Nicholas123 Posted April 2, 2021 ID:1448551 Share Posted April 2, 2021 Hello everyone. I hope you can help me with this issue. I have mbam premium and while i was browsing through a site, i got a "Trojan blocked" notification from mbam. Usually, when they are related to google.exe, i imagine they simply are ads that share the IP with malicious sites. Yet this time the issue was at svchost.exe, which threw me instantly off guard. I performed a quick scan, nothing was found. Right now i'm performing a full scan with rootkits detection on. Just a couple of weeks ago nothing was found on my pc after posting it on the forums, so i'm pretty worried. Sorry if my sistem is in Italian, it might take a while to translate. -Dettagli log- Data evento di protezione: 02/04/21 Ora evento di protezione: 17:45 File di log: 800bbc94-93ca-11eb-a80a-309c23835076.json -Informazioni software- Versione: 4.3.0.98 Versione componenti: 1.0.1217 Aggiorna versione pacchetto: 1.0.39012 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 19041.867) CPU: x64 File system: NTFS Utente: System -Dettagli siti web bloccati- Sito web nocivo: 1 , C:\Windows\System32\svchost.exe, Bloccato, -1, -1, 0.0.0, , -Dati sito web- Categoria: Trojan Dominio: cs9.wac.phicdn.net Indirizzo IP: 93.184.220.29 Porta: 80 Tipo: In uscita File: C:\Windows\System32\svchost.exe (end) Link to post Share on other sites More sharing options...
Khadijah Posted April 2, 2021 ID:1448561 Share Posted April 2, 2021 Hello I have the same problem with this trojan on my latest two scans -Software-informatie- Versie: 4.3.0.98 Versie componenten: 1.0.1173 Update pakketversie: 1.0.39012 Licentie: Premium -Systeeminformatie- Besturingssysteem: Windows 10 (Build 19041.867) Processor: x64 Bestandssysteem: NTFS Gebruiker: System -Details van geblokkeerde website- Kwaadaardige website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Geblokkeerd, -1, -1, 0.0.0, , -Websitegegevens- Categorie: Trojaans paard Domein: cs9.wac.phicdn.net IP-adres: 93.184.220.29 Poort: 80 Type: Uitgaand Bestand: C:\Program Files\Mozilla Firefox\firefox.exe (end) Link to post Share on other sites More sharing options...
Nicholas123 Posted April 2, 2021 Author ID:1448562 Share Posted April 2, 2021 Sorry for the comment, forgot i couldn't edit my post. I have attached Addition and FRST scans. Adware scan found nothing. I have also got another malware warning, this time from nowhere. -Dettagli log- Data evento di protezione: 02/04/21 Ora evento di protezione: 18:18 File di log: 1124fee4-93cf-11eb-9977-309c23835076.json -Informazioni software- Versione: 4.3.0.98 Versione componenti: 1.0.1217 Aggiorna versione pacchetto: 1.0.39012 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 19041.867) CPU: x64 File system: NTFS Utente: System -Dettagli siti web bloccati- Sito web nocivo: 1 , , Bloccato, -1, -1, 0.0.0, , -Dati sito web- Categoria: Malware Dominio: Indirizzo IP: 93.184.220.29 Porta: 80 Tipo: In uscita File: (end) Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Nicholas123 Posted April 2, 2021 Author ID:1448572 Share Posted April 2, 2021 Hey Khadijah Checking MBAM forums, a few minutes ago a trojan warnings post like mine have been made, caused by the same site. Wouldn't know what we all have in common but you should also make a post in case it's a different issue. Link to post Share on other sites More sharing options...
Nicholas123 Posted April 2, 2021 Author ID:1448584 Share Posted April 2, 2021 Looks like a false positive. Posting this in case anyone check this post. Still, if anyone can check my FRST and notices if anything is wrong i would apprecciate Link to post Share on other sites More sharing options...
Ramon Posted April 2, 2021 ID:1448600 Share Posted April 2, 2021 This IP and domain are used for a digicert service, most likely false positive but your pc will ping it often to check if SSL certificates for websites you are visiting are valid Link to post Share on other sites More sharing options...
Porthos Posted April 2, 2021 ID:1448604 Share Posted April 2, 2021 This seems to have been a False positive and has been fixed in the next database going out in a few hours. Link to post Share on other sites More sharing options...
Khadijah Posted April 2, 2021 ID:1448686 Share Posted April 2, 2021 I think the issue is solved, it stopped popping up, my mother called me too about it, I could calm her down too, it was FP , so everthing fine for now, thanks. Link to post Share on other sites More sharing options...
Staff Solution Zynthesist Posted April 2, 2021 Staff Solution ID:1448720 Share Posted April 2, 2021 Update was published for this, please ensure to update. Link to post Share on other sites More sharing options...
Recommended Posts