Jump to content

Potential threat blocked?


Recommended Posts


I get frequent blocks by Malwarebytes as to websites from different IPs. I have exported log info as to one of the notes (of many) below. There's a new block like every quarter of an hour.

It's in Swedish, but I think you'll understand anyway because of the format the data is presented in.

Malwarebytes doesn't detect anything. I have run your AdwCleaner and ESET, which removed some threats but the blocks just keep going. I don't use Google sync.

What to do?

Gunnar Bjorkdal



Datum för skyddshändelse: 2022-09-16
Tid för skyddshändelse: 17:05
Loggfil: 05a9d562-35d1-11ed-a597-f46d04653d39.json

Komponentversion: 1.0.1767
Uppdatera paketversionen: 1.0.60137
Licens: Premium

OS: Windows 10 (Build 19044.2006)
CPU: x86
Filsystem: NTFS
Användare: System

-Information om blockerad webbplats-
Skadlig webbplats: 1
, C:\Windows\System32\svchost.exe, Blockerad, -1, -1, 0.0.0, , 

Kategori: Komprometterat
Port: 3389
Typ: Inkommande
Fil: C:\Windows\System32\svchost.exe


Link to post
Share on other sites

If all of the blocks are incoming then Malwarebytes is doing its job.

The blocks are on addresses that are attempting to do a forced  attempt to exploit remote-desktop-protocol. 

The Real Time Protection of Malwarebytes for Windows  is actively doing it's job to protect the system.

In most cases the attempted probes will automatically stop on their own. If it continues you can add the IP to the local firewall to prevent it from contacting the computer period.
If you wish to do so, here is one how-to guide

Link to post
Share on other sites

  • Root Admin

Hello @ABGB

As @Porthos has said. These you've listed are INBOUND which normally goes away on their own within a few days. We can scan your computer and look for possible issues, but in general Malwarebytes Premium is doing it's job blocking them.


If you would like to run some scans though, please let us know.



Link to post
Share on other sites

  • Root Admin

I'm off for the next couple of days, but please run the following and I'll check it out once I get some free time. @ABGB



Let me have you run a different scanner to double-check.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g. their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.


Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3





Then, restart the computer and get me the following logs


Please do the following so that we can get started and see what's going on.

The Farbar Recovery Scan Tool is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool
    Do not click on any Ads.
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

  4. Windows protected your PC notification may appear. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with software we may have to use:  What is SmartScreen and how can it help protect me?

         a.  Click More info.

         b.  Click Run anyway.

  5. When the User Account Control window appears, click Yes.


  6. To accept the Disclaimer of warranty, click Yes.


  7. Ensure only the boxes listed below are checked


    Registry  Services  Drivers
    Processes  Internet  One month



  8. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans

    Click Scan. The scan may take a few minutes to complete.


  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.


  • Addition.txt is saved in the same directory FRST is located.


  • Click OK to close each message window


Please attach both of those logs on your next reply, DO NOT copy/paste the contents of the logs directly







Link to post
Share on other sites

  • Root Admin

It is not harmful. If anything is harmful it is Google Chrome itself. Please ignore and allow the download or use a different browser.

Without logs I won't be able to assist you. @ABGB

I'm off work until Thursday, but will try to check in on you before then.



Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.