Jump to content

Website blocked due to compromised possible trojan?

Recommended Posts

I've looked at a few posts and it seems the best coarse of action is to start a new topic. I'm getting the attached notification several time a minute sourced from different IP.



I've included a txt of a few of the exported detections. as well as the one when it all started. I run a virus scan daily and a whole system scan once a week and none show any hits. currently the whole system scan is running and should be done sometime tomorrow.

exported history.txt

Link to post
Share on other sites

Hello octomagnus and welcome to Malwarebytes,

Run the following scan, lets see if anything shows up:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Link to post
Share on other sites

Hello octomagnus,

Thanks for those logs. Had a look at your exported history text for blocks made by Malwarebytes. The majority of the blocks are inbound, that is sniffers testing your PC for possible connections, Malwarebytes is doing its job and blocking them. They will probably cease in time.

The ones to be concerned about are outbound via BitTorrent to IP addresses in the Russian Federation, personally I would uninstall BitTorrent from the following location:


Another possible vulnerability installed is Bonjour, usually comes bundled with iTunes. I do not see Itunes on your system so would ask that you uninstall Bonjour. It means "Hello" in French, it is primarily used for configuring networking between different types of devices. You can use it to find other Apple services on a network, connect to other devices like network printers (that provide Bonjour support), or access shared drives. I personally do not trust Bonjour, or iTunes for that matter and do not use them...


Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.


Please download AdwCleaner by Malwarebytes and save the file to your Desktop. https://downloads.malwarebytes.com/file/adwcleaner
  • Right-click on the program and select Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is ?updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply. ?


Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in you reply, also do the RTP detections cease...

Thank you,



Link to post
Share on other sites

FRST is completely safe to use and will not harm your PC, I did include the following in my initial reply to you:


If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

From your initial FRST log - frst.txt it shows FRST running from your downloads folder:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2021
Ran by twokr (administrator) on DESKTOP-BM378K9 (05-07-2021 16:18:37)
Running from C:\Users\twokr\Downloads

The Malwarebytes log you`ve listed shows FRST.exe running from the following:



Registry Value: 1
Malware.Ransom.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|*FRST, Quarantined, 0, 392685, 0.0.0, ,

Registry Data: 0
(No malicious items detected)

File: 1
Malware.Ransom.Agent.Generic, C:\Users\twokr\Documents\Life\Computer Virus June 2021\FRST64.exe, Quarantined, 0, 392685, 0.0.0, 9d085474dfdbe5ace8a74ae0681c85cb, da9ceeca8be5000fc38befcfb96685802025b0634c8aaafed72742dfddc91771


Have you moved FRST..?

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.