kevinf80 Posted November 26, 2020 ID:1423581 Share Posted November 26, 2020 Hiya Landets, If you have blocked the IP`s and Port numbers you should be ok, obviously you can continue doing that until the sniffers eventually give up and move on to another target. I strongly advise that you install the Malwarebytes Browser Guards for Chrome and Firefox, they are free and do give a good layer of protection. Let me know if you are ok with your system or if you feel that more needs to be done... Thank you, Kevin.... Link to post Share on other sites More sharing options...
Landets Posted November 26, 2020 Author ID:1423626 Share Posted November 26, 2020 2 hours ago, kevinf80 said: Hiya Landets, If you have blocked the IP`s and Port numbers you should be ok, obviously you can continue doing that until the sniffers eventually give up and move on to another target. I strongly advise that you install the Malwarebytes Browser Guards for Chrome and Firefox, they are free and do give a good layer of protection. Let me know if you are ok with your system or if you feel that more needs to be done... Thank you, Kevin.... Hi Kevin I think this case might be resolved by now, and it seems like I have been overreacting a little bit. I only have few questions left. Question 1: Can these sporadic blocks with inbound connection type occur to anyone, and it doesn't necessarily mean that there is something wrong in my PC? If I understood right, these sporadic blocks are quite random and that's why the sniffers eventually go away. Question 2: Because Malwarebytes has blocked everything and every scan I have used now finds zero infections, does that mean that I am safe and can use my PC for example to use online bank service? Question 3: Does Malwarebytes Browser Guard clash with Adblock Plus and/or uBlock Origin? If you think this case is resolved now, I wish that every log and every log I have pasted as text to this topic will be hidden in future. Link to post Share on other sites More sharing options...
kevinf80 Posted November 26, 2020 ID:1423641 Share Posted November 26, 2020 Hiya Landets, Quote Question 1: Can these sporadic blocks with inbound connection type occur to anyone, and it doesn't necessarily mean that there is something wrong in my PC? If I understood right, these sporadic blocks are quite random and that's why the sniffers eventually go away. Yes inbound attacks can happen to anyone who owns a PC, anyone who uses VoIP software seem to be even more susceptible. Quote Question 2: Because Malwarebytes has blocked everything and every scan I have used now finds zero infections, does that mean that I am safe and can use my PC for example to use online bank service? Yes your PC is clean and online Banking should be ok Quote Question 3: Does Malwarebytes Browser Guard clash with Adblock Plus and/or uBlock Origin? I use Malwarebytes Browser Guard with uBlock Origin, AdblockPlus is not needed. I also recommend auto cookie delete Chrome: https://chrome.google.com/webstore/detail/cookie-autodelete/fhcgjolkccmbidfldomjliifgaodjagh?hl=en FireFox: https://addons.mozilla.org/en-GB/firefox/addon/cookie-autodelete/ and Clear URL`s Chrome: https://chrome.google.com/webstore/detail/clearurls/lckanjgmijmafbedllaakclkaicjfmnk?hl=en FireFox: https://addons.mozilla.org/en-US/firefox/addon/clearurls/ Quote If you think this case is resolved now, I wish that every log and every log I have pasted as text to this topic will be hidden in future. When your thread is closed it will be locked and moved to another section of the forum.... For now we should be able to clean up: Delete KVRT.exe, navigate to and delete C:\KVRT_Data folder Right click on FRST here: C:\Users\kukkuu\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
Landets Posted November 27, 2020 Author ID:1423780 Share Posted November 27, 2020 Hello Kevin, I decided to uninstall Malwarebytes yesterday. When I did that I found out something very interesting which might interest you. Before I started to run the ESET Online Scanner, I disabled the active protection from Malwarebytes, and during the ESET Online Scan I had no active protection in my PC. It seems like when ESET Online Scanner was running, Microsoft Defender did reactivate by itself and quarantined a trojan from my PC. I will paste the log below to this reply now: Microsoft Defenderin virustentorjunta on havainnut haittaohjelman tai muun mahdollisesti ei-toivotun ohjelmiston. Lisätietoja:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Denali.A!ml&threatid=2147742223&enterprise=0 Threat Name: Trojan:JS/Denali.A!ml Threat ID: 2147742223 Severity Name: Vakava Category Name: Troijalainen Path: file:_C:\Users\kukkuu\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000082 Origin Name: Paikallinen tietokone Type Name: Nopea polku Source Name: Reaaliaikainen suojaus User: DESKTOP-ORVKSU4\kukkuu Process Name: C:\Users\kukkuu\Desktop\esetonlinescanner.exe Security Intelligence Version: AV: 1.327.1577.0, AS: 1.327.1577.0, NIS: 1.327.1577.0 Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5 For some reason this log say that process name is C:\Users\kukkuu\Desktop\esetonlinescanner.exe. Does this mean that it was ESET Online Scanner what actually detected the trojan or was it caused by it? I decided to uninstall Google Chrome with Geek Uninstaller for safety's sake. Then I ran a full scan with Windows Defender and also used a Microsoft Safety Scanner, and they both did not find any threats. -Landets Link to post Share on other sites More sharing options...
