Jump to content

RTP detection trojan outbound port 389 ssl.crosscert.com


st0ks

Recommended Posts

Logging in to a Korean website -- got RTP detection blocked website for SSL.CROSSCERT.COM:

-- On the website itself the Certificate Authority is RapidSSL RSA CA 2018 - so this seems to be an odd disrepancy.

--DNS servers in ipconfig are: 

 fec0:0:0:ffff::1%1
                                  fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1

(trying to resolve this)

 

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: ssl.crosscert.com
IP Address: 211.192.169.250
Port: 389
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Attached adwcleaner logs and farbar recovery 

adwcleaner.txt

Addition.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.