Jump to content

No connection could be made because the target machine actively refused it


Go to solution Solved by AdvancedSetup,

Recommended Posts

Hi,

I am trying to renew my certificate using Certify The Web (v 5.1.11.0) but it is failing with No connection could be made because the target machine actively refused it 127.0.0.1:1080.

I asked in that forum and was told that I have malware / adware.

I scanned using Malewarebytes and it did find some adware. These have been cleaned but I am still unable to update the SSL certificate.

Any help appreciated.

 

 

 

 

Addition.txt AdwCleaner[S04].txt FRST.txt

Link to post
Share on other sites

19 minutes ago, chribonn said:

Any help appreciated.

Quote

Windows Server 2016 Standard Version 1607 14393.3986 (X64) (2018-05-04 17:00:18)

I see you are using a server OS. The version of Malwarebytes you have installed at this time is not supported on Servers. The proper version is this. https://www.malwarebytes.com/business/ep-server-security/

I would suggest uninstalling the current version of Malwarebytes and restart the server and see if you can connect.

Before you do the above, Get the log from Malwarebytes showing what it found and attach it here.

Link to post
Share on other sites

  • Root Admin

Hello @chribonn

 

The Server has a Proxy set on it. Please open an elevated admin command prompt and run the following command to remove it.
ProxyServer: [.DEFAULT] => 127.0.0.1:1080

netsh winhttp reset proxy 

 

Please review the following tasks and ensure that it is valid for your Server

Task: {337EC5AD-56E7-4FF5-8102-EB2B28B3C98F} - \WPD\SqmUpload_S-1-5-21-477075340-3713811199-601436119-1001 -> No File <==== ATTENTION
Task: {EC60C2B9-642D-4A92-96B3-9E94B5348396} - \WPD\SqmUpload_S-1-5-21-477075340-3713811199-601436119-500 -> No File <==== ATTENTION

 

 

This is a very old entry for Google. 2015 it should be removed and if used, updated to the latest version

Task: {53483778-1B39-4ED6-8707-200D8936A16E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {A1648FFF-CEBB-41CE-AF62-232905768AAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)

 

Please verify the following scheduled tasks are valid for you as well

Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\WINDOWS\system32\ceipdata.exe
 

 

 

You also have numerous errors that you should investigate the cause

Error: (10/29/2020 04:10:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cimserver.exe, version: 2.13.0.0, time stamp: 0x55547775
Faulting module name: pegindicationservice.dll, version: 2.13.0.0, time stamp: 0x55547693
Exception code: 0xc0000005
Fault offset: 0x0000000000003c26
Faulting process id: 0x790
Faulting application start time: 0x01d6ae05a59e8788
Faulting application path: C:\Program Files\Adaptec\maxView Storage Manager\pegasus\bin\cimserver.exe
Faulting module path: C:\Program Files\Adaptec\maxView Storage Manager\pegasus\bin\pegindicationservice.dll
Report Id: 4be08378-5db9-4604-99dc-2c02d361b908
Faulting package full name:
Faulting package-relative application ID:

 

The server is also actively being used by someone to steal and pirate software. To limit legal liability I would highly recommend scanning and deleting any such stolen or  pirated software from the system

 

D:\BitT\VMware.Workstation.Pro.v16.0.0.X64.Incl.Keygen-AMPED\ampmck01.zip
D:\BitT\Elcomsoft.Wireless.Security.Auditor.Pro.v7.30.593.Incl.Crack-iND\ewsap730593.rar

 

My guess is that this folder probably contains multiple stolen or cracked software items. Again, limiting your legal liability I would highly suggest deleting any and all illegal software from the system.

D:\BitT

 

 

  • Thanks 1
Link to post
Share on other sites

3 hours ago, Porthos said:

I see you are using a server OS. The version of Malwarebytes you have installed at this time is not supported on Servers. The proper version is this. https://www.malwarebytes.com/business/ep-server-security/

I would suggest uninstalling the current version of Malwarebytes and restart the server and see if you can connect.

Before you do the above, Get the log from Malwarebytes showing what it found and attach it here.

Hi,

Attached is the scan output file.  

Thanks

 

output.txt

Link to post
Share on other sites

  • Root Admin

As you're running a Server with Apache I won't run a %temp% file clean but you should manually go clear out your temp files

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

  • Like 1
Link to post
Share on other sites

  • Root Admin

Glad to hear @chribonn

I've been doing Computer Security and Networking Support for about 30 years now so you learn a few things along the way 🙂

It's best if you can post back the FIXLOG.TXT file so that I can review and if see if anything else is needed.

 

  • Haha 1
Link to post
Share on other sites

  • 1 month later...

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

  • Haha 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.