Jump to content

Website blocked Inbound Connection Trojans and Compromised


Recommended Posts

Hi,     :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.

Thanks for the adwcleaner reports.  However I need other details from a different report set.   Also, screen grabs do not have all the detail I need.

You made no mention at all if a web browser was in use when the Block event happened.

.

For Your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".
A "malicious website blocked" is entirely different from a "malware detected" event.

The website  Block message indicates that a potential risk was blocked by the malicious website protection. 
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
 
See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true
 
Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.
On Outbound blocks, any attempted connection was stopped.
 
No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).
 A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, SKYPE or Peer-to-peer software, to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert.
.
 

.


I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.6.0.774.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Thank you,
Sincerely.

Link to post
Share on other sites

Hi Stan.   Nice to meet you.   Thank you for the support-tool-report file.

Just for housekeeping purposes so that Windows Defender Antivirus is all on,  lets do what follows.   The Malwarebytes Premium protections will all remain active.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 
Click the Security Tab. Scroll down to 
"Windows Security Center"
Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
.

Look on the keyboard, press & hold the Windows-icon-logo key & then tap the R key to bring up the RUN option box-window.

Then type in the following

cmd.exe

Look for the flyout list in the window, and click on Run as Administrator

This should bring up an Elevated ( Administrator)  Command window

Type in

sfc /scannow

then tap Enter-key.   Let me know what the bottom line result is.

.

NEXT

Do a Full scan with the Windows 10 antivirus  ......Windows Defender
navigate to the Virus & Threat protection section.

 

Look on the Windows search box on the Windows taskbar.  Type in

virus & threat protection

You should see a list display.  There is a link for " Virus & Threat protection".  Click on that.

Once you get there, note the "Scan Options" in blue.   Just need you to drill down into that to get to the option for FULL scan.
 

Once you get there, note the "Scan Options" in blue.   Just need you to drill down into that to get to the option for FULL scan.

image.png.ef373aa406a6d2e98f0b125daff2b0e6.png

Click Scan options.

image.thumb.png.52961c57498aac823400dc1e38e15c6e.png

 

Then click on Full scan.   Have lots of patience.   Keep me advised on the result.    We can do more later.

 

Link to post
Share on other sites

Here are the SFC results:

Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

 

Log has been attached

Will reply with scan report once done

 

 

 

CBS.log

Link to post
Share on other sites

On the Block notice events ...... Can you tell me, whether at that point,  were you possibly playing online multi-player games?

or

If possibly you were using a web browser when that notice showed up ?

or

using an instant-messenger app ?

 

You can let the message window close itself after a few seconds.  Or you can click the X  to Close the notice window.

And if they are an annoyance, you can suppress their display.

Start Malwarebytes.   Click Settings ( gear icon at the top ) 

Click the Notifications tab.

Look for "Show all notifications in the Windows notification area"   and click that to the Left.   That is to set that to Off position.

The real-time web protection and the real-time anti-malware will still be protecting your system.

Link to post
Share on other sites

I too would love to know why.   Turning off the onscreen notice is just a way to lessen any aggravation.   You will still get saved Notifications.   Your pc will still be protected.

Let all scans finish before making any more replies.

I would like for you to Close Discord   & Telegram and stop playing any games.   or any free-wheeling web surfing.

I await the result from the Full scan by the MS Windows Defender.

and later, we will do some other additional scans.

I do have a handful of cases like yours on-going.   One person did a Full scan with Windows Defender  & that found 3 pieces of suspected malware.

Link to post
Share on other sites

Maurice it seems the scan was trying to do all of my drives which would take weeks to complete. I let it run over night and it still had a ton more to go. Plus I have a lot of backups of websites that were infiected and it would cause the logs to be filled with viruses that are known to me. 

 

Is there a way to run the scan on the C drive only?

Link to post
Share on other sites

Hello.   How is it going ?

 

The blocks from May 9 were on addresses that had attempted  to do a forced  attempt to exploit remote-desktop-protocol. 

The Real Time Protection of Malwarebytes for Windows  is actively doing it's job to protect the system.

I  would recommend that if you have a internet-connection-router hardware at home,  that you look over this article
"How to Enable Your Wireless Router's Built-in Firewall"
https://www.lifewire.com/how-to-enable-your-wireless-routers-built-in-firewall-2487668

 

 

In most cases the attempted probes will automatically stop on their own. If it continues you can add the IP to the local firewall to prevent it from contacting the computer period.
If you wish to do so, here is one how-to guide for the Windows software firewall
https://www.interserver.net/tips/kb/add-ip-address-windows-firewall/

 

Additionally or alternatively, if this is on Windows 10 PRO  and if you do not need or use Remote Desktop,  you can turn that off.
https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html

 

Here is how to block a port number in Windows

https://thegeekpage.com/how-to-block-ports-in-windows-10-firewall/

 

How to Change the port number for RDP

https://tunecomp.net/change-remote-desktop-port-windows-10/

 

 

 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.