Repeated attempts to access website through port 443

[GeorgeL911]

My PC continually attempts to establish an outbound connection with Chrome to 2 IP addresses through port 443. 139.45.197.251 and 139.45.197.253

I have attached the log files from the Malwarebytes Support Tool.

I appreciate any help you can provide.

mbst-grab-results.zip Detection History 2.txt Detection History.txt

[Maurice Naggar]

Hello  

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

• The web-protection of Malwarebytes is keeping the pc safe from potential harm.
• Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
• Only run the tools I guide you to.
• Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
• The removal of malware isn't instantaneous, please be patient.
• Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
• Please stick with me until I give you the "all clear".
• If your system is running Discord, please be sure to Exit out of it while this case is on-going.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted items from a system. This tool does not install. It is run on-demand.

This link is for the 64-bit version of MSERT.exe . Be sure you save the file first
https://definitionupdates.microsoft.com/download/DefinitionUpdates/safetyscanner/amd64/MSERT.exe

Upon completion of the save, Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.

This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

[Maurice Naggar]

For after you have completed the Microsoft Safety scanner run, these here are the next procedures I would like you to do. There are a few prelimaries.
Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

( 2 )

Take these actions so that Windows 11 is set to show all hidden files and folders.
Open File Explorer from the taskbar.

Select View > Show > Hidden items.

Select View → Show → File name extensions

( 3 )

Next first step, is to "Turn OFF ( to DISABLE) the "fast starup" of Windows 11
See https://www.windowscentral.com/software-apps/windows-11/how-to-enable-or-disable-fast-startup-on-windows-11

When that is done, be sure to do ( from Start menu) one Power >> Shutdown >> Restart.
Having "fast startup" can complicate our efforts to fix problems.

( 4 )

Now we have to insure that a FRST tool by the name of FRSTENGLISH.exe is on a folder that can be easily found & seen.
On the Taskbar Search box, type in
cmd.exe
click the line for "run as administrator"

It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  for the whole line, as-is
On that Command prompt,  Copy & Paste this command (be very sure to copy the whole entire line. ALL of it)

copy C:\Users\George\AppData\Local\Temp\mwbC825.tmp\FRSTEnglish.exe C:\Users\Public\Desktop\FRSTEnglish.exe

press Enter-key on keyboard   and watch to see that it completes.
Then Close the command-prompt window.

( 5 )

Please run the following custom script. Read all of this before you start. Please Close all open work.

FRSTENGLISH.exe is should be on this machine on Desktop

lease download the attached fixlist.txt file and save it to Desktop folder

Fixlist.txt<-- - - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Desktop folder

RIGHT-Click on   FRSTENGLISH and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will rebuild the Winsock. It will attempt to run scans with MS Defender. It will also clear cache files on web browsers . Depending on the speed of your computer this fix may take 50-55 minutes or more.

The system will be rebooted after the script has finished. Attach FIXLOG.txt with next reply.

Edited May 25 by Maurice Naggar

[GeorgeL911]

Microsoft Safety Scanner log

msert.log

[GeorgeL911]

I completed steps 1-5 Fixlog.txt is attached

Fixlog.txt

[Maurice Naggar]

Thank you for the 2 reports. The Safety Scanner run of the 25th found no threats / no malware.
The Safety Scanner run of the afternoon of the 24th May found and removed many trojans & hacktools.
The custom fix-script-run is beneficial. The Windows System File Checker ( SFC ) has made some corrections. Windows Resource Protection found corrupt files and successfully repaired them.

As a next step, I suggest the following:

This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool.

This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run.

Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"

• Save the file to your system, such as the Downloads folder, or else to the Desktop.
• Go to the saved file, and double click it to get it started.

 

• When presented with the initial ESET options, click on "Computer Scan".
• Next, when prompted by Windows, allow it to start by clicking Yes
• When prompted for scan type, Click on CUSTOM scan  and select C drive to be scanned
• Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"
• and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours.

• At screen "Detections occurred and resolved" click on blue button "View detected results"
• On next screen, at lower left, click on blue "Save scan log"
• View where file is to be saved. Provide a meaningful name for the "File name:"
• On last screen, set to Off (left) the option for Periodic scanning
• Click "save and continue"
• Please attach the report file so I can review

Edited May 25 by Maurice Naggar

[GeorgeL911]

ESET scan log attached

eset scan log.txt

[GeorgeL911]

Still have outbound attempts on port 443

[Maurice Naggar]

Hi. The ESET scan result is very very good.

The Real Time Protection of Malwarebytes for Windows  is actively doing it's job to protect the system.

I  would recommend that if you have a internet-connection-router hardware at home,  that you look over this article
"How to Enable Your Wireless Router's Built-in Firewall"
https://www.lifewire.com/how-to-enable-your-wireless-routers-built-in-firewall-2487668

 
The Windows is a PRO edition & I urge you to turn OFF Remote Desktop feauture !   if you do not need or use Remote Desktop,  you can turn that off.
https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html

I suggest you turn R D P  to Off.
 

[GeorgeL911]

I will read the router article.

Remote Desktop was already off.

Thank you so  much for your help and guidance, I really appreciate it.

[Maurice Naggar]

When you get the chance, do what follows.
Perform a Clean Boot in Windows 11 to Troubleshoot Software Conflicts
See this link

( 2 )

Now a different scan with another security scanner. 

This with Kaspersky KVRT tool.

Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

Next, Select the Windows Key and R Key together, the "Run" box should open.



Drag and Drop KVRT.exe into the Run Box.



C:\Users\George\DESKTOP\KVRT.exe will now show in the run box.



add

-dontencrypt

Note the space between KVRT.exe and -dontencrypt

C:\Users\George\DESKTOP\KVRT.exe -dontencrypt 

should now show in the Run box.



That addendum to the run command is very important.


To start the scan select OK in the "Run" box.



The Windows Protected your PC window "may" open, IF SO then select "More Info"



A new Window will open, select "Run anyway"



A EULA window will open, tick both confirmation boxes then select "Accept"



In the new window select "Change Parameters"

 

• In the new window ensure the following boxes are ticked:
  • System memory
  • Startup objects
  • Boot sectors
  • System drive

• Then select "OK" and „Start scan“.

The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else..

• completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue".
• Usually, your system needs a reboot to finish the removal process.
• Logfiles can be found on your systemdrive (usually C: ), similar like this:

Reports are saved here C:\KVRT_data\Reports and look similar to this report_20230526_223000.klr

• Right click direct onto those reports, select > open with > Notepad.
• Save the files and attach them with your next reply

[AdvancedSetup]

Please post a status update @GeorgeL911