TOMCCC Posted July 10 ID:1648195 Share Posted July 10 I also receive related alerts every day. At first it was "COMPROMISED", and I just received "REMOTEPORTSCNA" and "TROJAN" Is there something wrong with this app? My motherboard installed it automatically . Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/9/2024 Protection Event Time: 9:19 PM Log File: eecce558-3df5-11ef-a4b6-3c7c3f82e3f0.json -Software Information- Version: 5.1.6.117 Components Version: 1.0.1270 Update Package Version: 1.0.86680 License: Trial -System Information- OS: Windows 11 (Build 22631.3810) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Compromised Domain: IP Address: 104.156.155.5 Port: 9013 Type: Inbound File: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (end) -Log Details- Protection Event Date: 7/9/2024 Protection Event Time: 10:38 PM Log File: eac80842-3e00-11ef-a8e8-3c7c3f82e3f0.json -Software Information- Version: 5.1.6.117 Components Version: 1.0.1270 Update Package Version: 1.0.86682 License: Trial -System Information- OS: Windows 11 (Build 22631.3810) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RemotePortScan Domain: IP Address: 71.6.147.254 Port: 9012 Type: Inbound File: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/10/2024 Protection Event Time: 10:30 PM Log File: e71fb41a-3ec8-11ef-8534-3c7c3f82e3f0.json -Software Information- Version: 5.1.6.117 Components Version: 1.0.1270 Update Package Version: 1.0.86708 License: Trial -System Information- OS: Windows 11 (Build 22631.3880) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: IP Address: 179.60.149.8 Port: 9013 Type: Inbound File: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (end) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 10 Root Admin ID:1648240 Share Posted July 10 Hello @TOMCCC and Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware. Please respond to all future instructions from your helper in a timely manner. Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process Then follow each step in the order provided. Unless otherwise asked, please attach all logs Please make the following system changes: Please pay close attention the the instructions in all of the following links. If you have not done so already - Enable System Protection and create a NEW System Restore Point Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions Please run the following scans: Please pay close attention the the instructions in all of the following links. Click the following link and run a Scan with AdwCleaner Click the following link and run a Scan with Malwarebytes RESTART the computer Click the following link and run a Scan with Farbar Recovery Scan Tool Example image of where to click to attach files when posting your reply Thank you Link to post Share on other sites More sharing options...
TOMCCC Posted July 10 Author ID:1648249 Share Posted July 10 here is my logs🫡 Addition.txt FRST.txt AdwCleaner[S00].txt AdwCleaner[C01].txt Malwarebytes Scan Report 2024-07-11 023024.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 10 Root Admin ID:1648256 Share Posted July 10 Thank you for the logs. The logs do not indicate any signs of infection. The block is an Inbound alert that typically is due to a remote system probe of your system. To block that you'd need a physical router between your computer and your ISP provider modem. Normally Inbound blocks will go away on their own within a week or so You are running a service out of a TEMP folder which is not secure. The service should be removed and if you want to use the utility reinstall it into a fixed folder name, not a temp folder. S3 cpuz158; C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [44592 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION Update your Norton AV and do a Full System Scan and let me know if it finds any issues. My guess is the scan will come back clean 1 Link to post Share on other sites More sharing options...
Recommended Posts