Michael_B- Posted December 22, 2020 ID:1428547 Share Posted December 22, 2020 I don't know how long this has been going on, but it's getting annoying. I keep getting the compromised message every minute with the same IP over and over, but sometimes it's different IPs. I tried to figure it out, but nothing is working. I don't want to wipe my system; it takes tons of time to do it. I will post my threat scan .txt file from Malwarebytes version 4.3.0, and I will post my FRST64 .txt file here to help with back and forth talking. AdwCleaner[C02].txtAddition.txtAdwCleaner[S02].txtFRST.txtThreat_Scan-1.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 22, 2020 ID:1428682 Share Posted December 22, 2020 Hello. @Michael_B- My name is Maurice. I will be helping and guiding you, going forward on this case. I can help you here in case there is a actual malware infection. I determine that with the help of known and trusted security applications. It sounds like Malwarebytes is showing message-windows about blocked IP or blocked URL. The real-time web protection & other protections in Malwarebytes are leeping the pc safe from harm. I have to see all logs from Malwarebytes for Windows. From the next tool. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. Please only just attach all report files, etc that I ask for as we go along. I If you will be away for more than 4 consecutive days, do try to let me know ahead of time, as much as possible. I would appreciate getting additional / fuller important details from this machine in order to help you forward. NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Do have patience while the report tool runs. It may take several minutes. Just let it run & take its time. You may want to close your other open windows so that there is a clear field of view.Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-1.80.848.exe to run the report Once it starts, you will see a first screen with 2 buttons. Click the one on the left marked "I don't have an open support ticket". You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next Now click the left-hand side pane "I do not have an open support ticket" You will be presented with a page stating, "Get Started!" Do NOT use the button “Start repair” ! But look instead at the far-left options list in black. Click the Advanced tab on the left column Click the Gather Logs button A progress bar will appear and the program will proceed with getting logs from your computer. Please do have patience. It takes several minutes to gather. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK. Then Exit the tool. Please attach the ZIP file in your next reply. Please know I help here as a volunteer. and that I am not on 24 x 7. Help on this forum is one to one. Sincerely, Maurice Link to post Share on other sites More sharing options...
Michael_B- Posted December 22, 2020 Author ID:1428694 Share Posted December 22, 2020 Received! Following instructions Link to post Share on other sites More sharing options...
Michael_B- Posted December 22, 2020 Author ID:1428695 Share Posted December 22, 2020 mbst-grab-results.zip Link to post Share on other sites More sharing options...
Michael_B- Posted December 22, 2020 Author ID:1428697 Share Posted December 22, 2020 I just turned Hibernation off via CMD. It probably won't have anything to do with this, but I want to keep you informed on what configuration I'm changing. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 22, 2020 ID:1428717 Share Posted December 22, 2020 (edited) Thanks for the support tool report file. I see the latest Block on the 22nd DEC ( today) is about IP 185.202.2.147 The last preceding one, yesterday, on IP 87.251.75.145. and before that, IP 37.9.13.120 The Malwarebytes real-time protections are keeping the machine safe from potential harm. . First suggestion, since this OS is a PRO edition of Windows 10, is to turn off the Remote Desktop option in order to get this machine to be a less desirable target. Unless you are actually using this machine to connect to another Windows' remote desktop, then you ought to turn off the Remote Desktop setting, since that makes your machine a tempting target. See https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html By turning off remote desktop, you lessen your machine's odds of being a tempting target for probers. The bad guys seek out machines able to do remote desktop as being prime candidates. . [ 2 ] This system uses the Brave browser ( a excellent one) as its default web browser. I would like to see it have the Malwarebytes Browser Guard. Brave uses the same extension as the one for Chrome. It will help guard the Brave browser. To get & install the Malwarebytes Browser Guard extension Open this link in your BRAVE browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup . [ 3 ] There is one setting in Malwarebytes that needs to be off. So that the Microsoft Windows Defender is all enabled. The Premium protections of Malwarebytes will still be on. Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". Close Malwarebytes when done. [ 4 ] These next steps are a custom script to do a general cleanup. The main goal is to run the Windows System File Checker applet & the DISM applet of Windows 10. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. The system will be rebooted after the script has run. . This custom script is for Michael_B only / for this machine only. Close and save any open work files before starting this procedure. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. The custom Fix script is going to be used by the FRSTENGLISH tool. They will both work together as a pair. Please save the (attached file named) FIXLIST.txt to the Downloads folder The tool named FRSTENGLISH .exe tool is already on the Downloads Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRSTENGLISH and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Do let me know how things are overall, after all this. Fixlist.txt Edited December 22, 2020 by Maurice Naggar Link to post Share on other sites More sharing options...
Michael_B- Posted December 24, 2020 Author ID:1428939 Share Posted December 24, 2020 Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 24, 2020 ID:1429020 Share Posted December 24, 2020 Thanks for the Fixlog. Are there any 'Block' messages today from the Malwarebytes' web protection ? Please keep me advised on that. also, In Malwarebytes for Windows program, we want to do a special scan. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the Security tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈 Click it to get it ON if it does not show a blue-color . Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈 🔻 Then click on Quarantine selected. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 12, 2021 ID:1431861 Share Posted January 12, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts