Jump to content

MB real-time IP blocks


Go to solution Solved by mangowhite,

Recommended Posts

Hello.

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

and save the tool on the desktop.

If Windows's  SmartScreen block that with a message-window, then

Click on the MORE INFO spot and over-ride that and allow it to proceed.

This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward

Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.

You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

  • Thanks 1
Link to post
Share on other sites

Good morning Maurice. Well, the system is running very well and my computer isn't overheating anymore, although, the number of blocks on that same IP are still growing. As you said, this is something external, so I presume there's nothing we can do to stop it. Correct me if i'm wrong, but I think that it will stop soon since it had no success all these days.

I'm including in the attachments the log created by Security Check, the one app you just sent me to download.

I hope you're having an amazing Saturday.

Thanks!


SecurityCheck.txt

Link to post
Share on other sites

Hello. Thanks.for the report.  It will take additional time for me to review and add remarks.

As to the on going blocks, that protection will end when the Trial expires.

Consider getting a Premium license for Malwarebytes.

Definitely do a Windows SHUTDOWN at end of each work day for computer.

Since I believe you know enough about Windows......you can use a Elevated Command Prompt to disable port 445.

I assume you just have one Windows or just maybe a local home network.

See the section on this link to use 

Netsh Firewall 

To add a inbound firewall rule to disable port 445.

https://www.ubackup.com/anti-ransomware/how-to-block-port-445-in-windows-3889.html

 

Restrict yourself to just disabling port 445 on INBOUND rule.    If you have questions, stop & ask first.

Edited by Maurice Naggar
  • Thanks 1
Link to post
Share on other sites

On that block by Windows Security.  It says it has blocked a specific EXE 

INSTUP.EXE

Do a new Quick scan with Defender antivirus.

 

 

  • Thanks 1
Link to post
Share on other sites

Good Afternoon Maurice. I've done everything that the tutorial you sent asked me to. Here's the result:

image.png.e4fe7112c22dfbdac744d6b2f3daea20.png


And I've also ran another windows defender scan. No threats were found and I have no idea of where this instup is.

Link to post
Share on other sites

You can create a New Rule for Inbound traffic, on the Windows Firewall, using the Gui method, like listed here https://community.spiceworks.com/networking/articles/2465-how-to-block-suspicious-ip-addresses-to-secure-your-network

 

The goal is to Block all inbound from IP address 

193.57.40.222

 

  • Thanks 1
Link to post
Share on other sites

image.png.b3cebfda33b1e384be54723aec011ff9.png

Thanks for everything Maurice! I guess i'll just ignore these warnings since we protected this computer with your help. After this i'm surely buying malwarebytes premium. Thanks for your insane support.

  • Thanks 1
Link to post
Share on other sites

You are very welcome.  I am glad to have worked with you. We can proceed with cleanup of tools we used.

 

To remove the FRST  tool & its work files, do this.  Go to your Desktop  Nova Pasta  folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .

Then run that ( double click on it)  to begin the cleanup process.

 

Delete SecurityCheck.exe

Delete the Sophos download

 

Any other download file I had you download, you may delete. 

 

There are a few apps / programs that need updates for security.

Cisco Webex Meetings v.41.2.4 Warning! Download Update

 

Discord Canary v.0.0.292 Warning! Download Update

 

Java 8 Update 271 (64-bit) v.8.0.2710.9 Warning! Download Update

 

Uninstall old version and install new one (jre-8u281-windows-x64.exe).

~

I wish you all the best.  Stay safe.  😅

Maurice

  • Thanks 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.