Jump to content

Several Notifications for Outgoing Malware Blocked with No IP Address


Recommended Posts

I have been having issues with my computer blue screening and giving me the MEMORY_MANAGEMENT error code, and running Windows Memory Diagnostic indicates that there are hardware issues (likely a RAM problem that I haven't got around to fixing yet.) However, the other day after a blue screen crash I began receiving several block alerts from Malwarebytes indicating that an outgoing connection was blocked. These all say RTP detection, Malware, Blocked Website, Outbound Connection, Port 443 - however, the Domain says N/A and the IP address is just blank for all of them. Most of them were system processes, majority C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe, C:\Windows\System32\svchost.exe, and some other chrome processes. I was unable to open Chrome or Discord during this time, and when attempting to reinstall Discord I found a corrupted file that was deleted and fixed some registry errors with sfc /scannow. Afterwards the notifications stopped, but I did a soft reinstall/repair of Windows and scanned using Malwarebytes, Windows Antivirus, ADWCleaner, the Malwarebytes Support Tool, and ESET Online scanner anyways and found nothing. 

Here is an example of one of the blocked websites:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 1/31/22
Protection Event Time: 6:17 PM
Log File: 2174125a-8305-11ec-8972-a8a1593d3234.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.50549
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1466)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Malware
Domain: 
IP Address: 
Port: 443
Type: Outbound
File: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(end)

I have seen in forums here that the main issue with outgoing connections is that they are coming from different IP addresses. What does it mean when there are no IP addresses or Domains? Is there a chance that something was missed after running all of the separate scans?

Link to post
Share on other sites

  • Staff

Hi,

Given you had problems with your pc before, I wonder if that was causing these notifications, where I don't believe anything was blocked at all, but rather a misbehavior in general because of this. Especially the fact that it doesn't show an IP or domain either, so something went wrong here while enumerating.

"Afterwards the notifications stopped, but I did a soft reinstall/repair of Windows and scanned using Malwarebytes, Windows Antivirus, ADWCleaner, the Malwarebytes Support Tool, and ESET Online scanner anyways and found nothing. "

So I assume this has been resolved now after the above?

Link to post
Share on other sites

Hi,

 

Thanks for the quick reply. The notifications have been resolved, although I am still experiencing the blue screen memory management issues. I just wanted to see if there was any insight into the lack of Domain/IP for the messages, and if that could possibly mean that malware was the culprit for the blue screening. Am I correct in assuming that as there was no IP, there was no actual outgoing attempt made and it was just an error? 

 

Additionally, I had two “unusual” logins for my instagram account (that I had recently logged into on my desktop) the day after this Malwarebytes notifications flurry, which is why it had made me extra paranoid and I decided to post in this forum. Weirdly, I received legitimate emails from Instagram, but there was no record of the actual login/logouts in the activity log of the Instagram account. I wonder if whatever is malfunctioning on my computer was the culprit for these errors as well, or if I really have been infected with some undetectable key logging computer destroying virus, lol. Unfortunately Instagram doesn’t have a customer support team that could verify that.

Link to post
Share on other sites

  • Staff

Hi,

No, I don't think there was malware involved, as the blue screening is because of a MEMORY_MANAGEMENT error code, as you mentioned in above. So this is hardware related. Most probably RAM has gone bad or so. You might want to try the following troubleshooting steps as well: https://www.makeuseof.com/tag/windows-stop-code-memory-management-bsod/

As for your instagram... Social media accounts always get bruteforce attacked. This doesn't mean you are infected. Also, if you're using 3rd party apps that tie into Social media (such as statistic tools/followmeters etc etc), the platform might trigger this and see it as an unusual login attempt as well. 

But it's always a good practice by default to change passwords frequently and use Two Factor Authentication.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.