change the port number for RDP

https://tunecomp.net/change-remote-desktop-port-windows-10/

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Hi @justkuz

I have one added tip.

The Real Time Protection of Malwarebytes for Windows  is actively doing it's job to protect the system.

I  would recommend that if you have a internet-connection-router hardware at home,  that you look over this article
"How to Enable Your Wireless Router's Built-in Firewall"
https://www.lifewire.com/how-to-enable-your-wireless-routers-built-in-firewall-2487668

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.