Jump to content

RTP detection popping up repeatedly


Recommended Posts

I'm posting on behalf of my boss, who has Malwarebytes Premium 4.1.0.  At certain times of day, she will get many of these popups indicating RTP detection, Compromised, Blocked website. I realize this is an indication of protection, but is there something I should be doing to make her system less vulnerable? Is there adware or other PUP that is making her more susceptible? The Farbar scans and most recent Malwarebytes threat scan are attached, as is the most recent detection history showing the RTP detection. Thank you!

Addition.txt Detection history 26 May 2020 1638.txt FRST.txt Threat scan 26 May 2020 1637.txt

Link to post
Share on other sites

  • Root Admin

Hello @mmy45

When you say repeatedly, how often and what addresses? These are inbound probes which does not indicate any infection of the computer. Often inbound probes go away on their own within a few hours to days. Basically bots are scanning and probing to look for exploits or in some cases trying to brute force run an exploit password attack on objects like RDP.

If the blocks continue or appear to be the same address or a couple of addresses then you can add a block to your firewall to ensure you keep them out. Malwarebytes sounds like it's doing its job blocking them, but the constant alerts can be distracting depending on the amount.

 

 

Link to post
Share on other sites

Thank you for the response. Over 50 this morning by 10am. Some are repetitive--a minute apart. It's definitely distracting in the extreme when there are several attempts over a five-minute span, usually around 10:30am, noon, and 3:00pm. She's having other performance issues with her computer (keyboard cutting out periodically, especially), so I'm not certain whether suppressing these attacks is taking too much memory or if there's another issue making the entire system susceptible. Please see the attached photo of the history for part of this afternoon.

IMG_2257 (002).jpg

Link to post
Share on other sites

  • Root Admin

You may want to try our latest beta version and see if that improves performance for you.

Go to the Settings under the General tab and enable Beta updates. Then go to the About tab and check for updates.

This latest beta will need to restart the computer but hopefully may provide better performance.

If that does not help then let me get some logs and we'll check and see what we can find.

Upload Malwarebytes Support Tool logs offline

Thanks

 

Link to post
Share on other sites

9 minutes ago, AdvancedSetup said:

You may want to try our latest beta version and see if that improves performance for you.

Go to the Settings under the General tab and enable Beta updates. Then go to the About tab and check for updates.

This latest beta will need to restart the computer but hopefully may provide better performance.

If that does not help then let me get some logs and we'll check and see what we can find.

Upload Malwarebytes Support Tool logs offline

Thanks

 

Thank you. I've enabled Beta updates, installed, and restarted and I've turned off her notifications so perhaps they won't be such a distraction or a drain on her system's resources. I checked her history and the bombardments of ransomware and compromised attempts happening many times per day started May 5, 21 days ago. I'll report back when she has had some time to work with it tomorrow. Our IT contractors also haven't found anything once they ran their scans.

Link to post
Share on other sites

  • Root Admin

No, with inbound IP probes there is nothing to find because it's not the computer doing it.

If you want help on adding firewall blocks let me know. But I'd highly recommend you be at the computer physically in case you make a mistake. If done remotely  you could easily lock yourself out of the computer.

 

Link to post
Share on other sites

Understood. Thank you. I'll let you know as soon as I check back with her tomorrow. We're shifting times of being in the office so we're less likely to expose each other, so I will be able to have direct physical access at that time.

Link to post
Share on other sites

  • 3 weeks later...

Hello @mmy45   

How are things at this point ?

Here are some suggested actions that you can apply to tighten up security on the Windows system.

The Real Time Protection of Malwarebytes for Windows  is actively doing it's job to protect the system.

 

I  would recommend that you look over this article

"How to Enable Your Wireless Router's Built-in Firewall"

https://www.lifewire.com/how-to-enable-your-wireless-routers-built-in-firewall-2487668

 

 

In most cases the attempted probes will automatically stop on their own. If it continues you can add the IP to the local firewall to prevent it from contacting the computer period.

If you wish to do so, here is one how-to guide for the Windows software firewall

https://www.interserver.net/tips/kb/add-ip-address-windows-firewall/

 

Additionally or alternatively, if this is on Windows 10 PRO  and if you do not need or use Remote Desktop,  you can turn that off.

https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html

.

 

Here is how to block a port number in Windows

https://thegeekpage.com/how-to-block-ports-in-windows-10-firewall/

 

How to Change the port number for RDP

https://tunecomp.net/change-remote-desktop-port-windows-10/

 

For your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".   A courtesy notice,   Any potential threat was STOPPED.


The website  Block message indicates that a potential risk was blocked by the malicious website protection. 
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
 
See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true
 
Incoming block notice can be ignored, the Malwarebytes real-time  ( Premium)  protection  is blocking the threat and there is nothing more that can be done.

On Outbound blocks, any attempted connection was stopped.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.