Jump to content

cds.a2w5j2z3.hwcdn.net

Positron

By Positron
in Resolved Malware Removal Logs

 Share
Go to solution Solved by kevinf80,

Recommended Posts

Positron

Positron

Posted
Posted

Earlier today I had many outbound blocks of "cds.a2w5j2z3.hwcdn.net" by premium Malware Antimalware as a potential threat. I checked the

internet and "hwcdn.net" seems listed as a problem in general. Now I am not getting any outbound popups blocked, even though my premium lists

nothing quarantined. Should I be worried?

Thanks.

Pos

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hiya Positron and welcome to Malwarebytes,

Can you post the last three block logs from Malwarebytes History...

Open Malwarebytes....
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the RTP Detection log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply

Thank you,

Kevin...

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hiya Positron,

The IP`s listed in the blocks are to the same site, I`ve run them through several checkers and find nothing wrong. Lets see if the blocks return in the next 24 hours...

Also run the following and post the produced logs...

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted (edited)

My local time 1am, off to bed shortly...

https://cleantalk.org/blacklists/cds.a2w5j2z3.hwcdn.net

https://cleantalk.org/blacklists/69.16.175.10

https://cleantalk.org/blacklists/69.16.175.42

https://www.virustotal.com/gui/ip-address/69.16.175.10/details

https://www.virustotal.com/gui/ip-address/69.16.175.42/detection

I see no concerns in your FRST logs,

Edited by kevinf80
typing error
Link to post
Share on other sites
Positron

Positron

Posted
  • Author
Posted

I understand Kevin, pretty late for you, and getting about that time for me as well.

I am having outbound block multiple times again this evening. I cannot find a website or email to send to high winds network group.

I saw this when my Malware blocked an outbound; says   c:\program files\Mozilla firefox\firefox.exe

Does that help or mean anything?

Thanks.

pos

Link to post
Share on other sites
  • Solution
kevinf80

kevinf80

Posted
  • Solution
Posted

Hiya Pos,

Use the instructions in the following link to reset Firefox, see if that stops the outbound calls...

https://malwaretips.com/blogs/reset-firefox-settings/

I`m not saying the outbound calls to highwinds network group are not suspicious, I just cannot find any definite proof to confirm it... Lets see if the reset helps..

Thank you,

Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
Hiya Pos,

Thanks for the update, good to hear your issues have cleared.. Continue to clean up:

Right click on FRST here: C:\Users\Owner\Desktop\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept