unholychocolate Posted September 3, 2023 ID:1586787 Share Posted September 3, 2023 I am getting RTP detections from malewarebytes, but I am not finding any viruses when scanning. rtp-detection_23-9-3.txt rtp-detection_23-9-1.txt Link to post Share on other sites More sharing options...
Porthos Posted September 3, 2023 ID:1586795 Share Posted September 3, 2023 This one is probably a false positive. While we wait for staff to review, I want to pass some info on to you, Staff will check the IP and if not bad anymore they will delist it. It must be due to some server(s) the games are trying to connect to. Steam and many others use p2p connections to play online. As long as the games aren't at risk for connecting to malicious content (which they shouldn't be), you should be able to simply exclude the games' executables from Web Protection using the method described under the Allow an application to connect to the Internet section of this support article. I would not do the exclusion on the PLEX one though. Quote -Website Data- Category: RiskWare Domain: leftliquid.com IP Address: 34.110.240.68 Port: 443 Type: Outbound File: C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe With this one your Plex server is having a compromised IP trying to connect to it. Malwarebytes is doing its job to protect you. Quote -Website Data- Category: Compromised Domain: IP Address: 119.28.156.200 https://www.abuseipdb.com/check/119.28.156.200 Port: 32400 Type: Inbound File: C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe Link to post Share on other sites More sharing options...
unholychocolate Posted September 3, 2023 Author ID:1586846 Share Posted September 3, 2023 Hi, thanks. What could be connecting to my plex server? I can no longer run or open it. I just use it for streaming music to my phone. Link to post Share on other sites More sharing options...
unholychocolate Posted September 3, 2023 Author ID:1586854 Share Posted September 3, 2023 Well I can connect, but I cant get past the login screen Link to post Share on other sites More sharing options...
Porthos Posted September 3, 2023 ID:1586856 Share Posted September 3, 2023 @unholychocolate Do you have all your music stored on the computer or are you using Plex to get music from other sources? Link to post Share on other sites More sharing options...
unholychocolate Posted September 3, 2023 Author ID:1586857 Share Posted September 3, 2023 It is stored locally, I only listen to 2 bands so it is easier for me to import their cds and have them on my pc . Link to post Share on other sites More sharing options...
Porthos Posted September 3, 2023 ID:1586860 Share Posted September 3, 2023 9 minutes ago, unholychocolate said: It is stored locally, I only listen to 2 bands so it is easier for me to import their cds and have them on my pc . When streaming with Plex you are routed through their servers, essentially P2P. MB is protecting the server from inbound connections. Does your phone have a slot for a SD card? If so I would use one for your music. Link to post Share on other sites More sharing options...
unholychocolate Posted September 4, 2023 Author ID:1586940 Share Posted September 4, 2023 No it doesnt, and i'd prefer to use plex as I sometimes use it for playback on my pc as well. Ive done a full virus scan as well. malwarebytes-export.txt Link to post Share on other sites More sharing options...
Staff BjelakovicL Posted September 4, 2023 Staff ID:1586945 Share Posted September 4, 2023 Hi, Both of these are valid detections. https://www.abuseipdb.com/check/119.28.156.200 https://www.virustotal.com/gui/domain/leftliquid.com/detection Link to post Share on other sites More sharing options...
unholychocolate Posted September 4, 2023 Author ID:1586946 Share Posted September 4, 2023 Hi, ok thanks. What should I do then? Link to post Share on other sites More sharing options...
Porthos Posted September 4, 2023 ID:1586960 Share Posted September 4, 2023 1 hour ago, unholychocolate said: What should I do then? We can put you thru a full malware cleanup. While you are waiting for the next qualified/approved malware removal expert helper to take on your case, even though you may have run the following Malwarebytes utility or its subsets, please carefully follow these instructions: Do not try any other cleaning of any kind after running the support tool. Use the computer as little as possible, or even better don’t use it at all except to check this topic and follow the instructions given. First, Restart the computer. Then do the following after restart. WARNING: Do Not click the Repair System under Advanced unless requested by a Malwarebytes support agent or authorized helper Download the Malwarebytes Support Tool. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file. In the User Account Control (UAC) pop-up window, click Yes to continue the installation. Run the MBST Support Tool. In the left navigation pane of the Malwarebytes Support Tool, click Advanced. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste. For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent. Thank you. Link to post Share on other sites More sharing options...
unholychocolate Posted September 4, 2023 Author ID:1586968 Share Posted September 4, 2023 mbst-grab-results.zipHi thanks, I have ran that and attached the result Link to post Share on other sites More sharing options...
unholychocolate Posted September 4, 2023 Author ID:1586972 Share Posted September 4, 2023 I hadnt restarted the pc, Runing the tool again after a restart Link to post Share on other sites More sharing options...
unholychocolate Posted September 4, 2023 Author ID:1586973 Share Posted September 4, 2023 Done mbst-grab-results.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 4, 2023 Root Admin ID:1587067 Share Posted September 4, 2023 The other detection is from Steam Unless the Plex or Steam is not working then Malwarebytes is doing it's job to stop bad IP address connections. The logs do not indicate any obvious infection, but let's go ahead and run an antivirus scan just to double-check @unholychocolate Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe How to run a scan with Kaspersky Virus Removal Tool 2020https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced modehttps://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scanhttps://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencryptC:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you Link to post Share on other sites More sharing options...
unholychocolate Posted September 5, 2023 Author ID:1587179 Share Posted September 5, 2023 Hi, I have done this and attached the report.report_2023.09.05_06.49.04.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 5, 2023 Root Admin ID:1587193 Share Posted September 5, 2023 Kaspersky found nothing. Let's run a couple of other scanner @unholychocolate Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utilityhttps://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply Link to post Share on other sites More sharing options...
unholychocolate Posted September 5, 2023 Author ID:1587286 Share Posted September 5, 2023 That has also came up clean. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 5, 2023 Root Admin ID:1587316 Share Posted September 5, 2023 Okay, that's good to hear. Please run the following SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications. Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe If Microsoft SmartScreen blocks the download, click through to save the file This tool is safe. Smartscreen is overly sensitive. If SmartScreen blocks the file from running click on More info and Run anyway Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Thank you Link to post Share on other sites More sharing options...
unholychocolate Posted September 6, 2023 Author ID:1587414 Share Posted September 6, 2023 SecurityCheck.txt Ran that tool Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted September 6, 2023 Root Admin Solution ID:1587505 Share Posted September 6, 2023 You're using a very old 1.x version of Keepass You may wish to consider upgrading to the 2.x version KeePass Password Safe 1.41 v.1.41 Warning! Download Update Other than that how is the computer running now? Are there still any signs of infection? I'm leaving for vacation soon. If you're still having an issues I'll need to get someone to step in and finish up with you. Thanks @unholychocolate Link to post Share on other sites More sharing options...
unholychocolate Posted September 6, 2023 Author ID:1587542 Share Posted September 6, 2023 Yeah I have been meaning to upgrade it. Yes thankyou It seems to be ok, ive not had any other RTP detections. I hope you have a good vacation. Thankyou all for your help Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 6, 2023 Root Admin ID:1587544 Share Posted September 6, 2023 Great, glad to hear all seem well again. Thank you for the well wishes Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. Please attach that file to your next reply. (not compulsory) Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 8, 2023 ID:1588079 Share Posted September 8, 2023 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts