SandraR99 Posted June 19 ID:1643908 Share Posted June 19 Hi, I today when I booted up my laptop, MalByte warned me of RTP detection websites being blocked. I have not, as far as I know, visited any other websites than the ones I have opened. I noticed that both Windows and Chrome had automatically updated when it had been in sleep mode since the last time I used the laptop (circa 2 days ago). Normally MB flags PUP's which after checking other forum posts, seems to not be a too big of a worry. However, now MB has blocked about 20 or so of these sites, all of them with the very similar IP adress, one of them keeps being blocked about every 30 minutes or so and I have no idea what they are or what it means for my system. Here are some example log texts. As you can see, all of them are from the same IP adress with very nonsensical webadresses and I wish to fix this problem. I tried to read the other forum posts solutions, but I could not really understand the steps provided or the language used so I ask kindly for patience. Thank you. Malwarebytes Website Blocked Report 2024-06-18 001649.zip Link to post Share on other sites More sharing options...
Porthos Posted June 19 ID:1643911 Share Posted June 19 @SandraR99 Although I will not be directly assisting you, a malware removal expert will be along to assist after you do the following. Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware. Please respond to all future instructions from your helper in a timely manner. Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process Then follow each step in the order provided. Unless otherwise asked, please attach all logs Please make the following system changes: Please pay close attention the the instructions in all of the following links. If you have not done so already - Enable System Protection and create a NEW System Restore Point <<<<< Important. Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed Disable-Fast-Startup <<<<< Important. Show-Hidden-Folders-Files-Extensions Please run the following scans: Please pay close attention the the instructions in all of the following links. Click the following link and run a Scan with AdwCleaner Click the following link and run a Scan with Malwarebytes RESTART the computer <<<<< Important. Click the following link and run a Scan with Farbar Recovery Scan Tool Example image of where to click to attach files when posting your reply Then be patient for the next expert to take your case. <<<<< Important. Thank you Link to post Share on other sites More sharing options...
SandraR99 Posted June 19 Author ID:1643923 Share Posted June 19 Malwarebytes Scan Report 2024-06-19 211434.txtFRST.txtAdwCleaner[C00].txtAddition.txt Hello again, I believe I have done all of the searches correctly. I have attached the files, however I saw that some of the text in the FRST and addition file have some stuff not written in english, but hopefully this will not be in the way for the person helping me. Thanks. Link to post Share on other sites More sharing options...
Solution JSntgRvr Posted June 19 Solution ID:1643937 Share Posted June 19 Start by resetting Google Chrome: Resetting Google Chrome to clear unexpected issues - PC Self-Help Articles and Guides - Malwarebytes Forums Let us know if the situation persists. Link to post Share on other sites More sharing options...
SandraR99 Posted June 20 Author ID:1644155 Share Posted June 20 Hi, thank you for taking you time with this. I have followed all of the steps and reset the sync for all of my devices. However if it is possible, could you explain what might have happened? Or why I was getting spammed by these outbound connections, especially from the same IP address? Since I had not really been going on any other sites then I normally use, I would also like to get some clarification on what these outbound connections are and how to stop it when it happens? Since it seems that the root file was a google.exe file and this only happened after google chrome did a force update, does this come from a weakness from googles part? How can I prevent this from happening in the future since I don't visit sites that malbytes flag as risky. I wish to educate myself on this so I know why it might happen and how to prevent it in the future. Thank you for your help so far, I will keep my eyes out and see if any more pop up the coming days. Link to post Share on other sites More sharing options...
JSntgRvr Posted June 20 ID:1644173 Share Posted June 20 This is usually planted as part of the browser's cashed entries. Once the browser is reset, default values will replace those. Please do keep me posted. Link to post Share on other sites More sharing options...
JSntgRvr Posted June 20 ID:1644174 Share Posted June 20 Lets cleanup. Please download KpRm by Kernel-panik and save to your Desktop. Click on KpRm.exe to run the tool. Vista/Windows 7/8/10/11 users right-click and select Run As Administrator. Put a check mark next to these items: - Delete tools - Delete Restore Points - Create Restore Point - Delete now Click the "Run" button. When the tool has finished, it will create and open a log report and delete itself. A few final recommendations: The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Please review the following to help you better protect your computer and privacy Tips to help protect from infection Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal. Regards. Link to post Share on other sites More sharing options...
Recommended Posts