Staff Zynthesist Posted April 2, 2021 Staff ID:1448658 Share Posted April 2, 2021 Update is out! 1 Link to post Share on other sites More sharing options...
Xauma95 Posted April 2, 2021 ID:1448665 Share Posted April 2, 2021 3 minutes ago, Zynthesist said: Update is out! Got it! Thx a lot Link to post Share on other sites More sharing options...
Geert81 Posted April 2, 2021 ID:1448698 Share Posted April 2, 2021 Holy cow! What a night (it's night here). I was randomly surfing, using firefox, when I got the first "outbound" warning. Outbound, that couldn't be good. I was just surfing on a website I had never visited before. It must have been infected or something. I let MB scan everything. Nothing. Eset. Nothing. I arrive on this forum via google and read in some post that firefox and outbound means firefox is now infected. Fantastic. So I run to my other computer, connected via firefox sync. Firefox was already open. BAM. Malwarebytes warning. Oh no. It's spreading. These trojan guys are good. I delete firefox from the first computer and reboot. Upon booting, Malwarebytes now blocks a program from nvidia and icloud, same IP as the problem. My God. It's still spreading and taking over other programs. These guys are better than Achilles. They got in undetected and spread to other programs while MB and Eset and First don't find anything. I run back to the second computer and see MB giving me one warning after the next for a multitude of programs. Yeah, the end is near. There goes my weekend... Should I reformat? Will it start spreading again as soon as I resync firefox? Where do I start... Well, glad I decided to come see here if I was perhaps not the only one having a problem with this particular IP, before reformatting. Thanks for the false positive MB. As if we don't have enough virus to ruin our days :-) Phew, glad it was a FP. Link to post Share on other sites More sharing options...
Porthos Posted April 2, 2021 ID:1448701 Share Posted April 2, 2021 3 minutes ago, Geert81 said: Well, glad I decided to come see here if I was perhaps not the only one having a problem with this particular IP, before reformatting. Thanks for the false positive MB. As if we don't have enough virus to ruin our days :-) Phew, glad it was a FP. Now since you have joined, we are to assist. FP's can and do happen with all security programs at one time or another. Link to post Share on other sites More sharing options...
Staff Zynthesist Posted April 2, 2021 Staff ID:1448721 Share Posted April 2, 2021 Update was published for this, please ensure to update. Link to post Share on other sites More sharing options...
ottchris Posted April 3, 2021 ID:1448780 Share Posted April 3, 2021 6 hours ago, Porthos said: This seems to have been an IP block that affected many services and sites. Indeed! The "Website blocked due to Trojan" notification for cs9.wac.phicdn.net listed ESET ekrn.exe as the 'File' which I assume means the application generating the GET for the domain in question. I thought I had ESET excluded from Malwarebytes checks but it appears not. I couldn't find any comparable entry in the ESET logs. At the time of the notification I had just accessed a file editor software change log at its site using Edge. The previously downloaded, by a minute or so, installation file checked out as clean by both ESEt and Malwarebytes. Link to post Share on other sites More sharing options...
Staff Zynthesist Posted April 5, 2021 Staff ID:1449314 Share Posted April 5, 2021 Please ensure to update your DB version. Update is out. Link to post Share on other sites More sharing options...
Recommended Posts