Jump to content

Action: Blocked Website, Outbound Connection to Powershell (trojan) HELP!


Recommended Posts

Last week, I recently got a computer virus, and got rid of it. So I thought, now I keep getting Blocked Websites from Malware bytes. I've run scans with Mawarebytes, full system scans with Zemana Antimalware, and Norton but nothing has solved this issue.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/13/21
Protection Event Time: 6:05 PM
Log File: 5ae9f34e-9ca4-11eb-a36f-d45d64d7df85.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1251
Update Package Version: 1.0.39379
License: Trial

-System Information-
OS: Windows 10 (Build 19042.867)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain: beautyiconltd.cn
IP Address: 88.119.171.253
Port: 80
Type: Outbound
File: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

 

(end)

FRST.txtAddition.txt

 

Link to post
Share on other sites
  • Staff

Hi,

Let's start with this fix first:

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

fixlist.txt

Link to post
Share on other sites

So far, so good! I normally got 2 blocks per minute, and there hasn't been any in the past 5 minutes. I will keep update through-out the rest of the day. Will you still be here for contact if this goes down hill again?

 

Link to post
Share on other sites
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.