JoltLiz Posted July 31, 2022 ID:1526973 Share Posted July 31, 2022 Hi, I have been getting several notifications from Malwarebytes about blocked inbound connections, with them being much more common today. I accidently left my system on when I went to work, which is when the majority of the alerts happened. I am particularly paranoid about my computer and would like to know what exactly is happening here. My initial guess was attempted probes and/or some sort of SMB brute force attack? I have done a few scans and it seems there is no onboard infection but I am worried that this attack will continue and breach my system. Is there any way to stop these attempts? I have just disabled Remote Desktop; is there anything further to be done? The main reason I am concerned is that the most recent blocked inbound connection was from wininit rather than svchost, which is new. Attached are the detection history logs for this month, and my FRST scans. Apologies if I am making a big deal out of nothing; I am irrationally afraid of malware haha- Addition.txt FRST.txt [svchost-wininitRTPdetection]7.16.22-7.31.22.txt Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted July 31, 2022 Root Admin Solution ID:1527022 Share Posted July 31, 2022 You cannot fully prevent Inbound probes without a physical external firewall to block it. Either Windows firewall blocks it or a program like Malwarebytes blocks it. So, Malwarebytes is doing it's job and blocking it. We can run some scans to make sure the computer is not infected, or do general clean up if you like, just let us know. Thanks @JoltLiz 1 Link to post Share on other sites More sharing options...
JoltLiz Posted July 31, 2022 Author ID:1527031 Share Posted July 31, 2022 Thanks for the response. It is comforting to know Malwarebytes is doing a good job. All scans came up as clean. My question is if there is anything else to be done, or is no further action required on my part? Was I accurate on the (possible) cause of these alerts? Just want to make sure it isn't something else more serious. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2022 Root Admin ID:1527036 Share Posted July 31, 2022 Let's do another scan and see if they find any issues. Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on the Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at the bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner Link to post Share on other sites More sharing options...
JoltLiz Posted July 31, 2022 Author ID:1527040 Share Posted July 31, 2022 Yup! Seems like we are all clean here; ESET found nothing. Nothing else can be done I suppose. Thanks for the help! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2022 Root Admin ID:1527051 Share Posted August 1, 2022 You're quite welcome. @JoltLiz Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. Please attach that file to your next reply. (not compulsory) Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes Link to post Share on other sites More sharing options...
JoltLiz Posted August 1, 2022 Author ID:1527079 Share Posted August 1, 2022 Ran KRPM and attached logs. While I was scrolling through it I ironically got another alert (see attached). kprm-20220801011029.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2022 Root Admin ID:1527083 Share Posted August 1, 2022 Yes, an IN-bound block. Typically these types of probes will go away on their own within a couple of days. You also try shutting down your computer. Unplug your router for a few minutes, then plug it back in and wait a couple of minutes. Then power your computer back on. If something else does crop up though, please let us know. Don't forget to check out those Content Blockers as well Take care 1 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2022 Root Admin ID:1527166 Share Posted August 1, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts