Jump to content

Malware - cmd.exe 172.11.239.90


Recommended Posts

Hi

I have the same malware infection as some other recent posts.

Recently noticed a CMD window flashing on screen and what seems to be unusual scheduled activity of a 'Firefox Default Browser Agent'

I have installed Kaspersky Free which is not detecting anything.

I have just installed MWB which detected and treated trojans and is now blocking a connection to 172.11.239.90:443 every minute.

Please find attached MBST grab following instructions given in other threads.  I have FRSTEnglish downloaded.

Thanks in advance.

mbst-grab-results.zip

Link to post
Share on other sites

Hello @adx  and  :welcome:

 

My name is MKDB and I will assist you.

 

 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow the steps in the given order and post back the log files.
  • Please attach all log files into your post.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • As English is not my native language, please do not use slang or idioms. It may be hard for me to understand.
  • If you do not respond within 4 days, your topic will be closed.
  • Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure.

 

Please give me some time to review what you have posted.

Thank you!

Link to post
Share on other sites

@adx

Unfortunately there are indications pirated software is on the system. Any and all programs requiring proper activation for which you do not have a valid product key will need to be removed before we can clean the system. If you are willing to uninstall such software please do so. If you are unable, or unwilling to remove the software, my support will end.

 

Illegal Software:

Quote

Microsoft Office LTSC Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Volume - en-us) (Version: 16.0.14332.20624 - Microsoft Corporation)

KMS_VL_ALL_AIO (HKLM-x32\...\{21498B56-B51C-4EB6-8846-0A7A5A62C93F}) (Version: 1.0.0 - KMS_VL_ALL_AIO)
S3 WinDivert1.1; C:\ProgramData\KMSAuto\bin\driver\x64WDV\WinDivert.sys [35376 2013-12-04] (Nemea Mjukvaruutveckling AB -> Basil Projects)

KMS crack is a known, illegal way to activate Windows and Office. I wonder if it's just your Office that is activated illegaly or if it is Windows itself as well...

Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure.

In your case, the use of the KMS crack is the reason for your infection.

 

Please see here:

 

I'm waiting for your feedback.

Edited by MKDB
Link to post
Share on other sites

46 minutes ago, adx said:

Appreciate you taking a look at the problem, I understand the issue and will advise the owner simply wipe the drive.

This seems to be the best solution if you are not the owner of this system @adx.

 

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

Edited by MKDB
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection.

Thank you.

 

As this topic seems to be solved, I do not follow it any longer.

Take care!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.