PtrykPL Posted August 6, 2022 ID:1527847 Share Posted August 6, 2022 Hello. First i want to say one thing. I did clean Windows reinstall and didn't installed any bad things from internet. I saw this in resource monitor: I'm worried about 93.184.220.29 ip. Is this something bad? I saw this doesn't have good community score on VirusTotal (https://www.virustotal.com/gui/ip-address/93.184.220.29/community), but only 2 detections. Also this ip connection was from "avp.exe" or other Kasperky things. These ip are sometimes other, but i scanned few of them. Only 93.184.220.29 don't have good community score on VT. Also there was something that ip is from "Egdecast". I don't know what is that. I scanned my PC with Malwarbytes, adwcleaner and Kasperky (and Malwarebytes anti-rootkit). Also i scanned with F-secure router checker. None of antiviruses detected anything. I was asking here before, send FRST logs and somebody said everything is good. Also some people said this is normal if this is from Kaspersky (i have installed Kasperky Security Cloud). These connections are not using many network. There aren't any processes that uses more than 1% of CPU if i'm doing nothing. I checked few processes in Process Explorer and few tinghs in Autoruns. There wasn't anythins suspicious. Could it really be something bad or not? I'm attaching adwcleaner, mbam logs and my old frst logs. AdwCleaner[S11].txt mbam logs.txt Addition.txt FRST.txt Link to post Share on other sites More sharing options...
PtrykPL Posted August 6, 2022 Author ID:1527871 Share Posted August 6, 2022 Edit: Somebody told me that is malware, but i still dont know what i should do. I was trying to use TRON but idk if this is good idea. Link to post Share on other sites More sharing options...
PtrykPL Posted August 7, 2022 Author ID:1527916 Share Posted August 7, 2022 I did scan with FRST again. I'm attaching these new logs. Malwarebytes and adwcleaner didn't found anything. Also I did full scan with Kasperksy. It didn't detected anything. This is how it looks now. I scanned other IP too. These ip don't have many detections in VirusTotal, but very low community score. I don't know if these IP are from Kasperky or not. Also VT says that IP are from GB or Switzerland. Always when I'm checking random IP it shows no detections, but very low community score. I have more examples: https://www.virustotal.com/gui/ip-address/224.0.0.252/community https://www.virustotal.com/gui/ip-address/239.255.255.250/community Addition.txt FRST.txt AdwCleaner[S12].txt mbam.txt Link to post Share on other sites More sharing options...
PtrykPL Posted August 7, 2022 Author ID:1527920 Share Posted August 7, 2022 Update: I was asking about that and some people also have same ip in resource monitor. Also i scanned these IP with other tools and it didn't said anything bad about these IP. I did also scan with malwarebytes anti-rootkit and it doesn't detected anything. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 7, 2022 Root Admin ID:1527951 Share Posted August 7, 2022 (edited) The IP 93.184.220.29 was an Edgecast IP. Edgcast was recently purchased by Yahoo Abuseipdb shows it is on some black lists https://www.abuseipdb.com/check/93.184.220.29 Virus Total has 3/88 as well https://www.virustotal.com/gui/url/7a14fd7cdb6066e94e48cc56b7b83fd4b92f3d4fa01acb8c0b18d23b17d9c901?nocache=1 So, it looks like that specific IP has been used by someone or some process for bad purposes. But, how your system hit it or got a hit from it is unknown and does not mean your computer is infected. You're running Kaspersky Security Cloud which is a very good antivirus product. Check for updates and do a full system scan and see if it finds anything. My guess is it does not find any infections. Edited August 7, 2022 by AdvancedSetup Updated information Link to post Share on other sites More sharing options...
PtrykPL Posted August 7, 2022 Author ID:1527957 Share Posted August 7, 2022 4 minutes ago, AdvancedSetup said: The IP 93.184.220.29 was an Edgecast IP. Edgcast was recently purchased by Yahoo Abuseipdb shows it is on some black lists https://www.abuseipdb.com/check/93.184.220.29 Virus Total has 3/88 as well https://www.virustotal.com/gui/url/7a14fd7cdb6066e94e48cc56b7b83fd4b92f3d4fa01acb8c0b18d23b17d9c901?nocache=1 So, it looks like that specific IP has been used by someone or some process for bad purposes. But, how your system hit it or got a hit from it is unknown and does not mean your computer is infected. You're running Kaspersky Security Cloud which is a very good antivirus product. Check for updates and do a full system scan and see if it finds anything. My guess is it does not find any infections. I was asking for help in one discord server. I asked about other IP adresses too. Two people had same ip adress on their pc. I did kasperky full scan today (with extreme settings) and it didn't detected anything. I checked for updates before scan. And kasperky isn't only one AV that i used to scan. As i said, none of AV detected anything. No detections. Somebody told me something that IP adress could be used to bad thinghs before, but now this is good IP adress. Maybe this is true because many of bad comments have more than 1 year. Also i heard to not always trust these comments in virus total. I also scanned these IP with other websites. And what about these FRST logs? Is everything good with them? Also i found how to make these logs in english. Link to post Share on other sites More sharing options...
PtrykPL Posted August 7, 2022 Author ID:1527961 Share Posted August 7, 2022 Also i found 4 unknown devices connected to my router. This is very strange. I don't know if this is related to these ip connections. This looks like these devices don't exist. Other people had this problem too. I found it could be error or something like this. Also there is app (i downlaoded it from play store) for my router and i don't see these devices here, so i think thks is error or bug. I have newest router firmware installed. I think this isn't good place to ask about this. I don't think this is caused by any malware. Link to post Share on other sites More sharing options...
PtrykPL Posted August 7, 2022 Author ID:1527962 Share Posted August 7, 2022 I was trying to change password, but these devices still showed. It only dissapears for some time after router reboot. As i said this is probably bug. And i checked few router settings and everything seems to be good. So everything should be fine now? These ip are not anything malicious? Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted August 8, 2022 Root Admin Solution ID:1527964 Share Posted August 8, 2022 I don't see any signs of an issue. Seeing an IP good or bad is not an indicator that a computer is infected. You'd need to your own computer making that call to an IP and being blocked by your AV to be a sign it was an issue. Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. Please attach that file to your next reply. (not compulsory) Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes Link to post Share on other sites More sharing options...
PtrykPL Posted August 8, 2022 Author ID:1527977 Share Posted August 8, 2022 Ok, thanks for help. I just wanted to make sure that everything is fine, because i heard many different thinghs about that. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 8, 2022 Root Admin ID:1528024 Share Posted August 8, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts