sande005 Posted February 1, 2021 ID:1435991 Share Posted February 1, 2021 MWB Premium. One particular website is consistently blocked due to outbound trojan. Have not encountered warning anywhere else. Full scan has not reveled any threats. Also ran adwcleaner, which did quarantine 18 items. Do I just not trust that particular site, or are there additional items I should proceed on to do? Unclear as to how concerned/unconcerned I should be about an "outbound" trojan. Link to post Share on other sites More sharing options...
kevinf80 Posted February 1, 2021 ID:1436024 Share Posted February 1, 2021 Hello sande005 and welcome to Malwarebytes, Can you post the three RTP detection logs please... Open Malwarebytes.... Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the RTP Detection log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply Thanks, Kevin Link to post Share on other sites More sharing options...
sande005 Posted February 1, 2021 Author ID:1436056 Share Posted February 1, 2021 Thanks Kevin! - File attached. - Ted sande005 Log.txt Link to post Share on other sites More sharing options...
sande005 Posted February 1, 2021 Author ID:1436058 Share Posted February 1, 2021 BTW - I tried just pasting the test into the message reply, but I got a warning flag that my browser was a spambot! But obviously, attaching worked. Link to post Share on other sites More sharing options...
kevinf80 Posted February 2, 2021 ID:1436126 Share Posted February 2, 2021 Hiya sande005, From that log its seems to indicate Chrome browser has been compromised. Use the instructions from the following link to reset Chrome.. https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/ Let me know if the blocks cease after following those instructions... Thank you, Kevin. Link to post Share on other sites More sharing options...
sande005 Posted February 2, 2021 Author ID:1436158 Share Posted February 2, 2021 No go on clearing Chrome sync data and restarting, if I go to the single site, I still get the block notice. (http://modelairplanenews.com/) This is a site for a commercial magazine. (MWB even hates that I pasted the link here!) I ran FRST64, and it shows Defender entries for Trojan:Win32/Woreflint.A!cl and Win32/Wacatac.DD!ml. These are located in files downloaded a few days ago. But the website problem has been happening for much longer, So there may be multiple things at the same time - older, and new recent ones. MWB does not report the above 2 Trojans. Defender quick scan does not show them either. I'm running a Defender complete scan now, but it still says many, many hours to go.... Attached is the latest MWB log (after the Chrome reset), as well as the most current FRST64 reports. sande005 log 2-2.txt FRST 2-2.txt Addition 2-2.txt Link to post Share on other sites More sharing options...
kevinf80 Posted February 2, 2021 ID:1436165 Share Posted February 2, 2021 Can you post the defender log when complete.... Link to post Share on other sites More sharing options...
sande005 Posted February 2, 2021 Author ID:1436202 Share Posted February 2, 2021 Here it is. I've told Defender to fix the items by removing.... defender.txt Link to post Share on other sites More sharing options...
sande005 Posted February 2, 2021 Author ID:1436210 Share Posted February 2, 2021 Hmmm - the game site is replete with reports of those Trojans, and the developers claim they are false positives. I'll probably just delete it..... In any event, I still have the issue with the web site..... Link to post Share on other sites More sharing options...
kevinf80 Posted February 2, 2021 ID:1436260 Share Posted February 2, 2021 Is the website you quote being blocked the only one it happens to...? Link to post Share on other sites More sharing options...
sande005 Posted February 3, 2021 Author ID:1436335 Share Posted February 3, 2021 Yes Link to post Share on other sites More sharing options...
kevinf80 Posted February 3, 2021 ID:1436360 Share Posted February 3, 2021 Hiya sande005, I suppose the fix for that website is simply do not make any visits, do you really need to access that site...? Thank you, Kevin.. Link to post Share on other sites More sharing options...
sande005 Posted February 3, 2021 Author ID:1436405 Share Posted February 3, 2021 Hence the original question. Can you point me to any information about what MWB is detecting, when it warns about an "outbound" trojan? I find a lot of simple to in depth information about Trojans, in general, but wondering more about the "Inbound vs Outbound" Link to post Share on other sites More sharing options...
Solution kevinf80 Posted February 3, 2021 Solution ID:1436417 Share Posted February 3, 2021 Hiya sande005, Your issue is trying to connect with website hxxp://modelairplanenews.com/ with your Browser, that is an outbound call, Malwarebytes alerts to that website and blocks the outbound call. If you are allowed to make connection with that website, information then flows both ways. Your connection is outbound, the website back to you is inbound. If the website is exploited and therefore malicious your Security will flag that website either way.. The Trojan explanation is used because what appears to be normal acceptable data travelling back to you maybe loaded with hidden malicious extras, as in Trojan Horse... If you know and trust that website you could seek help at the false positive section.. https://forums.malwarebytes.com/forum/123-website-blocking/ Does that help...? Thank you, Kevin.. Link to post Share on other sites More sharing options...
kevinf80 Posted February 10, 2021 ID:1437774 Share Posted February 10, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts