Jump to content

Blocked Website Trojan using Anydesk.exe


Go to solution Solved by kevinf80,

Recommended Posts

Hey,

Lately I have noticed that malwarebytes gives more warnings and I am getting a lot of phishing mails because of a hack recently that compromised my personal mail address.

Today this one really made me worry a bit that someone is seriously trying to gain access to my system.

I have now uninstalled anydesk, i sometimes used it to control my PC remotely.

Is this event something that happens because of visiting a malicious website via a browser or is someone really trying to connect to my pc via anydesk?

How can I check if my system is not compromised despite this being blocked.

I have attached the log file of this event and also ran a scan with malwarebytes but that didn't find anything.

Thanks for any help.

anydesk.txt

Link to post
Share on other sites

Hello AlphaDivide and welcome to Malwarebytes,

Continue with the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

  • Solution

Hiya AD,

The blocked call was inbound from IP 104.236.72.182 to anydesk, the IP is flagged as malicious by 5 engines, if you check the details of that same link there is more information..

https://www.virustotal.com/gui/ip-address/104.236.72.182/detection

I also run it through Clean Talk, no problems from that checker..

https://cleantalk.org/blacklists/104.236.72.182

The IP is listed to Digital Ocean LLC, if you give a quick google check you have to ask the question,"Why are these guys trying to connect to my PC" I cannot give you that answer.

https://www.digitalocean.com/

Personally I would not use that software, if it gets flagged trying to connect to an inbound call you have to be very cautious. Maybe check in with Anydesk website, see if they can give an answer....

https://anydesk.com/en/contact

Thanks,

Kevin..

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.