Jump to content

RTP Inbound Connection Blocked


Recommended Posts

Thank you in advance for being patient to my english, ill try my best

 

Hello, two weaks ago my gf downloaded some plugins for a video editor and her PC got infected. I cleaned it with all i had, but there was many notifications of RTP inbound connections blocked. 

I just formatted her entire pc, installed chrome, malwarebytes, went to bathroom, and then another notification appeared. The IP is 94.142.32.99

image.png.5aec3e69cd908f4bf3c73fc0dba8c540.png

Here's Malwarebytes AdwCleaner log

º# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2022-03-15.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-18-2022
# Duration: 00:00:05
# OS:       Windows 10 Home Single Language
# Scanned:  32046
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT 
Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} 



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

I also attached malwarebytes log with rootkit option checked

I also ran a farbar scan, there's addition and frst logs attached

 

The Virus/viruses behaviour were:

- upload videos in youtube accounts logged into the pc

- press like on other people's videos (with same tipe of content)

- flood channels in discord servers with phishing links

- buy some sort of facebook advertising plan in the account logged to the pc

 

I hope i've provided all the necessary info

 

PD: when writing this post another popup appeared

181.47.197.205

image.thumb.png.eeb6299e42eec8383f7304f5b9a076a0.png

Addition.txtFRST.txt

 

 

Scan MalwareBytes.txt

Link to post
Share on other sites

  • Root Admin

Hello @moonclair and :welcome:

That is an INBOUND block which means that someone is probing the system looking for a possible opening. It is not an infection. Malwarebytes is doing its job blocking the access.

Normally these types of probes will go away on their own within a few hours to a day. In some rare cases the probe may last extended days but that's not normal.

 

The logs don't indicate any infection. Let me have you run the following though just to double-check

 

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

Thank you

 

 

 

 

Ese es un bloque ENTRANTE, lo que significa que alguien está probando el sistema en busca de una posible apertura. No es una infección. Malwarebytes está haciendo su trabajo bloqueando el acceso.

Normalmente, este tipo de sondas desaparecerán por sí solas en unas pocas horas o un día. En algunos casos raros, la sonda puede durar días prolongados, pero eso no es normal.


Los registros no indican ninguna infección. Déjame hacer que ejecutes lo siguiente solo para verificar dos veces

 

Escáner de seguridad de Microsoft

Asegúrese de salir de cualquier otro programa que pueda tener abierto para que la única tarea sea ejecutar el siguiente análisis.
Eso se aplica especialmente a los navegadores web, asegúrese de que todos estén completamente cerrados y que los programas de mensajería también estén cerrados.

PASO 1

Configure el Explorador de archivos para MOSTRAR TODAS las carpetas, todos los archivos, incluidos los ocultos. Use la OPCIÓN UNO o DOS de este artículo

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

PASO 2

Sugiero un nuevo análisis de virus y otro malware. Esto puede demorar varias horas, según la cantidad de archivos en el sistema y la velocidad de la computadora.

El Escáner de seguridad de Microsoft es un escáner de virus independiente gratuito de Microsoft que se puede usar para buscar y eliminar malware o software potencialmente no deseado de un sistema.

Los enlaces de descarga y la herramienta de cómo ejecutar la herramienta se encuentran en este enlace en Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Mire las Opciones de escaneo y seleccione el escaneo COMPLETO.

A continuación, inicie el escaneo. Ten mucha paciencia. Puede tomar varias horas.

    Una vez que vea que ha comenzado, tómese un largo descanso; alejarse. No preste atención si ve algunos mensajes flash tempranos intermedios en la pantalla. Lo único que cuenta es el resultado final al final de la ejecución.
    El escaneo tomará varias horas. Déjalo. Eliminará cualquier otra amenaza restante a medida que avanza. Tómese un descanso muy largo, haga sus mandados personales normales... simplemente no use la computadora durante este escaneo.

Es probable que esto se ejecute durante muchas horas como se mencionó anteriormente (dependiendo de la cantidad de archivos en su máquina y la velocidad del hardware).

El registro se llama MSERT.log y estará en C:\Windows\debug\msert.log

Adjunte ese registro con su próxima respuesta.

 

Gracias

 

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin
  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.