CzRLzS Posted January 23 ID:1613191 Share Posted January 23 I just downloaded it and noticed that a website is making outgoing connections and it didnt stop, so I formatted the pc (well done). Now when I download chrome it keeps giving me that problem and I don't know what to do. This are all the filles of the website: -Registration details Date of protection event: 23/1/24 Protection event time: 15:23 Log file: fd242b0e-b9fa-11ee-b2b0-b42e99c9f41b.json -Software information Version: 4.6.8.311 Component version: 1.0.2242 Update package version: 1.0.79988 License: Trial -System information OS: Windows 10 (Build 19045.3930) CPU: x64 File system: NTFS User: System -Details of the blocked website Malicious website: 1 C:\Program Files, C:\GoogleChrome.exe, Blocked, -1, -1, 0.0.0, , -Web site data- Category: Riskware Domain: api.npoint.io IP Address: 216.24.57.3 Port: 443 Type: Outgoing File: C:\Program Files Google Chrome Application.exe Translated with DeepL.com (free version) Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 23 ID:1613198 Share Posted January 23 (edited) Hello. My name is Maurice. I will guide you. The Malwarebytes real-time web protection is keeping pc safe from potential harm. The attempted access to api.npoint.io are STOPPED. Removing pesky malware can be an involved set of tasks over separate runs. Have much patience. Follow my directions. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. Do these 2 steps so that ALL folders & Files are set to SHOW, plus also, Turn OFF Windows Fast start. 1. Show-Hidden-Folders-Files-Extensions https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/ 2. Disable-Fast-Startup https://forums.malwarebytes.com/topic/299350-disable-fast-startup/ 3. I would like a report set for review. This is a report only. This is the first beginning step so I can see what is what on this particular machine. Please download MALWAREBYTES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Attach the mbst-grab-results.zip from the Desktop to your reply.. Edited January 23 by Maurice Naggar 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 28 ID:1614343 Share Posted January 28 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 28 ID:1614378 Share Posted January 28 Topic has been reopened per request. Thanks Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 28 ID:1614381 Share Posted January 28 I did get the support tool ZIP report. As a next step, I suggest the following: This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool. ESET Onlinescanner checks for viruses, other malware, adwares, & potentially unwanted applications. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. If upon launching the Esetonlinescanner, there is a windows-message box displaying A driver cannot load on this device. Driver ehdrv.sys then, please, TICK the check-box "Don't show this message again" and then, click the Close button on that window-box. The ESET scan will proceed forward. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on CUSTOM scan and select C drive to be scanned Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occurred and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review Link to post Share on other sites More sharing options...
CzRLzS Posted January 29 Author ID:1614411 Share Posted January 29 Done lacabra.txt Link to post Share on other sites More sharing options...
CzRLzS Posted January 29 Author ID:1614412 Share Posted January 29 32 minutes ago, CzRLzS said: Done lacabra.txt 338 B · 0 downloads Just realize it is in spanish, here you have it in english register.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 29 ID:1614614 Share Posted January 29 Go ahead and do a new scan with a different scanner. Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply Link to post Share on other sites More sharing options...
CzRLzS Posted January 30 Author ID:1614756 Share Posted January 30 That´s the log and the problem still going. cureit.log Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted January 30 Solution ID:1614834 Share Posted January 30 Quote There are no infected objects detected Please do the following actions, so that Microsoft Defender antivirus runs side-by-side along with Malwarebytes. Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } IF that line-selection is greyed-out unavailable, do not fret. Just skip over that. This will not affect any real-time protection of the Malwarebytes for Windows 😃. Close Malwarebytes. > The following should squash a rogue pest GoogleUpdater Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine. NOTE-1: It removes the rogue GoogleUpdater. This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will attempt to run some scans with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers. It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more. Please Close all open work before you actually do begin this run. FRSTENGLISH program location: Downloads folder. The tool is already on system. That is what we will use. Please download the attached fixlist.txt file and save it to Downloads Fixlist.txt<- < - - - - NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work. Right-click with your mouse on FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important. next, press the Fix button just once and wait. You will see a green-color scroll display while FRST is running. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. NOTICE: For potential outside readers, This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm. Try to remember what app or tweak or game you downloaded before the current troubles began. NOTE: After this run I would expect the IP Block events to cease, and I expect your system to be running better than before. 1 Link to post Share on other sites More sharing options...
CzRLzS Posted January 30 Author ID:1614909 Share Posted January 30 In the same day I downloaded Sterallis and a technician came to my house to change the router (was here ocasionally and decided to change it because the one he had was too old), after changing the router it started to block the ip, so it could be that it was happening before but it would not have been blocking it. Then it began to happen and told me to format the computer. I did it in the bios and delleting all the dics. If its continues I will inform you, but for now it stoped. Do you thing its a good idea to turn on "protection against brute force" on malwarebytes? Thank you for your patientes. Fixlog.txt Link to post Share on other sites More sharing options...
CzRLzS Posted January 30 Author ID:1614919 Share Posted January 30 I think it stopped, but it follows in my laptop (in wich I never download nothing rare). Do I do all the steps in my laptop? Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 31 ID:1615080 Share Posted January 31 Keep the standard normal settings in Malwarebytes. That is to say, do not go changing protection settings of Malwarebytes. The custom-run is good. The Windows System File Checker has made some corrections. Windows Resource Protection found corrupt files and successfully repaired them. This last run has completed what was originally intended. Keep in mind, this Topic thread is just for the machine labeled RPTP7ML For your other machine, if it has issues, you could run the scanners I had listed here. BUT do not in any way use the custom-Fix, that is totally customized for one machine only,. So, in preparation of wrapping up this original case, we do this. This is just a report. SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications. Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe If Microsoft SmartScreen blocks the download, click through to save the file This tool is safe. Smartscreen is overly sensitive. If SmartScreen blocks the file from running click on More info and Run anyway Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Thank you Link to post Share on other sites More sharing options...
CzRLzS Posted February 1 Author ID:1615279 Share Posted February 1 SecurityCheck.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 1 ID:1615326 Share Posted February 1 (edited) On this machine, you need to insure that Chrome browser is the Latest Release version. Google Chrome v.120.0.6099.225 Warning! Download Update [/color] [/b] Now, we can wrap up on this case, on this machine. 👌💢 Temporarily disable Microsoft SmartScreen to download the next software below Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_2-15.exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. After that completes, Delete mb-support-1.9.7.1002.exe Delete mbst-grab-results.zip on the Desktop. Your system is good-to-go. 😎 Sincerely. Edited February 1 by Maurice Naggar 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 1 ID:1615329 Share Posted February 1 We're glad that we were able to assist you. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts