Jump to content

Possible infection


Go to solution Solved by AdvancedSetup,

Recommended Posts

This one is probably a false positive.

While we wait for staff to review, I want to pass some info on to you, Staff will check the IP and if not bad anymore they will delist it.

It must be due to some server(s) the games are trying to connect to. Steam and many others use p2p connections to play online. As long as the games aren't at risk for connecting to malicious content (which they shouldn't be), you should be able to simply exclude the games' executables from Web Protection using the method described under the Allow an application to connect to the Internet section of this support article.

I would not do the exclusion on the PLEX one though.

Quote

-Website Data-
Category: RiskWare
Domain: leftliquid.com
IP Address: 34.110.240.68
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

 

With this one your Plex server is having a compromised IP trying to connect to it. Malwarebytes is doing its job to protect you.

Quote

-Website Data-
Category: Compromised
Domain:
IP Address: 119.28.156.200  https://www.abuseipdb.com/check/119.28.156.200
Port: 32400
Type: Inbound
File: C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe

 

Link to post
Share on other sites

9 minutes ago, unholychocolate said:

It is stored locally, I only listen to 2 bands so it is easier for me to import their cds and have them on my pc

.
 

When streaming with Plex you are routed through their servers, essentially P2P.

MB is protecting the server from inbound connections.

Does your phone have a slot for a SD card?  If so I would use one for your music.

 

Link to post
Share on other sites

1 hour ago, unholychocolate said:

What should I do then?

We can put you thru a full malware cleanup.

While you are waiting for the next qualified/approved malware removal expert helper to take on your case, even though you may have run the following Malwarebytes utility or its subsets, please carefully follow these instructions: Do not try any other cleaning of any kind after running the support tool. Use the computer as little as possible, or even better don’t use it at all except to check this topic and follow the instructions given.

First, Restart the computer.

Then do the following after restart.

WARNING: Do Not click the Repair System under Advanced unless requested by a Malwarebytes support agent or authorized helper

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

Link to post
Share on other sites

  • Root Admin

The other detection is from Steam

Unless the Plex or Steam is not working then Malwarebytes is doing it's job to stop bad IP address connections.

The logs do not indicate any obvious infection, but let's go ahead and run an antivirus scan just to double-check @unholychocolate

 

 

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool

https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe

How to run a scan with Kaspersky Virus Removal Tool 2020
https://support.kaspersky.com/15674

How to run Kaspersky Virus Removal Tool 2020 in the advanced mode
https://support.kaspersky.com/15680

How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan
https://support.kaspersky.com/15681

 


Select the  image.png  Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

image.png

add -dontencrypt   Note the space between KVRT.exe and -dontencrypt

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.
 
image.png


That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr
Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply.

To start the scan select OK in the "Run" box.

A EULA window will open, tick all confirmation boxes then select "Accept"

image.png

In the new window select "Change Parameters"

image.png

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

image.png

Attach the report information as previously instructed...
 
Thank you
 
 

 

 

Link to post
Share on other sites

  • Root Admin

Kaspersky found nothing. Let's run a couple of other scanner @unholychocolate

 

 

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

 

 

 

Link to post
Share on other sites

  • Root Admin

Okay, that's good to hear.

Please run the following

 

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites

  • Root Admin
  • Solution

You're using a very old 1.x version of Keepass

You may wish to consider upgrading to the 2.x version

KeePass Password Safe 1.41 v.1.41 Warning! Download Update

 

Other than that how is the computer running now?

Are there still any signs of infection?

I'm leaving for vacation soon. If you're still having an issues I'll need to get someone to step in and finish up with you.

Thanks @unholychocolate

Link to post
Share on other sites

  • Root Admin

Great, glad to hear all seem well again.  Thank you for the well wishes

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please attach that file to your next reply. (not compulsory)

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.