Resssss Posted October 3, 2022 ID:1536255 Share Posted October 3, 2022 I'm seeing a string of websites blocked for malware with Type: Outbound and File: System. Since there is no other detail I'm not sure how to diagnose or remove it. Link to post Share on other sites More sharing options...
MKDB Posted October 3, 2022 ID:1536272 Share Posted October 3, 2022 Hello @Resssss and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed. Searching, detecting and removing malware isn't instantaneous and there is no guarantee to repair every system. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Please be patient and stick with me until I give you the "all clear". Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. As English is not my native language, please do not use slang or idoms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. If you are away for a longer time, please let me know. Step 1 Please download the Malwarebytes Support Tool (MBST). Run MBST and accept license agreement. In the left navigation pane of MBST, click Advanced. In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine. A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply. Thank you! Link to post Share on other sites More sharing options...
MKDB Posted October 5, 2022 ID:1536552 Share Posted October 5, 2022 Hi @Resssss, do you still need help? If so, please follow my instructions and post the logfiles. Thank you. Link to post Share on other sites More sharing options...
Resssss Posted October 6, 2022 Author ID:1536666 Share Posted October 6, 2022 There appears to be private information in these logs I'm not comfortable uploading publicly. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 6, 2022 Root Admin ID:1536677 Share Posted October 6, 2022 The only private information would be if you used your real name for your profile name. You can send me the logs via Private Message if you like @Resssss 1 Link to post Share on other sites More sharing options...
MKDB Posted October 8, 2022 ID:1536989 Share Posted October 8, 2022 Hi @Resssss, do you still need help? If so, please follow my instructions and post the logfiles. Thank you. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 9, 2022 Root Admin ID:1537117 Share Posted October 9, 2022 I have the log files via PM @MKDB 1 Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted October 9, 2022 Root Admin Solution ID:1537120 Share Posted October 9, 2022 The outbound blocking is due to use of Private Internet Access VPN There really isn't too much you can do about that as the networks used by PIA are often shared with threat actors too, the same as other VPN programs. They just seem to have more than many other VPN programs. If you watch your alerts, they'll show up as the Private Internet Access program in the block. Example: "websiteData": { "blockType": 2, "ip": "181.214.218.50", "isInbound": false, "port": 0, "processPath": "C:\\Program Files\\Private Internet Access\\pia-service.exe", "url": "" } I would recommend uninstalling the following Bonjour You're running Torrent software on the system. Torrenting is the act of downloading and uploading files through the BitTorrent network The act of torrenting itself is not illegal. However, downloading and sharing unsanctioned copyrighted material is illegal, and there is always a chance of prosecution if caught by the authorities. Torrenting non-copyrighted material is perfectly fine and is allowed. However, be aware that we have seen increased malware bundled with software downloads over P2P. Recent Ransomware infections have been seen to encrypt user data so that no one can decrypt the data without the private key. When sharing files, please keep in mind that you're increasing your system's attack surface area, which can increase the risk of infection. Scan all files before running them. https://www.virustotal.com If you don't need or use the P2P software, you should uninstall it to improve security of your system and data. Risks of File-Sharing Technology by the Cybersecurity & Infrastructure Security Agencyhttps://www.cisa.gov/uscert/ncas/tips/ST05-007 You should locate and install the correct driver for this Name: PCI Encryption/Decryption Controller Description: PCI Encryption/Decryption Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Link to post Share on other sites More sharing options...
Resssss Posted October 9, 2022 Author ID:1537135 Share Posted October 9, 2022 Thank you, PIA makes sense. I was confused because the alerts were showing up under "System" with no program. Can you expand more on uninstalling Bonjour? I did some googling and it seems to be necessary for iTunes on windows Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 9, 2022 Root Admin ID:1537159 Share Posted October 9, 2022 No, Bojnour is a network discovery and sharing tool from Apple. It is not needed by Windows users. It is an extremely noisy, chatty program that in some cases causes a broadcast storm on Windows that creates networking issues. I have and use iTunes with zero issues without Bonjour. What exactly is mDNSResponder.exe? (Bonjour) https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/ MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL. On a Mac or iOS device, this program is used for networking nearly everything. On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows. Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery. What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 27, 2022 Root Admin ID:1543438 Share Posted November 27, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts