Jump to content

RTP Outbound connection on Google/Wikipedia


Recommended Posts

I hope I'm in the right thread for this but here we go:

I know Outbound connections real time protection notifications are not proof of an infection, however I received two notifications from the same url on the Google homepage and the other on a Wikipedia page, as far as I know, these are not websites I thought I would get RTP alerts from. I thought it looked pretty suspicious so I really wanted to make sure I didn't overlook anything. I'm using Google Chrome as a browser (Planning to switch to Opera) I made a scan with MB, Windows Defender and ESET, all came back negative. Maybe I'm just really paranoid.

Sans titre.png

Sans titre2.png

Link to post
Share on other sites

Hello @SwOJester and welcome back:

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @SwOJester

Did you purposefully attempt to access the following site?

eatablehelprut.com

 

[ 1 ]

Your current DNS Servers:  192.168.0.1

Please consider changing your default DNS server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6

  • Google Public DNSIPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • CloudflareIPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNSIPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCHIPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b


The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

[ 2 ]

Please go to Control Panel, Programs, Programs and Features, Uninstall a program - and uninstall the following

  • Bonjour
  • CCleaner (no longer recommended by computer experts)
  • Java 8 Update 281 (64-bit)
     

What exactly is mDNSResponder.exe? (Bonjour)

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

[ 3 ]

Please run the following fix.

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\Client\Downloads\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed in most, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

Thank you for the log @SwOJester it ran well and also found and fixed some other issues

Windows Resource Protection detected corrupt files and repaired them.

 

Please run the following

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites

  • Root Admin

Thank you for the log @SwOJester

Please uninstall, update, or otherwise address the following as appropriate for your system.

 

Please make a new System Restore Point and then do the following.

 

 

Then restart the computer and check for Windows Updates and install any updates found.

 

Keep me posted when done

 

Link to post
Share on other sites

A'right, finally did all of the things, really sorry for the wait! I updated my Windows, uninstalled and updated most of the programs you listed (some of them are not even on my PC anymore, they're just broken directories that my PC doesn't want to remove despite having done a proper uninstalling for some reason.)

Link to post
Share on other sites

@AdvancedSetupHere, the first picture is for Paint.net, the other is for Python, even the version I just installed. Sorry for the french, it just says it can't find the specified directory.

Also, something I forgot to mention but last night, while I was executing Farbar, I forgot I had ESET running a complete scan in the background. It had one malware detection but it closed before it could complete the sweep and quarantine it. After we left off, I did another complete scan and ESET didn't detect anything that time.

Sans titre3.png

Sans titre4.png

Link to post
Share on other sites

Well I have back ups for the important stuff anyway. I was already migrating files since I was planning to wipe my PC and install a clean version of Windows to convert it into a work PC.

 

Oh and reassure me, when you say ''Wow, that can get ugly trying to force remove it.'' you mean the impossible to uninstall programs and not the virus, right? 😐

Link to post
Share on other sites

  • Root Admin

There is no virus on the PC. There are very little signs of any Trojan or infection left on the computer at this time.

By "ugly" I mean you're not supposed to have to physically remove hundreds of files, folders, and registry entries manually. It's possible you might remove a good Registry entry or file that is associated to other software by accident.

 

If you want to do a CLEAN INSTALL that would be a great way to ensure you have a clean safe computer.

 

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

 

Or if you want Windows 11

 

Perform clean install of Windows 11 in six different ways
https://pureinfotech.com/clean-install-windows-11/

How to Perform a Clean Install Windows 11
https://www.groovypost.com/howto/clean-install-windows-11/

 

 

Backup Software
https://forums.malwarebytes.org/index.php?/topic/136226-backup-software

 

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

Oh thank *****, my heart stopped for a second.

 

But yeah, if you think it would be safer to just do a clean Windows install in about a month or two rather than letting my klutzy fingers potentially delete something important by accident, would you think that would be a better option?

Link to post
Share on other sites

Very kind of you but like I said, I'm very clumsy and nervous when I'm doing stuff I don't completely understand so I'd rather go for the safest option available. :D

 

But yeah, if you're telling me everything else is fine and it doesn't look like there's any signs of an infection left, then I think we can consider the matter settled! Thank you so, so much for all of your help and guiding me through this. You've been incredible and I highly appreciate it!

Link to post
Share on other sites

  • Root Admin

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please attach that file to your next reply. (not compulsory)

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.