Jump to content

Frequent Outgoing Blocked Connections by System


Recommended Posts

Hello :welcome: I will guide you. These are just first steps. Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use thuis guide https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

There is a newer ersion of Malwarebytes that you should update to & then do a new scan. 

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

Let me know how that goes.    Next, the Malwarebytes sca

Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

MB4_scan_tick_ALL.jpg.d5c4071c62ed66534301fbb217b93bc0.jpg

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.6c45445994d4125c0b617ac7c5551e03.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Link to post
Share on other sites

Thank you

 

I have set all folders to show properly. I have updated MB successfully. I have ran a new scan and attached below

This is a Home Work computer. Private local network with only household machines.

'VNC Connect' is installed from RealVNC.  That is the only remote desktop program i use.  I haven't manually set up RD policy.

scanrpt.txt

Link to post
Share on other sites

Next, a custom script to do  checks & selected  cleanups. 

We will use FRSTENGLISH.exe  on the Downloads to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  homebattery  only / for this machine only.

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

This next run will do some checks using Windows SFC & DISM. It will also do some scans with Microsoft Defender antivirus. It will clear temporary files. It will clear Chrome & Edge browser cache files.

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.
  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt             <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads    folder.


RIGHT click on FRSTENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity. 

Link to post
Share on other sites

The Windows System File Checker did do a repair.

Quote

Windows Resource Protection found corrupt files and successfully repaired them

Also, Microsoft Defender antivirus should now be enabled and active.
There was or is a suspicious DLL on this machine ( which was on the exclusion list for the settings of MS Defender).
I will guide you to doing some additional scans to check this system.

Alright. We need to do more scanning. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. 

Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

  • At screen "Detections occured and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

Hi, I understand you to say that, the ESET Online scanner run completed; and it removed 1 program. At this time, we want to do a different check.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  CUSTOM scan  & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply.

Link to post
Share on other sites

https://screenrec.com/share/70e4HZ1Etb

The .log is empty, only headers. above is a screenshot of the result.

Here is a screen of the MB History as an update. The day after my last reply were many outgoing requests.

Seems to be quiet now. i will update you soon once we see if it continues.

https://screenrec.com/share/LZ6bec2qpk 

Thanks very much

Link to post
Share on other sites

  1. Unfortunately, I have zero success with those links to screenrec
  2. I would like a report set for review.   This is a report only.

    Please download MALWAREBYTES MBST Support Tool

    Once you start it click Advanced >>> then   Gather Logs

     Have patience till the run has finished.

    Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

     

  3. Please attach  mbst-grab-results.zip    to your reply
Link to post
Share on other sites

Thanks for the support-report. The last scan by Malwarebytes ( on 31 August ) reported no malware.
For 30 August, there were just 2 Block notices.
One was related Brave browser & the block was a Outgoing one to URL automaniac[.]org  the IP "92.205.3.251"
The other related to GTA5 Grand Theft Auto & IP "83.150.237.1"

NOTE: I am still poring over your report set.

  • A Bit of security housekeeping: There is a newer release Version for Malwarebytes, which you need to get pro-actiely.

I would suggest that you insure to have Version 4.5.14.210 ( or later).

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

*

  • For Your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".
A "malicious website blocked" is entirely different from a "malware detected" event.

The website  Block message indicates that a potential risk was blocked by the malicious website protection.
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
 
See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true
 
Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.
On Outbound blocks, any attempted connection was stopped.
 
No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).
 A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, SKYPE or Peer-to-peer software, to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert.
 

Link to post
Share on other sites

The alerts we are investigating were happening persistently. I saw the GTA alert and also the Brave alert as i was using the PC.

At the moment they've stopped. It has been a number of days, 27th was the last run, as you can see in the screenshots above.

Will update you if they recur in the next days.

Thanks Maurice

Link to post
Share on other sites

It is possible you over-looked visual prompts about a new version for Malwarebytes.  

Question please, and a firm suggestion.
On this machine's installed applications:
Is ESET Security a paid-for license ?? or, is this just a trial install ?
I firmly suggest you uninstall SpyHunter 5 
You do not need it. And uninstalling it will lighten the load on the system. I do not recommend that app. After uninstall, RESTART Windows.

  • Like 1
Link to post
Share on other sites

ESET is a subscription but i uninstalled it yesterday before producing that report as it slows the PC Massively. I used to use it always, just wanted to test it now after you mentioned it above. Now Removed.

The reason i have a Spyhunter subscription is because i was hacked earlier this year & identity robbed, and the only program that detected the infiltration was Spyhunter5. Why is is not recommended?

Obviously i would prefer not to pay for it but it has saved me twice since 2008 so i started paying for it after this years experience. Is it not above board?

MB Never notifies me of updates, but why wouldn't it auto update? I never want to look at it unless there is a problem. I will never manually update it unless you tell me to. Living is busy enough

Link to post
Share on other sites

On Spyhunter, if you have paid for it, then naturally keep it. It is known though that if it is not paid for, it (the upaid-version ) does not allow removal of items detected as potential threats. As to overall, I find most other security tools to be more capable.
*
As to Malwarebytes, when about "program version updates" in most minor updates it can auto-update, However in more significant Version updates, it will display visually a display-notice that a new version is available and then you follow up pro-actively and take action.

  • Like 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.