Jump to content

I'm getting constant RTP-detections


Go to solution Solved by kevinf80,

Recommended Posts

1 minute ago, kevinf80 said:
Hiya Landets,
 
Log 13 is related to Chrome, use the instructions in the following link to reset Chrome:

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Log 14 is related to Steam, use the instructions in the two following links to reset Steam:

https://steamcommunity.com/discussions/forum/1/496880203077281805/

https://support.steampowered.com/kb_article.php?ref=3134-TIAL-4638
 
Thanks,
 
Kevin

Hi, I will do use these instructions immediately. I confirmed that the site which caused the hijack block was  https://karhu.com/juoksukengat/ , because I got exactly same block from same domain and IP-address.

Link to post
Share on other sites
  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

I have now done both fixes to Google Chrome and Steam. In the instructions how to reset the google sync I did not understand this line: If you use Chrome to log in to any Google service from any other computer, please follow these steps before turning on Chrome sync on those computers as well. Does that mean that I need to do the same thing to my mobile phone too?

Link to post
Share on other sites

Also Counter Strike: Global Offensive triggered a block because of Trojan. I noticed that the block happened when I entered into the community server browser, where you can join to community ran server. The block occured when I pressed the refresh list button on server browser. 

Link to post
Share on other sites

Yes I believe you are correct about hxxps://karhu.com/juoksukengat/. Just tried it myself and Malwarebytes Browser Guard made a block...

Regarding Chrome and turning back on sync, if you have maybe another PC with Chrome or a Smart Phone with Chrome. Those two devices would need Chrome resetting also..

The block you just experienced through the game executable was to the Russian Federation...

https://www.virustotal.com/gui/ip-address/95.181.157.112/detection

Link to post
Share on other sites

Hello Landets,

We need to run an online AV scan to make sure there is nothing lurking on your system. If nothing is found and the outbound blocks are still happening from Chrome and/or Steam we need to remove from your system and see if outbound blocks cease.

The worrying part is what would happen if you did not have Malwarebytes installed..

 
Go here and click 'ONE TIME SCAN' under 'ESET Online Scanner' save to your Desktop.
 
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
 
  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth technology
 
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish

Thank you,

Kevin...

Link to post
Share on other sites
2 hours ago, kevinf80 said:

Hello Landets,

We need to run an online AV scan to make sure there is nothing lurking on your system. If nothing is found and the outbound blocks are still happening from Chrome and/or Steam we need to remove from your system and see if outbound blocks cease.

The worrying part is what would happen if you did not have Malwarebytes installed..

 
Go here and click 'ONE TIME SCAN' under 'ESET Online Scanner' save to your Desktop.
 
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
 
  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth technology
 
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish

Thank you,

Kevin...

The file I get from this site is esetonlinescanner.exe, not esetonlinescanner_enu.exe. Is this okay or am I missing something?

Link to post
Share on other sites
3 hours ago, kevinf80 said:

Hello Landets,

We need to run an online AV scan to make sure there is nothing lurking on your system. If nothing is found and the outbound blocks are still happening from Chrome and/or Steam we need to remove from your system and see if outbound blocks cease.

The worrying part is what would happen if you did not have Malwarebytes installed..

 
Go here and click 'ONE TIME SCAN' under 'ESET Online Scanner' save to your Desktop.
 
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
 
  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth technology
 
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish

Thank you,

Kevin...

I started the scan now but the software didn't have at all that kind of prompts provided in this reply. For example there were no advanced setting anywhere, and the .exe file was esetonlinescanner.exe, not esetonlinescanner_enu.exe.

-Landets

Link to post
Share on other sites

Yes my c/r for ESET is probably a bit dated, I`ll have to create a new one... A clean log is the best outcome... If there are still outbound blocks happening from Chrome and Steam we will have to uninstall them, then make fresh installs... Let me know your thoughts..

Link to post
Share on other sites
Just now, kevinf80 said:

Yes my c/r for ESET is probably a bit dated, I`ll have to create a new one... A clean log is the best outcome... If there are still outbound blocks happening from Chrome and Steam we will have to uninstall them, then make fresh installs... Let me know your thoughts..

The only outbound blocks which happened from Chrome were caused by me and the local clothing brand's website, so to me it looks like Chrome has no issues. It is always better to be safe than sorry though. About the Steam issue, did you look up the thread I linked earlier to this topic? I suspect I have similar case with that one, because like in that topic the blocks only appear when I open the community server browser in game. I'd like to hear your thoughts about it.  I searched the IP-addresses myself too and one IP-address was linked to bulgarian community server in Counter Strike: Global offensive. In this case I also think it is better to be more safe than sorry.

Link to post
Share on other sites

Hiya Landets,

What you descibe makes me think there is no need to uninstall Chrome or Steam, my biggest concern is when Malwarebytes trial finishes anything that may need blocking will just not happen.

I do not work for Malwarebytes so have nothing to gain indicating the need for a premium version. You can install Malwarebytes Browse Guard for Chrome and Firefox, that is free to use so will protect those two browsers:

 
 
Got to go out, back in about an hour....
 
Thank you,
 
Kevin....
 
 
Link to post
Share on other sites
7 minutes ago, kevinf80 said:

Hiya Landets,

What you descibe makes me think there is no need to uninstall Chrome or Steam, my biggest concern is when Malwarebytes trial finishes anything that may need blocking will just not happen.

I do not work for Malwarebytes so have nothing to gain indicating the need for a premium version. You can install Malwarebytes Browse Guard for Chrome and Firefox, that is free to use so will protect those two browsers:

 
 
Got to go out, back in about an hour....
 
Thank you,
 
Kevin....
 
 

Hello Kevin

I want to thank you again for your great effort in helping with my issue. So now that we have cleared the Chrome and Steam issues, the only thing left is those pesky attacks targeted towards my system files using ports 445 and 135, which occur sporadically. If I remember correctly, there isn't much to do to about them because their connection type were inbound,  and only options were to just wait until they stop appearing after some time and block those ports and malicious IP-addresses. If I don't remember this correctly, please correct what the next steps are.

I will continue monitoring this topic while I study, so I will keep up in the development of this case. But after all it looks like to me that the situation actually isn't that bad as it looked like for a while. 

-Landets 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.