Jump to content

Several compromised/exploit pop-ups lately


Recommended Posts

Hello,

I've been getting pop-ups from Malwarebytes software in the past almost-month regarding network attacks, compromised sites and exploits, all coming from my own computer, such as svchost, lsass.exe, dropbox, even just 'System' to throw out a few examples.  I'm super careful about accessing content that might cause me problems, and I've also seen that many, many other people are having similar issues with Malwarebytes right around the same time frame as I started experiencing them - I believe due to the most recent update to the software - so, what currently gives with this app?  Is this something you guys are addressing?  Because the coincidences are kind of too prevalent to ignore.  Unless there really was a major breach lately and tons of people are being affected by viruses. 

I can provide whatever info's needed and will check this posting daily.

MWB1.JPG

MWB2.JPG

MWB3.JPG

MWB4.JPG

Link to post
Share on other sites

  • Root Admin

As an example, in your first image. 

https://www.abuseipdb.com/check/185.220.100.248

This IP address has been reported a total of 9,336 times from 412 distinct sources. 185.220.100.248 was first reported on , and the most recent report was .

 

Basically, Malwarebytes is doing its job and blocking INBOUND probes from an IP that is known to host a possible threat.

Normally these type of probes go away on their own within a couple of days or so. If you'd like us to scan your system for any possible issues though, please let us know.

 

Thank you @frammelpie

 

Link to post
Share on other sites

Hello, thanks for the quick reply. 

To respond to your statement about them going away after a few days, yes they typically do, but then I get another round of them a couple days later.  If you don't think it's indicating anything on my PC then I can probably just leave well-enough alone, it's just odd to me that I suddenly have started getting these on a regular basis like that.  Perhaps MWB software received an update that now includes these pop-ups to be seen, but this was always hitting my PC previously, but silently?  I've done full scans a few times using both Kaspersky and MWB, and in all cases, nothing is ever found except a game memory hack tool I have.  If you think that something could still likely be on here beyond those scans, I'd be all for making sure.

Thank you @AdvancedSetup

Link to post
Share on other sites

  • Root Admin

We do multiple updates every day and those can include RDP (remote desktop protocol) attacks as they've become quite popular. It costs the criminals very little to probe but potentially a lot to gain if they do find an open exploit.

Get us some logs and we'll review and see if we can find any issues that might be going on.

 

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you @frammelpie

 

 

Link to post
Share on other sites

  • Root Admin

I don't see an obvious infection, but I do see you're running Kaspersky Total Security which can sometimes have conflicts. If it's working well then that's good.

Please check for updates for Kasperksy and do a Full System Scan and let me know if it finds anything or not.

 

I've noticed this in the logs which would seem to indicate that something bad is going on if you're getting a BSOD

Can you zip these and upload them? I'll see if I can get them reviewed. But nothing showing that would seem to indicate any reason for an outside source to want to target you.

Recent Windows Crashes
========================================
C:\WINDOWS\Minidump\081522-8984-01.dmp  [created:08/15/2022  10:34]
C:\WINDOWS\Minidump\082222-9031-01.dmp  [created:08/22/2022  05:36]
C:\WINDOWS\MEMORY.DMP                   [modified:08/22/2022  05:36]
 

 

Link to post
Share on other sites

Hello @AdvancedSetup,

I will DM you the link to the files hosted on my dropbox.  Unfortunately I was not able to attach them here due to size and/or permissions issues.  The minidumps won't let me zip or share (even though I'm using the Admin account and the file permissions show 'full control' of the files), so hopefully you can look at them via this method.

 

image.png.90a62f64960fc3b69a09112ccb499e24.png

 

Link to post
Share on other sites

  • Root Admin

Please restart the computer. Then go into Safe Mode and see if you can copy them to another location or create the .zip or .rar from there.

Thank you, I see you provided me with links already

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

  • Root Admin

To be on the Safe Side, let's go ahead and run a scan with the following.

 

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found.

 

 

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.