Jump to content

system32/cmd.exe sending request to 172.111.239.90 malware???

markenti
 Share
Go to solution Solved by MKDB,

Recommended Posts

markenti

markenti

Posted
Posted

Hello.

Started using malwarebytes yesterday, when my social media was hacked, deinstalled suspisious programs but malwarebytes still blocks this every minute or so..

What can i do now??

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/16/2024
Protection Event Time: 10:34 AM
Log File: fb82fe30-e36f-11ee-ae9f-7085c25c051f.json

-Software Information-
Version: 5.1.0.102
Components Version: 1.0.1179
Update Package Version: 1.0.82200
License: Trial

-System Information-
OS: Windows 11 (Build 22000.2538)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\cmd.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Malware
Domain: 
IP Address: 172.111.239.90
Port: 443
Type: Outbound
File: C:\Windows\System32\cmd.exe

(end)

Link to post
Share on other sites
markenti

markenti

Posted
  • Author
Posted
14 minutes ago, MKDB said:

@markenti

Who gave you this fixlist for FRST?

Do you get help from another helper (on another forum) as well?

I googled same thing people are having problem with and used the same fixlist from that thread, might been from this same forum.

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted
8 minutes ago, markenti said:

I googled same thing people are having problem with and used the same fixlist from that thread, might been from this same forum.

But you know that every infection is unique and needs to be treated that way?

I think it is very risky to apply the same repair. Or does this other user have the identical computer, the same version of the operating system, the same software, the exact same "version" of this malware etc.?

Did you understand what this repair with FRST did with your computer?

 

Personally speaking, it's your machine and you can do whatever you like. But your approach doesn't sound professional. I don't mean that in a derogatory or bad way at all.

I offer you to completely analyze and clean up your system.

Thank you!

Link to post
Share on other sites
markenti

markenti

Posted
  • Author
Posted

Sorry, I am not really an IT guy, just do not want my socials go be hacked any longer. Tried to find a solution myself but seems like I messed something up?

Could you guide me step by step to make sure my pc is clean, thanks.

  • Thanks 1
Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

@markenti

Please don't get me wrong. I completely understand your intentions, but the way you did it is dangerous.

All good now, let's start. 😃

 

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.
  • Thanks 1
Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

@markenti

This detection is related to your infection.

The fix that you have used, does not fit for your system. You have only removed the loading point of the malware, but it's still on your system.

Please stand by, I'm preparing a fix.

  • Thanks 1
Link to post
Share on other sites
markenti

markenti

Posted
  • Author
Posted
Just now, MKDB said:

@markenti

This detection is related to your infection.

The fix that you have used, does not fit for your system. You have only removed the loading point of the malware, but it's still on your system.

Please stand by, I'm preparing a fix.

Sorry, was just scared and not knowing things too well I just tried, but thats why we have experts like you, who know these things haha, thank you for helping me.

Link to post
Share on other sites
  • Solution
MKDB

MKDB

Posted
  • Solution
Posted

@markenti

Please stay away from CheatEngine... it's bundled with other unwanted software and/or crap!

I've seen that you have already tried a number of tools. Due to it's filesize, this malware is hard to detect.

I recommend to change all passwords once we have finished here.

 

 

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Marko\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the FIX button only once and wait.
  • Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
  • Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

fixlist.txt

  • Thanks 1
Link to post
Share on other sites
markenti

markenti

Posted
  • Author
Posted
3 minutes ago, MKDB said:

@markenti

Please stay away from CheatEngine... it's bundled with other unwanted software and/or crap!

I've seen that you have already tried a number of tools. Due to it's filesize, this malware is hard to detect.

I recommend to change all passwords once we have finished here.

 

 

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Marko\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the FIX button only once and wait.
  • Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
  • Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

fixlist.txt 3.79 kB · 1 download

Here

Fixlog.txt

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

@markenti

Well done. 👍

 

Let's run FRST and SecurityCheck to check the results.

Let me know how things are going.

Thank you again!

 

 

1️⃣

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

2️⃣

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

 

  • Thanks 1
Link to post
Share on other sites
markenti

markenti

Posted
  • Author
Posted
3 minutes ago, MKDB said:

@markenti

Well done. 👍

 

Let's run FRST and SecurityCheck to check the results.

Let me know how things are going.

Thank you again!

 

 

1️⃣

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

2️⃣

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

 

Right now cant see nothiong to be detected, is it done?

Addition.txt FRST.txt SecurityCheck.txt

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

@markenti

We are done.

You should update your Windows 11 version, it's old:

https://www.microsoft.com/en-us/software-download/windows11

 

 

You should update some programs (if your still need them) or uninstall them (if you don't need them anymore):

NVIDIA GeForce Experience 3.27.0.112 v.3.27.0.112 Warning! Download Update
Node.js v.18.17.1 Warning! Download Update
Python 3.11.3 (64-bit) v.3.11.3150.0 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 v.14.36.32532.0 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 v.14.36.32532.0 Warning! Download Update
OpenOffice 4.1.13 v.4.113.9810 Warning! Download Update
Discord v.1.0.9010 Warning! Download Update
Java 8 Update 351 (64-bit) v.8.0.3510.10 Warning! Download Update
Uninstall old version and install new one (jre-8u401-windows-x64.exe).

Audacity 3.4.1 v.3.4.1 Warning! Download Update
Spotify v.1.2.3.1115.gd61a8f5c Warning! Download Update

CCleaner v.6.22 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.

 

 

 

Thank you for your cooperation. You can use KpRm to remove FRST and other tools.

 

Please download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, select Delete Tools under Actions.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.

 

A few final recommendations can be found here:

https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/

 

 

Further reading if you like to keep up on the malware threat scene:

Malwarebytes Blog  https://blog.malwarebytes.com/

 

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes.

 

 

  • Thanks 1
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.