Czubeczek Posted October 27, 2021 ID:1485663 Share Posted October 27, 2021 On startup of windows i get alert popup connection was blocked to certain domain/ip but source file is not present. Of course scanning does not detect anything and even glasswire is not picking up anything either Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 27, 2021 ID:1485734 Share Posted October 27, 2021 Hello @Czubeczek My name is Maurice. Let me know what name you prefer to go by. I will guide you. I need a report set for review. This is a report only. Please download MALWAREBYRES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply , like displayed here. To send ( upload) attachments please click the "ADD Files" link . Then browse to where your file is located and select it and click the Open button. The set of data from the report will provide much needed information. Please always attach reports as we go along. Cheers. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 27, 2021 ID:1485739 Share Posted October 27, 2021 NOTE: For Your Information: The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm. A block notice is an advisory of the "block". A "malicious website blocked" is entirely different from a "malware detected" event. The website Block message indicates that a potential risk was blocked by the malicious website protection. The Malwarebytes web protection, by default, will always show each IP block occurrence. URL link being blocked is s8.now.im IP being blocked 185.53.177.52 .im is the Internet country code top-level domain(ccTLD) for the Isle of Man. The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC. See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done. On Outbound blocks, any attempted connection was stopped. No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56). A browser is not required to be running, just an active Internet connection with processes running, such as Instant messenger clients, SKYPE or Peer-to-peer software, to trigger these alerts. These are also triggered by banner ads running on websites which is the most common form of alert. Link to post Share on other sites More sharing options...
Czubeczek Posted October 28, 2021 Author ID:1485906 Share Posted October 28, 2021 11 hours ago, Maurice Naggar said: Hello Maurice. I have attached report you asked for. :) Waiting for results. mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 28, 2021 ID:1485930 Share Posted October 28, 2021 Hello, Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. Link to post Share on other sites More sharing options...
Czubeczek Posted October 28, 2021 Author ID:1485933 Share Posted October 28, 2021 Thanks for reply. I will do it tommorow as i dont have time today and will post the results. Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted October 28, 2021 Solution ID:1486012 Share Posted October 28, 2021 OK. Do do that. The Adwcleaner procedure in total should take no more than say, 20 minutes or less. I am going ahead, and listing below, the next procedures to do. [ 1 ] Take these actions so that Windows 11 is set to show all hidden files and folders. Open File Explorer from the taskbar. Select View > Show > Hidden items. [ 2 ] This should take less than 40 minutes. We will use FRSTENGLISH.exe on Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script is for CZUBECZEK only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run the Windows DISM to check the system integruty. It will look at 3 suspicous sub-folders and get a list of their files. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt Start the Windows Explorer and then, to the Downloads folder RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. We will do more later, to do additional scans. Persistence & patience is our motto. Be real sure to let me know , as we go along, if the Block notice has gone away or not. Link to post Share on other sites More sharing options...
Czubeczek Posted October 31, 2021 Author ID:1486357 Share Posted October 31, 2021 Can i have the link to FRST please. I have also attached log from adware scanner. This didn't solved the problem. Fixlist.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 31, 2021 ID:1486359 Share Posted October 31, 2021 The FRST is already present. use FRSTENGLISH.exe on Downloads Link to post Share on other sites More sharing options...
Czubeczek Posted November 5, 2021 Author ID:1486986 Share Posted November 5, 2021 Hello, i did everything as per instructions given and problem still exist. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 5, 2021 ID:1487030 Share Posted November 5, 2021 Hello. Thank you. The Windows System File Checker, as well as the Windows DISM did not find any system integrity issue. > I would suggest that you do this next scan. I would suggest a free scan with the ESET Online Scanner. This will be another check for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Please make sure you attach the log report. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 21, 2021 ID:1489358 Share Posted November 21, 2021 Hello @Czubeczek I hope you are doing well. Is there a status update ? Are you needing other help ? Please advise. Link to post Share on other sites More sharing options...
Czubeczek Posted November 21, 2021 Author ID:1489373 Share Posted November 21, 2021 Hello. Seems like problem got solved, but dont know how that happened 🤷🏼♂️. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 22, 2021 ID:1489382 Share Posted November 22, 2021 Hello. I am glad to have worked with you. We can proceed with cleanup of tools we used. To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete mb-support-1.8.n.nnn.exe Delete mbst-grab-results.zip on the Desktop. Adwcleaner you may keep and use as needed. Any other download file I had you download, you may delete. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. I am marking this case for closure. I wish you all the best. Stay safe. Sincerely. Maurice 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 22, 2021 ID:1489383 Share Posted November 22, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts