Jump to content

I keep getting a blocked message everyday from a certain IP


Recommended Posts

even though my browser isn't up. I'm currently running the trial and I have done multiple full scans and including using windows defender. But this keeps popping up despite even at times my browser isn't up. From both MSEDGE and through Opera GX which is the browser I currently use. I also keep getting signed out of my google account for suspicious activity including my amazon made a suspicious activity purchase despite me not signing in for years. and I signed out of my main email on my old phone which the only other device I have now, is a brand new phone and I have only downloaded wild rift which is a mobile game from Riot Games. and just used YouTube. That's literally it. 

 

And I am not signed in on that device on my alternate emails and I am also now getting sus activity on those as well, and my computer won't fully turn off if I hit shutdown in Windows. Like my keyboard is still glowing and my hardware is still running including my GPU but the monitor turns off and it basically signs me out of windows. So it acts like its asleep, but the hardware is still running as if its still on.

 

Surely, none of this stuff is normal and something was overlooked by Malwarebytes. And my trial runs out in 5 days so not entirely sure how sustainable this method of just running a virus scan that isn't catching anything anymore. 

image_2023-01-29_041104742.png

Link to post
Share on other sites

Hello @-Rabbit- and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

Link to post
Share on other sites

  • Root Admin

It looks like something stopped or blocked the Farbar scanner from being downloaded and ran.

Please get me the following logs @-Rabbit-

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites

I want to point out some things I have noticed that may help.

 

One, its an outbound connection everytime which I believe confirms my computer is infected.

 

2, not sure if I mentioned this before but MSEDGE is always randomly appearing and disappearing in the background when I play a game for example. And malwarebytes is also saying outbound connections are used through MSEDGE. Not sure if that helps but hopefully that is a good lead.

Addition.txt FRST.txt

Link to post
Share on other sites

May I also ask, when I go to sleep, do you recommend me turning my computer off? I'm scarred to do it because windows is asking me to restart my computer to update some driver for something I don't realistically know what is. (Altough that doesn't mean its not legit). But some LPC controller. And I have no idea if malware thrives off of turning your computer off or leaving it on.

Link to post
Share on other sites

  • Root Admin

 

 

Are you sure you want this enabled or allowed? Push Notifications on your browser appear to be enabled.

Edge Notifications: Default -> hxxps://2kwso.read-and-reveal.com; hxxps://op.gg; hxxps://read-and-reveal.com; hxxps://www.searchandshopping.org

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Turn notifications on or off - Google Chrome

Web Push notifications in Firefox

 

 

 

 

 

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

 

Save the attached file:  FIXLIST.TXT to your computer where the Farbar FRST program is located.

NOTE. It's important that both files, Farbar scanner, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed in most, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

I ran thie fix, hopefully thats  the file because the frst apparently had been installed in two places and I tried the folder where it was isolated for simplicity sake 

I should also mention I tried to install my browser on my SSD without installing on my SSD (basically importing things over) but it still runs on my HDD. 

 

Everything is fine for my Opera GX,  can't tell if it changed anything. Just wnated to give this feedback incase I accidentally made things complicated. I also tried to turn those notifications off but apparently my windows had already had them set to off. Unless you were talking about the specific sites, the 2 that are random af I don't know but op.gg I know because I stalk my profiles on League of Legends and that basically tracks players profiles. So if I have like a positive WR, I search myself up on it and give myself a bit of an ego. 

 

Would also mention my computer seems to be more responsive but I know that doesn't always necessarily mean everything is in order, but I will mention that the whole reason I installed Malwarebytes wasn't just the email but my resources was being hogged and a virus is a possability.

 

But yeah I click on youtube now and its pretty responsive which in of itself kinda sus (I'm just joking)

Fixlog.txt

Link to post
Share on other sites

  • Root Admin

Thank you for the log. That was a good run. @-Rabbit-

Let me have you run the following antivirus scan

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found.

Link to post
Share on other sites

I just saw this after I did a cod zombies run, going to watch hulu while I do this (on my phone) and catch you tomorrow, its currently 1:44 am rn so I should be on around 5 or 6 pm.

 

Thank you so much for your help today hopefully all goes well tomorrow/later today ^-^

Link to post
Share on other sites

6 hours ago, AdvancedSetup said:

Thank you for the log. That was a good run. @-Rabbit-

Let me have you run the following antivirus scan

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found.

couldn't sleep so I decided to check if it was done and here are the results.

msert.log

Link to post
Share on other sites

5 hours ago, AdvancedSetup said:

Great, that looks good.

Results Summary:
----------------
No infection found.

 

How is the computer running now?

Are there still any alerts, blocks, or other issues at this time? @-Rabbit-

 

So far, the computer is running more smoothly, if I do try to play a heavier game there is still large stutters but I think that's just pegging. MSEDGE i've noticed as a background process when I started the computer but it did NOT take up 30% resources before disappearing. No alerts at all from the start of today. As for the google account issue it only happens every month or month and a half so I will just have to see until then. 

 

As long as I'm not getting those notifications of a suspicious app using my google account or an outbound connection I can keep my sanity.

 

But so far, everything looks good but I have also only been on it for a couple of hours.

