Jump to content

constant "website blocked due to compromise"

CyberBonk2077
 Share

Recommended Posts

CyberBonk2077

CyberBonk2077

Posted
Posted

i just keep getting these alerts "website blocked due to compromise" and "website blocked due to port scan" every 30 secs or so and from different ip addresses and it's getting really annoying, i have read a forum here about the same issue and i think i need some expert to help me sort this out. 

thank you.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted (edited)
16 minutes ago, CyberBonk2077 said:

i just keep getting these alerts "website blocked due to compromise" and "website blocked due to port scan" every 30 secs or so

If these are all incoming blocks,

Inbound blocks can be stopped by having a router between your internet provider's modem and your computer.

The blocks are on addresses that are attempting to do a forced attempt to exploit remote-desktop-protocol. 

The Real-Time Protection of Malwarebytes for Windows is actively doing its job to protect the system.

Edited by Porthos
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

We can verify if all the alerts are from Inbound blocks or not. @CyberBonk2077

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Thank you for the logs @CyberBonk2077

The logs do not indicate any obvious signs of infection and all of the blocks are Inbound starting from 08/11/2024, however there appears to be some type of issue with your profile. You might want to try running a disk check and reboot to see if that helps.

 

Application errors:
==================
Error: (08/15/2024 03:47:46 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-0I8KARV)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

 DETAIL - The process cannot access the file because it is being used by another process.

Error: (08/15/2024 03:47:46 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.