Jump to content

unicorns-r-www.us.com ?


sawine

Recommended Posts

Hello,

I was running updates on my system and something tried to open chrome to a domain that doesn't seem to be even registered. I'm not sure how it was able to resolve to an IP address?  This domain isn't entered inside my hosts file either...

I was updating multiple things... I think it happened after I updated Adobe Creative Cloud... I'm not 100% certain, it also happened after I just rebooted.

If anyone could help me shed some light on this, I'm a little paranoid to what this could be... it seems really suspicious.

If that's not the right forum section to ask, I'm sorry, if you could please let me know where I should post it.

Thanks

Here are the details of the incident:
unknown.png

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/28/22
Protection Event Time: 1:58 PM
Log File: 1b3226f2-3f57-11ed-bd01-0a002700001f.json

-Software Information-
Version: 4.5.14.210
Components Version: 1.0.1767
Update Package Version: 1.0.60468
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1889)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: unicorns-r-www.us.com
IP Address: 45.56.79.23
Port: 80
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


 

Link to post
Share on other sites

3 minutes ago, sawine said:

If that's not the right forum section to ask, I'm sorry, if you could please let me know where I should post it.

Moved for you.

Please do the following so that we can get started and see what's going on.


The Farbar Recovery Scan Tool is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool
    Do not click on any Ads.
     
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
     
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

    DOC-1318-1.png
     
  4. Windows protected your PC notification may appear. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with software we may have to use:  What is SmartScreen and how can it help protect me?

         a.  Click More info.

    https://support.malwarebytes.com/hc/article_attachments/360051190254/DOC-1318-2.png
         b.  Click Run anyway.

    https://support.malwarebytes.com/hc/article_attachments/360051190294/DOC-1318-3.png
  5. When the User Account Control window appears, click Yes.

    image.png

     
  6. To accept the Disclaimer of warranty, click Yes.

    image.png

     
  7. Ensure only the boxes listed below are checked

    image.png

    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt

    image.png

     

  8. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans

    Click Scan. The scan may take a few minutes to complete.

    image.png
     

  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.

    image.png

  • Addition.txt is saved in the same directory FRST is located.

    image.png
     

  • Click OK to close each message window

 

Please attach both of those logs on your next reply, DO NOT copy/paste the contents of the logs directly

https://content.invisioncic.com/Mmalware/monthly_2018_10/_mb_attach.jpg.dbd89b8e360d3763b3bbe33ce83d680d.jpg

 

 

Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.