Jump to content

I'm getting constant RTP-detections


Go to solution Solved by kevinf80,

Recommended Posts

Hiya Landets,

If you have blocked the IP`s and Port numbers you should be ok, obviously you can continue doing that until the sniffers eventually give up and move on to another target.

I strongly advise that you install the Malwarebytes Browser Guards for Chrome and Firefox, they are free and do give a good layer of protection.

Let me know if you are ok with your system or if you feel that more needs to be done...

Thank you,

Kevin....

 

Link to post
Share on other sites
  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

2 hours ago, kevinf80 said:

Hiya Landets,

If you have blocked the IP`s and Port numbers you should be ok, obviously you can continue doing that until the sniffers eventually give up and move on to another target.

I strongly advise that you install the Malwarebytes Browser Guards for Chrome and Firefox, they are free and do give a good layer of protection.

Let me know if you are ok with your system or if you feel that more needs to be done...

Thank you,

Kevin....

 

Hi Kevin

I think this case might be resolved by now, and it seems like I have been overreacting a little bit. I only have few questions left.

Question 1: Can these sporadic blocks with inbound connection type occur to anyone, and it doesn't necessarily mean that there is something wrong in my PC? If I understood right, these sporadic blocks are quite random and that's why the sniffers eventually go away.

Question 2: Because Malwarebytes has blocked everything and every scan I have used now finds zero infections, does that mean that I am safe and can use my PC for example to use online bank service?

Question 3: Does Malwarebytes Browser Guard clash with Adblock Plus and/or uBlock Origin?

If you think this case is resolved now, I wish that every log and every log I have pasted as text to this topic will be hidden in future.

Link to post
Share on other sites

Hiya Landets,

 
Quote

Question 1: Can these sporadic blocks with inbound connection type occur to anyone, and it doesn't necessarily mean that there is something wrong in my PC? If I understood right, these sporadic blocks are quite random and that's why the sniffers eventually go away.


Yes inbound attacks can happen to anyone who owns a PC, anyone who uses VoIP software seem to be even more susceptible.

 
Quote

Question 2: Because Malwarebytes has blocked everything and every scan I have used now finds zero infections, does that mean that I am safe and can use my PC for example to use online bank service?

Yes your PC is clean and online Banking should be ok


   
Quote

Question 3: Does Malwarebytes Browser Guard clash with Adblock Plus and/or uBlock Origin?

 

 
 
Quote

If you think this case is resolved now, I wish that every log and every log I have pasted as text to this topic will be hidden in future.

When your thread is closed it will be locked and moved to another section of the forum....

 

For now we should be able to clean up:

Delete KVRT.exe, navigate to and delete C:\KVRT_Data folder

Right click on FRST here: C:\Users\kukkuu\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image










 
Link to post
Share on other sites

Hello Kevin,

I decided to uninstall Malwarebytes yesterday. When I did that I found out something very interesting which might interest you. Before I started to run the ESET Online Scanner, I disabled the active protection from Malwarebytes, and during the ESET Online Scan I had no active protection in my PC. It seems like when ESET Online Scanner was running, Microsoft Defender did reactivate by itself and quarantined a trojan from my PC. I will paste the log below to this reply now:

 

Microsoft Defenderin virustentorjunta on havainnut haittaohjelman tai muun mahdollisesti ei-toivotun ohjelmiston.
 Lisätietoja:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Denali.A!ml&threatid=2147742223&enterprise=0
     Threat Name: Trojan:JS/Denali.A!ml
     Threat ID: 2147742223
     Severity Name: Vakava
     Category Name: Troijalainen
     Path: file:_C:\Users\kukkuu\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000082
     Origin Name: Paikallinen tietokone
     Type Name: Nopea polku
     Source Name: Reaaliaikainen suojaus
     User: DESKTOP-ORVKSU4\kukkuu
     Process Name: C:\Users\kukkuu\Desktop\esetonlinescanner.exe
     Security Intelligence Version: AV: 1.327.1577.0, AS: 1.327.1577.0, NIS: 1.327.1577.0
     Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

 

For some reason this log say that process name is  C:\Users\kukkuu\Desktop\esetonlinescanner.exe. Does this mean that it was ESET Online Scanner what actually detected the trojan or was it caused by it? I decided to uninstall Google Chrome with Geek Uninstaller for safety's sake. Then I ran a full scan with Windows Defender and also used a Microsoft Safety Scanner, and they both did not find any threats.

-Landets

Link to post
Share on other sites

Hiya Landets,

Microsoft Defender has flagged that cache file, can you zip up and attach this folder:

C:\Users\kukkuu\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache

As you have uninstalled chrome can you check and see if this folder is still on your system:

C:\Users\kukkuu\AppData\Local\Google

Thank you,

Kevin

Link to post
Share on other sites
44 minutes ago, kevinf80 said:

Hiya Landets,

Microsoft Defender has flagged that cache file, can you zip up and attach this folder:

C:\Users\kukkuu\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache

As you have uninstalled chrome can you check and see if this folder is still on your system:

C:\Users\kukkuu\AppData\Local\Google

Thank you,

Kevin

Yes the Google folder is still there. It contains Crash Reports and Software Reporter Tool folders inside it

phuto.png

Link to post
Share on other sites
2 minutes ago, kevinf80 said:

From the image user data folder is not there anymore so you cannot zip up cache folder....

Is this good thing or not?

At the moment I don't have a need to reinstall Chrome unless you think it is needed to accomplish something. I have heard that Mozilla is much safer and better browser than Chrome.

Link to post
Share on other sites

Hiya Landets,

I use Firefox myself, I only have Chrome installed incase I need to check it against threads I maybe helping with. If you are not reinstalling Chrome I would just delete the Google folder.

What is the current status of your system, any remaining issues or concerns...

Thank you,

Kevin

Link to post
Share on other sites
Just now, kevinf80 said:

Hiya Landets,

I use Firefox myself, I only have Chrome installed incase I need to check it against threads I maybe helping with. If you are not reinstalling Chrome I would just delete the Google folder.

What is the current status of your system, any remaining issues or concerns...

Thank you,

Kevin

According to Microsoft Defender, everything is fine on my system, and I think everything will be okay for now on. I don't know how that trojan got into my system when I was running ESET, but luckily Windows Defender reactivated itself and quarantined it. I will delete Google folder immediately. The original problem with Windows Defender was probably a bug in Windows 10 which seems to be fixed now, as I don't get that weird notification anymore. So even that issue seems to be cleared now.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.