kevinf80 Posted November 27, 2020 ID:1423792 Share Posted November 27, 2020 Hiya Landets, Microsoft Defender has flagged that cache file, can you zip up and attach this folder: C:\Users\kukkuu\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache As you have uninstalled chrome can you check and see if this folder is still on your system: C:\Users\kukkuu\AppData\Local\Google Thank you, Kevin Link to post Share on other sites More sharing options...
Landets Posted November 27, 2020 Author ID:1423802 Share Posted November 27, 2020 44 minutes ago, kevinf80 said: Hiya Landets, Microsoft Defender has flagged that cache file, can you zip up and attach this folder: C:\Users\kukkuu\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache As you have uninstalled chrome can you check and see if this folder is still on your system: C:\Users\kukkuu\AppData\Local\Google Thank you, Kevin Yes the Google folder is still there. It contains Crash Reports and Software Reporter Tool folders inside it Link to post Share on other sites More sharing options...
kevinf80 Posted November 27, 2020 ID:1423808 Share Posted November 27, 2020 From the image user data folder is not there anymore so you cannot zip up cache folder.... Do you intend reinstalling Chrome..? Link to post Share on other sites More sharing options...
Landets Posted November 27, 2020 Author ID:1423810 Share Posted November 27, 2020 2 minutes ago, kevinf80 said: From the image user data folder is not there anymore so you cannot zip up cache folder.... Is this good thing or not? At the moment I don't have a need to reinstall Chrome unless you think it is needed to accomplish something. I have heard that Mozilla is much safer and better browser than Chrome. Link to post Share on other sites More sharing options...
kevinf80 Posted November 27, 2020 ID:1423830 Share Posted November 27, 2020 Hiya Landets, I use Firefox myself, I only have Chrome installed incase I need to check it against threads I maybe helping with. If you are not reinstalling Chrome I would just delete the Google folder. What is the current status of your system, any remaining issues or concerns... Thank you, Kevin Link to post Share on other sites More sharing options...
Landets Posted November 27, 2020 Author ID:1423833 Share Posted November 27, 2020 Just now, kevinf80 said: Hiya Landets, I use Firefox myself, I only have Chrome installed incase I need to check it against threads I maybe helping with. If you are not reinstalling Chrome I would just delete the Google folder. What is the current status of your system, any remaining issues or concerns... Thank you, Kevin According to Microsoft Defender, everything is fine on my system, and I think everything will be okay for now on. I don't know how that trojan got into my system when I was running ESET, but luckily Windows Defender reactivated itself and quarantined it. I will delete Google folder immediately. The original problem with Windows Defender was probably a bug in Windows 10 which seems to be fixed now, as I don't get that weird notification anymore. So even that issue seems to be cleared now. Link to post Share on other sites More sharing options...
kevinf80 Posted November 27, 2020 ID:1423840 Share Posted November 27, 2020 Hiya Landets, Thanks for the update, good to here your system is finally ok for you. I gave the clean up instructions earlier... It was a pleasure to work with you.. Regards, Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted November 28, 2020 ID:1424025 Share Posted November 28, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts