Jump to content

Multiple Outbound Connections through svchost.exe


Recommended Posts

I recently bought a new laptop, an Acer Aspire 5, and I moved a lot of my files over from my old one before I installed MBAM, signing up for the free premium trial. Now I keep getting these outbound connections to random IP addresses through svchost.exe. Should I be worried? Also sometimes my laptop fans run full throttle and checking with GPUZ, I see that the integrated GPU has started to reach 70-80 degrees Celsius. This happens even when idle and every other program was closed. I've been unable to figure out what causes it.

image.thumb.png.bd091fac41e6a9aae35bb6ef41f8a0dc.png

image.png.1cc1095b463245da3cc6adeaaceee386.png

Threat scan log export.txt Addition.txt FRST.txt

Link to post
Share on other sites

Hello :welcome: @hkrish

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

I would like a report set for review. This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished.
Attach the mbst-grab-results.zip from the Desktop to your reply..

Link to post
Share on other sites

P.S. The screen grabs just simply do not have full details about the "block notices". That is why we only ask that you run the Support-tool report. I will hev further replies to you, later.

For Your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".
A "malicious website blocked" is entirely different from a "malware detected" event.

The website  Block message indicates that a potential risk was blocked by the malicious website protection.
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Web-protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
 
 
Incoming block notice can be ignored, the Malwarebytes real-time protection is blocking the threat and there is nothing more that can be done.
On Outbound blocks, any attempted connection was stopped.
 
No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).
 A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, DISCORD, or Instagram, SKYPE or Peer-to-peer software, to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert.

Link to post
Share on other sites

After you get caught up & when you have quiet time

Perform a Clean Boot in Windows 11 to minimize Software Conflicts[/b][/color]
See this link

Keep in mind the tool FRST64.exe is already on your system, on the Downloads folder

Please run this special purpose custom script. Read all of this before you start. Please Close all open work.

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt < - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRST64 and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . 

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

IF the FRST64 ( Farbar FRST) issues a error message when you start this tak-run, then Please Stop and let me know the "error exception message", then wait for me to make a new reply.

Link to post
Share on other sites

4 hours ago, Maurice Naggar said:

Hello :welcome: @hkrish

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

I would like a report set for review. This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished.
Attach the mbst-grab-results.zip from the Desktop to your reply..

Attached

mbst-grab-results.zip

Link to post
Share on other sites

4 hours ago, Maurice Naggar said:

p.s. Please advise if the BitDefender Version: 27.0.1.259 is a paid-for license ?  or is BitDefender a trial ?

I've tried out the trial for Bitdefender but I later uninstalled it, since I wasn't sure if the overheating issue was due to it. Currently I'm using only Windows defender and Malwarebytes trial.

Link to post
Share on other sites

1 hour ago, Maurice Naggar said:

After you get caught up & when you have quiet time

Perform a Clean Boot in Windows 11 to minimize Software Conflicts[/b][/color]
See this link

Keep in mind the tool FRST64.exe is already on your system, on the Downloads folder

Please run this special purpose custom script. Read all of this before you start. Please Close all open work.

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt 13.07 kB · 1 download  < - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRST64 and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . 

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

IF the FRST64 ( Farbar FRST) issues a error message when you start this tak-run, then Please Stop and let me know the "error exception message", then wait for me to make a new reply.

I have disabled all the startup items and services and ran the tool. fixlog file is attached. I'm going to shutdown my laptop since the overheating issue has popped up again, but I may have to run it later for work.

Fixlog.txt

Link to post
Share on other sites

PS.  No need to click on the "Quote" when you need to begin a new reply. Just start typing your reply in the white-box at bottom. I automatically get notified each time you reply. You and I are the only participants on this case. I saw remnants of BitDefender, that is why I asked. So that will be another item to cover for next "cleanup", later.

Next opportunity you have, do what follows. 

This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool. ESET Onlinescanner checks for viruses, other malware, adwares, & potentially unwanted applications.
This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on CUSTOM scan  and select C drive to be scanned
  • Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"
  • and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours.

  • At screen "Detections occurred and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review

PS. I am a volunteer here. And this is the weekend. My next chance to get back to you may be delayed till possibly sometime Sunday.

Link to post
Share on other sites

Close those windows, if still present. Close the ESET scan window. Make some time to run this tool-report.

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here:   https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
  • Save Autoruns.zip to your computer. Then locate it and extract it to a new folder where you can find and run it.
  • Once it starts you may not be able to easily stop the scan but you can try to press the Escape key on your keyboard.
  • Once scanning is stopped, click on the Options menu at the top of the program and select Scan Options... 
  • Then place a check mark on the following items Verify Code Signatures, Check VirusTotal.com, and Submit Unknown Images
  • Then click the Rescan button. Agree to the VirusTotal EULA
  • Once the new scan has been completed, please click on the File button at the top of the program and select Save, or use the Save icon, and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right-click on the Autoruns.arn file (it will typically be the name of your computer) on your desktop or where you save it, and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder (your computer name.zip) you just created to your next reply.

 

image.png

Link to post
Share on other sites

Thank you for the Autoruns report. I do not see a tell-tale indication of a malicious malware. But let us proceed with what follows.
Fisrt one adjustment:
Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

>

Keep in mind the tool FRST64.exe is already on your system, on the Downloads folder

Please run this special purpose custom script. Read all of this before you start. Please Close all open work.

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt < - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRST64 and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
This will run very quickly. This will do a RESTART.
The tool will make a log on the Downloads folder (Fixlog.txt) . 

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

AFTER that run

Find on the Downloads folder mb-support-1.9.1.977.exe and do a RIGHT-Click on it and select "Run as Administrator"  and reply YES when prompted to ALLOW it to proceed.

Once after it is started,   click Advanced >>> then Gather Logs

Have patience till the run has finished.
Attach the mbst-grab-results.zip from the Desktop to your reply..

Edited by Maurice Naggar
amended
Link to post
Share on other sites

Hello. Thank you for the reports. Kindly let me know, Have the "Block notices" bt Malwarebytes gone away ?

This here is to do a Quick Scan with Microsoft Defender antivirus. Open an elevated Powershell window i.e. run Powershell Prompt as an administrator .

On the Taskbar Search box, type in

powershell.exe


click the line for "run as administrator"


It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  for the whole line, as-is
On that Powershell prompt,  Copy & Paste this command

Start-MpScan -ScanType QuickScan

press Enter-key on keyboard   and watch & write down the result. You may close the Powershell window when all done.

I also would appreciate this report:

First, Temporarily disable Microsoft SmartScreen to download the next software below 

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.  

( 2 )

I would recommend getting a readout report as to update status of some key apps.
Download SecurityCheck by glax24 from here

and save the tool on the desktop.

                   If Windows's  SmartScreen block that with a message-window, then
                         Click on the MORE INFO spot and over-ride that and allow it to proceed.

                             This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

When all done, you may go back to turn ON the EDGE Smartscreen protection.

Edited by Maurice Naggar
amended
Link to post
Share on other sites

Yeah those Malwarebytes outbound connections seem to have disappeared. The last one was like a day ago. This was my biggest worry and I'm thankful for your help in getting it fixed.

I ran the scan but I didn't see anything in the results. The text came out garbled after it finished. I tried running it a few more times but the result was the same.

image.thumb.png.344db0104bcebac8bccf544ec48fcd86.png

 

I've run the other two scans and attached the files. However when I was running SecurityCheck by glax24, my CPU temperature shot up again, reaching over 85 degrees Celsius. The sensor even picked up temperatures of 90 degrees Celsius at a few points.

 

image.thumb.png.0094db4b25752049ac25fbdfa0d76cd4.png

 

If you can help me solve this issue as well, it would be great.

I read up that this might be a hardware issue and if so I'll take it to the repair shop instead. What would you suggest?

FSS.txt SecurityCheck.txt

Link to post
Share on other sites

I would simply remark, to insure there is adequate space for air flow all around your computer.  And to see that your Windows is not auto-starting applications that do not have to be auto-started. If the hardware is truly having a hardware heating issue, you may want to Shutdown Windows and give the hardware a rest for a few hours. I will look at the last 2 reports and get back with you.

Link to post
Share on other sites

As regards the report from SecurityCheck:

This system has ( seemingly) too many versions of Python.  Are you perhaps a Python developer?

Python 2.7.18 v.2.7.18150 Uninstall this one. The pc has 2 other versions
 
Discord v.1.0.9005   Warning! Download Update

Notepad++ (64-bit x64) v.8.5.4   Warning! Download Update

Bitdefender Agent RedLine Service + Bitdefender Agent v.27.0.1.259 are actively running. Is this a paid-for licensed program?

Link to post
Share on other sites

Yes, I'm a developer, and I might need both python 2.7 and python 3, but I'll try to make a clean install of them. I'm updating discord and Notepad++.

 

As for Bitdefender, I've already mentioned in a previous reply that I tried out the trial and later removed it from my computer. I would like to clean up the remnants of Bitdefender that are still in my system.

 

The overheating issue is still present. I'll try taking it to the service center once all the fixes are done and see if they can help.

Link to post
Share on other sites

we can proceed with cleanup of tools we used.

To remove the FRST tool & its work files, do this.Go to your Downloads folder.Do a RIGHT-click on FRST64.exe & select

RENAME

& then change it to

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.

Delete FSS.exe
Delete SecurityCheck.exe
Delete mb-support-1.9.1.977.exe on the Downloads folder
Delete mbst-grab-results.zip

Any other download file I had you download, you may delete. 
You ought to check to see that your system is not running "Torrent" utilities ( if any) which do take overhead.
This machine does not have malware.
I wish you all the best. Stay safe.
Sincerely.

Maurice

  • Thanks 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.