Jump to content

Got a message saying that an outbound connection was blocked


bunny702
Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello :welcome: 

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • It is a Outbound block notice. The Malwarebytes protections are keeping system safe from potential harm. Threat is external.

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply
  • The IP block actions by Malwarebytes are keeping the machine safe from potential threats.
  • We do need the support zip reports to see more detail  ( the screen grabs just do not have full details + those screens give no clue as to what processes are running.
Link to post
Share on other sites

  • Solution

Thank you. Let us start with these next steps.
{ Step 1 }
Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use this Guide

{ Step 2 }
Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

This will help to have the Microsoft Defender antiirus to be on.

{ Step 3 }

This is one way to do a manual scan using the Microsoft Defender antivirus, as well as to visually check protection status.
From the Start menu, select Settings, then select Update and Security.
Next, look at the left-side menu & select Windows Security

image.png.53b8290f51fb52ad1f67f2be5d1a7198.png

 

Next, In Windows Security section: Click on the grey button Open Windows Security

image.thumb.png.770ff10e37da546f33963da571bd3378.png

Now, click on the shield Virus and threat protection

By the way, when you see a green check-mark on your display, it means a good status and that protection is on.

 

image.thumb.png.d3c40d161bda6630f463e83ce53f9782.png 

On the next display, look at all the options. Look down the list and see "Check for Updates" which I have highlighted with a blue icon.

You can click on that to have the system check for updates for Windows Defender.

Please also note that the Scan options (all) can be displayed by clicking on Scan options. ( You can do Quick, Full, or Custom).

NOTE: If you have the time / opportunity, select a Custom scan & scan the C drive  ( one time as a safety check ).

image.thumb.png.1bfbd5b3023eeabe0dbea2025a5fa556.png

Link to post
Share on other sites

[  Do a custom scan with Microsoft Defender Antivirus ]

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select CUSTOM scan & then pick the C drive  & have it go forward.

Once it has started the scan phase, you can go take a long break.   Let me know the results.

Link to post
Share on other sites

Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard.

See Support article how-to

https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard


For the EDGE browser https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser

Note: For Opera browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate).

[ 2 ]
Delete all Cache files & History on each of Opera & Edge browsers.
Go thru every web browser you use and in each, delete the browser CACHE
https://www.lifewire.com/how-to-clear-cache-2617980

[ 3 ]

I would recommend getting a readout report as to update status of some key apps.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 26.09.2022 20:13:51
Path starting: C:\Users\ricar\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: ricar
VersionXML: 10.19is-25.09.2022
___________________________________________________________________________

Windows 10(6.3.19043) (x64) Professional Release: 2009 Lang: English(0409)
Installation date OS: 26.09.2022 11:51:35
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
SystemDrive: C: FS: [NTFS] Capacity: [930.9 Gb] Used: [510.3 Gb] Free: [420.6 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 3)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 4.5.14.210 v.4.5.14.210
--------------------------- [ OtherUtilities ] ----------------------------
Steam v.2.10.91.91
-------------------------- [ IMAndCollaborate ] ---------------------------
Discord v.1.0.9006
------------------------------- [ Browser ] -------------------------------
Opera GX Stable 90.0.4480.117 v.90.0.4480.117
Microsoft Edge v.105.0.1343.50
------------------ [ AntivirusFirewallProcessServices ] -------------------
aswbIDSAgent (aswbIDSAgent) - The service has stopped
aswbIDSAgent (aswbIDSAgent) - The service has stopped
Avast Firewall Service (avast! Firewall) - The service has stopped
Avast Antivirus (avast! Antivirus) - The service has stopped
Avast SecureLine VPN (SecureLine) - The service has stopped
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1339
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1107
Microsoft Defender Antivirus Service (WinDefend) - The service has stopped
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
 

Link to post
Share on other sites

  • 2 weeks later...

This system is good-to-go. This here is for tools cleanup.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.

Delete mb-support-1.8.7.918.exe
Delete mbst-grab-results.zip on the Desktop

Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

I am marking this case for closure.
I wish you all the best. Stay safe. 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.