 

I will give an update by the time I go  back to sleep tonight/morning, and  tell you if there has been any alerts, and that should be a good sign since it usually happens 1-3 times a day. If I get another google account error I will repost either create another topic or this one but that like I said is usually a span of months between each other. So I wouldn't want to keep you waiting until then

Link to post
Share on other sites

  • Root Admin

Example for cleaning up Google Chrome. We don't have one for MS Edge, but it works similar as both use Chromium as the base of their browsers.

 

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome

Resetting Google Chrome to clear unexpected issues
 

Thank you

 

Link to post
Share on other sites

Yeah I noticed MSedge was on start up earlier and I just turned it off. 

 

Yeah I didn't think doing simple things like resetting your registry values could impact so much on just responsiveness. I had always chalked up my stutters and unresponsiveness to my CPU. 

 

Long story short, one of my friends was hacked, so they impersonated them, and it went on to me. I guess it was a personal thing because it wasn't a scripted Ooga booga nitro. We had a full convo and then I lost my Discord.

I have been very careful on the internet since so I was reluctant to calling my fps, and large stutter issues, like Discord not responding, and then all of a sudden working again, chalked it to bad CPU and HDD, didn't think it could be a virus.

 

But I came to the conclusion because all of my burner emails only being on my PC, were all being tampered with, so its just what it had to be. But I did reset my PC which is why I was so dumb founded.

And so I figured, me literally having 0 fps for like, idk, 5-6 seconds when it never happened before, possibly was a virus, and it was another symptom I had been ignoring and chalked it to another reason.

 

But before I clear cache, do you mind giving a brief explanation of what that is and the advantage of doing so? I only ask because isn't cache like your sort of personal data, and so like a password, I'm not saying its wrong to do so but I don't get the advantage of clearing it, if for example you would lose all of that data or most of it to ultimately do it again (like enter in another password, possibly saVe it, or it saves your email as a possible username, as example logging into to see your emails, it would input the email for you or show you one you had previously used)

I am getting off early tonight but I have not received a single report from Malwarebytes today and not suspicious activity thus far within my emails or anything linked to my browser data. It looks like I am in the clear, will update you in 2 months if everything is alright til then, most likely will be a PM if that works/convenient for you

Link to post
Share on other sites

  • Root Admin

Cache and cookies, etc are designed to help speed up the web pages so you don't have to download them so much the next time you visit that site. Unfortunately files get corrupted, cookies have issues, etc. etc. So, cleaning can help a browser work better.

 

Please run the following

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites

 

 

Though I must ask, 'for a friend' ofc, If I so happened to get an 'outbound' block from an 'adult' website, it doesn't imply I am infected right? I am aware those sites are a rats nest when it comes to viruses but I just want to make sure there is a difference between me being on a site and it being blocked and me just being idle and there is a blocked outbound connection.

There is one slight reoccurring issue though I'm not sure if this has to do with a virus though I would say it did start happening a bit before I notice a clear resource consumption from random sources that weren't issues before. I tried to update my audio drivers but the long story short is, my audio, gets extremely loud, and the quality gets worse, and then it resets to normal. It really hurts my ears which is why I'm asking but this probably has nothing to do with the issue at hand. But just curious since you asked if there was any issues. and you might be aware.

 

Headphones are Corsair void pro I think? I would say it could be a bad wire but the original issue in my resources was windows audio graph, was making things unusable. So was curious if malware could also cause it.
 

SecurityCheck.txt

Link to post
Share on other sites

  • Root Admin

Any type of unrequested outbound traffic should be considered suspect. The computer makes all kinds of calls to the Internet as long as it's up and running but the vast majority are legit.

If you're getting a block alert from any security software on outbound then there is almost certainly something unwanted running on the computer.

 

Please uninstall, update, or otherwise address the following as appropriate for your computer.

 

When that's done, please check for Windows Updates and install any update found.

Please keep me posted @-Rabbit-

 

Link to post
Share on other sites

So does updating your pograms apply the same ideology to cookies is that is the idea that it could also be corrupted and updating it is almost like insurance that it won't/fixes that corruption a lot more reliably than if you didn't.

I mean tbh I for the longest just saw it was a hassle to update miniscule things that doesn't improve the function of the program, such as sharex, but I updated bakkesmod every time I use it because the program simply won't work if you don't.

 

Also I did get outbound connections but it was only on the adult websites and I haven't since, I was asking due to those places being so infested. 

 

I have updated the given programs and am currently updating Windows. 

Link to post
Share on other sites

Am going to head to bed, really exhausted, sorry I keep sleeping so early, its tuff being paranoid although I feel 100x better now.

 

the forum says mp4 is not supported so I just decided to upload it to YouTube, please do take caution when watching this because again, my audio goes berserk, so it is really loud, but afterwards the audio stops, thats not accurate to my side of things, my side of things is that the audio continues being loud until after a couple of seconds it just goes away, and restores itself, was curious on your thoughts, if there is a corruption of audio drivers or what. The audio device graph no longer takes up resources however  this still happens.

 

Link to post
Share on other sites

the clip also continues because after the audio goes away, you can still somehow hear the audio being loud, and I suppose because its so loud through the earphones the mic actually picks it up.

 

Sorry if it hurt your ears, I'm not used to posting on forums so I didn't know how to format it and I would edit but I don't see the option, anyways, that is the audio thing I am experiencing.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.