Jump to content

How to remove scrcons.exe send data to "d.mymst.top" everyday

quannd
 Share

Recommended Posts

quannd

quannd

Posted
Posted

Hi everyone,

My Malwarebytes antivirus is running in Windows Server 2019.

All OK but it detects & block with below content every day. 

-System Information-
OS: Windows 10 Server (Build 17763.6293)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\wbem\scrcons.exe, Blocked, -1, -1, 0.0.0, AE2951B6F89CAD07E48A8C2C4097243A, 2C91F17DD33E78430451D47F2E26715EB6E1FD8125E530182EC0CACEB4CD755F

-Website Data-
Category: RiskWare
Domain: d.mymst.top
IP Address: 104.21.24.221
Port: 80
Type: Outbound
File: C:\Windows\System32\wbem\scrcons.exe

How to remove this automatic backdoor program.

Please help.

Thank you!

Malwarebytes Website Blocked Report 2024-10-01 160005.txt

image.thumb.png.5c109acabf4a883affa4e870bfe97a26.png

image.thumb.png.19c56cf22111a6e35b9ead8935969024.png

 

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

Hello  @quannd  and  :welcome:

 

My name is MKDB and I will assist you.

 

 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow the steps in the given order and post back the log files.
  • Please attach all logs into your post.
  • Before we start, please make sure that you have an external backup of all private data.
  • Only run the tools I guide you to. Please don't run any other scans, don’t download, install or uninstall any programs while I'm working with you.
  • As English is not my native language, please do not use slang or idioms. It may be hard for me to understand.
  • If you do not respond within 4 days, your topic will be closed.
  • Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure.

 

 

  • Please download the Malwarebytes Support Tool (MBST).
  • Run MBST and accept license agreement.
  • In the left navigation pane of MBST, click Advanced.
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine.
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply.
Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

@quannd

Just a small notice:

The file scrcons.exe is not malicious. This file is a legit windows system file that is misused by malware.

Malwarebytes Anti-Malware notices the misuse and blocks the access to the malicious website.

 

Please attach the requested .zip file from MBST and I will be happy to help you.

Thank you!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.