WinstonSmith Posted February 14 ID:1617476 Share Posted February 14 I have the same issue as the above poster. Every minute MWB is detecting cmd.exe being used to connect to 172.111.239.90. I've read other threads on this topic and so I've got my log file from the support tool attached, as well as the FRST log and addition txt. mbst-grab-results.zip FRST.txt Addition.txt Link to post Share on other sites More sharing options...
JSntgRvr Posted February 14 ID:1617531 Share Posted February 14 Lets give a try to Malwarebytes Antimalware and Adwcleaner to scan your computer https://forums.malwarebytes.com/topic/304827-scan-with-malwarebytes/\ https://forums.malwarebytes.com/topic/304822-scan-with-adwcleaner/ Attach their reports. 1 Link to post Share on other sites More sharing options...
WinstonSmith Posted February 15 Author ID:1617712 Share Posted February 15 Thanks for the reply. Here are those logs. MWB scan quarantine.txt AdwCleaner[S00].txt Link to post Share on other sites More sharing options...
Solution JSntgRvr Posted February 15 Solution ID:1617744 Share Posted February 15 Let's begin... Frst C:\Users\jayb\Downloads\FRST64.exe Download the enclosed file Fixlist.txt Save it in the same location FRSTE64.exe is saved (Downloads folder) Start FRST (FRST64) with Administrator privileges This time around Press the Fix button and wait When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from. Please attach this file in your next reply. Link to post Share on other sites More sharing options...
WinstonSmith Posted February 15 Author ID:1617747 Share Posted February 15 All done. Fixlog.txt Link to post Share on other sites More sharing options...
JSntgRvr Posted February 15 ID:1617793 Share Posted February 15 How is the computer doing? Link to post Share on other sites More sharing options...
WinstonSmith Posted February 16 Author ID:1617911 Share Posted February 16 Not getting the persistent request to the IP, but still have two detections related to WR64.sys. MWB scan postfix.txt Link to post Share on other sites More sharing options...
JSntgRvr Posted February 16 ID:1617957 Share Posted February 16 Download the enclosed file Fixlist.txt Save it in the same location FRSTE64.exe is saved (Downloads folder) Start FRST (FRST64) with Administrator privileges This time around Press the Fix button and wait When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from. Please attach this file in your next reply. Link to post Share on other sites More sharing options...
WinstonSmith Posted February 16 Author ID:1618030 Share Posted February 16 Thank you very much. Everything seems to be working well now. Link to post Share on other sites More sharing options...
JSntgRvr Posted February 17 ID:1618051 Share Posted February 17 Very well. Congratulations. Use this application to remove tools used and their quarantined items: Please download KpRm by Kernel-panik and save to your Desktop. Click on KpRm.exe to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator. Put a check mark next to these items: - Delete tools - Create Restore Point - Delete now Click the "Run" button. When the tool has finished, it will create and open a log report and delete itself. A few final recommendations: The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Please review the following to help you better protect your computer and privacy Tips to help protect from infection Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal Link to post Share on other sites More sharing options...
Recommended Posts