Jump to content

RTP detection of a website

CzRLzS
 Share
Go to solution Solved by Maurice Naggar,

Recommended Posts

CzRLzS

CzRLzS

Posted
Posted

I just downloaded it and noticed that a website is making outgoing connections and it didnt stop, so I formatted the pc (well done). Now when I download chrome it keeps giving me that problem and I don't know what to do.

This are all the filles of the website:

-Registration details
Date of protection event: 23/1/24
Protection event time: 15:23
Log file: fd242b0e-b9fa-11ee-b2b0-b42e99c9f41b.json

-Software information
Version: 4.6.8.311
Component version: 1.0.2242
Update package version: 1.0.79988
License: Trial

-System information
OS: Windows 10 (Build 19045.3930)
CPU: x64
File system: NTFS
User: System

-Details of the blocked website
Malicious website: 1
C:\Program Files, C:\GoogleChrome.exe, Blocked, -1, -1, 0.0.0, , 

-Web site data-
Category: Riskware
Domain: api.npoint.io
IP Address: 216.24.57.3
Port: 443
Type: Outgoing
File: C:\Program Files Google Chrome Application.exe

Translated with DeepL.com (free version)

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Hello. :welcome: My name is Maurice. I will guide you.

  • The Malwarebytes real-time web protection is keeping pc safe from potential harm.
  • The attempted access to api.npoint.io are STOPPED.
  • Removing pesky malware can be an involved set of tasks over separate runs. Have much patience. Follow my directions. 
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

    Do these 2 steps so that ALL folders & Files are set to SHOW, plus also, Turn OFF Windows Fast start.
    1. Show-Hidden-Folders-Files-Extensions
    https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/

    2. Disable-Fast-Startup
    https://forums.malwarebytes.com/topic/299350-disable-fast-startup/

3. I would like a report set for review. This is a report only. This is the first beginning step so I can see what is what on this particular machine.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished.
Attach the mbst-grab-results.zip from the Desktop to your reply..

Edited by Maurice Naggar
  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

I did get the support tool ZIP report.

As a next step, I suggest the following:
This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool. ESET Onlinescanner checks for viruses, other malware, adwares, & potentially unwanted applications.
This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

If upon launching the Esetonlinescanner, there is a windows-message box displaying 

A driver cannot load on this device. Driver ehdrv.sys

then, please, TICK the check-box 

"Don't show this message again"

and then, click the Close button on that window-box. The ESET scan will proceed forward.

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on CUSTOM scan  and select C drive to be scanned
  • Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"
  • and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours.

  • At screen "Detections occurred and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Go ahead and do a new scan with a different scanner.

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply
Link to post
Share on other sites
  • Solution
Maurice Naggar

Maurice Naggar

Posted
  • Solution
Posted
Quote

There are no infected objects detected

Please do the following actions, so that Microsoft Defender antivirus runs side-by-side along with Malwarebytes.
Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }
IF that line-selection is greyed-out  unavailable, do not fret. Just skip over that.

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

>

The following should squash a rogue pest  GoogleUpdater

Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.

NOTE-1:  It removes the rogue GoogleUpdaterThis custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will attempt to run some scans with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers.  It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more.

Please Close all open work before you actually do begin this run.

FRSTENGLISH program location:   Downloads folder. The tool is already on system. That is what we will use.

Please download the attached fixlist.txt file and save it to Downloads

Fixlist.txt<- < - - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.

next, press the Fix button just once and wait.

You will see a green-color scroll display while FRST is running.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.

Try to remember what app or tweak or game you downloaded before the current troubles began.

NOTE: After this run I would expect the IP Block events to cease, and I expect your system to be running better than before.

  • Thanks 1
Link to post
Share on other sites
CzRLzS

CzRLzS

Posted
  • Author
Posted

In the same day I downloaded Sterallis and a technician came to my house to change the router (was here ocasionally and decided to change it because the one he had was too old), after changing the router it started to block the ip, so it could be that it was happening before but it would not have been blocking it. Then it began to happen and told me to format the computer. I did it in the bios and delleting all the dics. If its continues I will inform you, but for now it stoped. Do you thing its a good idea to turn on "protection against brute force" on malwarebytes? Thank you for your patientes.

  

 
 

Fixlog.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Keep the standard normal settings in Malwarebytes. That is to say, do not go changing protection settings of Malwarebytes.

The custom-run is good. The Windows System File Checker has made some corrections. 

Windows Resource Protection found corrupt files and successfully repaired them.
This last run has completed what was originally intended. 

Keep in mind, this Topic thread is just for the machine labeled RPTP7ML

For your other machine, if it has issues, you could run the scanners I had listed here.  BUT do not in any way use the custom-Fix, that is totally customized for one machine only,.

So, in preparation of wrapping up this original case, we do this. This is just a report.

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

On this machine, you need to insure that Chrome browser is the Latest Release version.

Google Chrome v.120.0.6099.225   Warning! Download Update   [/color] [/b]

Now, we can wrap up on this case, on this machine.

👌💢 Temporarily disable Microsoft SmartScreen to download the next software below

Let's go ahead and do some clean-up work and remove the tools and logs we've run.
Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_2-15.exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • After that completes,

Delete mb-support-1.9.7.1002.exe

Delete mbst-grab-results.zip on the Desktop.

Your system is good-to-go.    😎
Sincerely.

Edited by Maurice Naggar
  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

We're glad that we were able to assist you.

The following information will help you to keep your computer and data safer as well as improve your overall privacy

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/780233/best-password-manager/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download     https://patchmypc.com/about-us
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity

 

Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal

 

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

  • Like 1
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.