Svhost.exe keeps blocking RTP detections

[Patched]

I have been reading the forums for a bit, and saw that you need to run Farbar Recovery Scan Tool, So i did, and i will include the File below. The RTP Detection keeps popping up every 10 seconds and is getting very annoying.

FRST.txt

[1PW]

Hello @Patched and :

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

1. Download the Malwarebytes Support Tool.
2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
4. Run the MBST Support Tool.
5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

[Patched]

@1PW Here is the detection file from Malwarebytes support tool: 

mbst-grab-results.zip

[AdvancedSetup]

Hello @Patched

Please go to Control Panel, Programs, Programs and Features, Uninstall a program

Then right-click and uninstall the following

• Bonjour
• Java 8 Update 261

 

These block alerts are for Incoming probes. They are not due to something specifically running on your computer.

Normally these type of blocks go away on their own within a week or so. It's possible though that depending on what kind of games you play that perhaps someone was able to detect your real IP address and thus probe your system looking for exploits to attack the system.

 

Let's go ahead and scan your system with another AV scanner and see what it finds or not.

 

 

Please run the following ESET Online Scanner and perform a Full Scan

 

Click the following link to save the installer for ESET Online Scanner

https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

• It will start a download of "esetonlinescanner.exe"
• Save the file to your system, such as the Downloads folder, or else to the Desktop.
• Go to the saved file, and double click it to get started. 
• When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
• On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
• When prompted for scan type, Click on the Full Scan button
• Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
• Have patience.  The entire process may take a few hours or more.
• When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
• Click The blue “Save scan log” to save the log and give it a name and location you remember.
• If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
• Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
• Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Please attach the ESET scan log you saved at the end to your next reply

 

[Patched]

@AdvancedSetup Here is the results from ESET: 

result.txt

[Patched]

The RTP detections seemed to have stopped when I deleted bonjour and Java 8, everything seems to be going good right now. Thank you! 👍

[AdvancedSetup]

Great, glad to hear @Patched

Please run the following

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

• Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
• If Microsoft SmartScreen blocks the download, click through to save the file
• This tool is safe.   Smartscreen is overly sensitive.
• If SmartScreen blocks the file from running click on More info and Run anyway
• Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
• Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
• You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

 

Thank you

 

 

[Patched]

@AdvancedSetup Here is the result file from the security checker app:

SecurityCheck.txt

[AdvancedSetup]

Thank you @Patched

Please uninstall, update, or otherwise address the following as appropriate for your system.

 

Discord v.0.0.309 Warning! Download Update
Git v.2.35.1.2 Warning! Download Update
GitHub Desktop v.2.9.6 Warning! Download Update
iTunes v.12.12.4.1 Warning! Download Update | ^Please use Apple Software Update tool.^
Microsoft SQL Server 2005 Compact Edition [ENU] v.3.1.0000 Warning! This software is no longer supported.
Microsoft Visual Studio Code (User) v.1.66.2 Warning! Download Update
Mozilla Firefox (x64 en-US) v.109.0 Warning! Download Update
Notepad++ (32-bit x86) v.8.4.5 Warning! Download Update
NVIDIA GeForce Experience 3.27.0.112 v.3.27.0.112
PuTTY release 0.74 (64-bit) v.0.74.0.0 Warning! Download Update
Python 3.10.1 (64-bit) v.3.10.1150.0 Warning! Download Update
Spotify v.1.2.5.1006.g22820f93 Warning! Download Update
VLC media player v.3.0.12 Warning! Download Update
VMware Workstation v.16.2.5 Warning! Download Update
WinRAR 6.02 (64-bit) v.6.02.0 Warning! Download Update

---------------------------- [ UnwantedApps ] -----------------------------
Winaero Tweaker v.1.33.0.0 Warning! Suspected demo version of anti-spyware, driver updater or optimizer.
----------------------------- [ End of Log ] ------------------------------

 

After you've finished the above restart the computer and then check for Windows Updates and install any updates found.

 

Then let me know if there are still any signs of infection or other issues.

Thanks

 

 

[Patched]

@AdvancedSetup Everything is working better now, the detections stopped and no other weird connections show up anymore. Thank you!

[AdvancedSetup]

You're quite welcome @Patched glad to help

 

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

• right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please attach that file to your next reply. (not compulsory)

 

1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
   https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

•   Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
•   Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
•   Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

uBlock Origin

• Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm 
• Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak 
• Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you