haribo Posted December 6, 2021 ID:1491600 Share Posted December 6, 2021 Hello, Recently my computer got infected with trojan, i wiped my windows and did clean install, changed all my password etc. Now im getting RTP Detections, should i be worried? Attached those detections. 1.txt 2.txt 3.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 6, 2021 ID:1491627 Share Posted December 6, 2021 Hello haribo and welcome to Malwarebytes, Run the following scan, lets see if anything shows up: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The tool will also make a log named (Addition.txt) Please also attach that log to your reply. If necessary: Disable smart screen ONLY if it interferes with software we may have to use:https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8 Please remember to enable when we are finished.... Next, Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/ Please remember to enable AV software when we are finished running scans.... Thank you, Kevin Link to post Share on other sites More sharing options...
haribo Posted December 6, 2021 Author ID:1491670 Share Posted December 6, 2021 Hello Kevin, I did as u said, attaching file to my reply. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Solution kevinf80 Posted December 6, 2021 Solution ID:1491789 Share Posted December 6, 2021 Hello haribo, Thanks for those logs, there are no obvious signs of any malware or infection in your logs. The RTP detections are inbound, nothing unusual there, Malwarebytes is just doing its job. One point, your hosts file has been modified. I assume that is known to you..? Thank you, Kevin Link to post Share on other sites More sharing options...
haribo Posted December 6, 2021 Author ID:1491790 Share Posted December 6, 2021 Hello Kevin, Thanks for info. Can u tell me a bit more about those inbound RTP detections? You mentioned that they are nothing unusual, so are they harmless? What could happen if i wasn't using malwarebytes that could detect them? Link to post Share on other sites More sharing options...
kevinf80 Posted December 6, 2021 ID:1491805 Share Posted December 6, 2021 Hiya haribo, What you are experiencing are inbound probes to your PC, that does not indicate an infection is present on your PC. Quite often inbound probes go away on their own within a few hours or couple of days. Basically bots are scanning and probing to look for exploits or in some cases trying to brute force run an exploit password attack to your system. The RTP logs you posted do have different IP`s if they were the same you could add an inbound rule to your firewall to totally block them out. Malwarebytes sounds like it's doing its job blocking them, but the constant alerts can be distracting depending on the amount of times they happen.... If you did not have Malwarebytes with realtime protection enabled it would depend what you have in its place, A good security system is essential. I use Winows Firewall, Windows Defender and Malwarebytes Premium... Regards, Kevin Link to post Share on other sites More sharing options...
haribo Posted December 6, 2021 Author ID:1491816 Share Posted December 6, 2021 Hey, Oh i see. Thanks, now i feel safe Link to post Share on other sites More sharing options...
kevinf80 Posted December 7, 2021 ID:1491914 Share Posted December 7, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts