Website Blocked Due to Compromised?

[mike2874]

Ok this morning I’m on my phone posting this because I have no internet from and have no idea how to get it back. Rebooted router & computer but no change. I’m not really good at troubleshooting network stuff.

Good news I do have a fixlog.txt to post when I get my internet back.

[mike2874]

Here you go!

Fixlog.txt

Edited 13 hours ago by mike2874

[AdvancedSetup]

Thank you for the log @mike2874

So is the network working okay now?

 

Overall the fix ran well. It also found and fixed some other Windows issues

Windows Resource Protection found corrupt files and successfully repaired them.

 

Let me have you run the following please and attach back NEW, fresh logs if your network is working now

 

[ 1 ]
Scan with Farbar Recovery Scan Tool
https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/

[ 2 ]
Scan with FSS Farbar Service Scanner
https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/

[ 3 ]
Scan with SecurityCheck by glax24
https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/

 

Cheers

 

 

[mike2874]

Yeah I finally got back on ISP tech reluctantly helped me because it was on my end.

I'm on step (3) but avast is trying to block running says it's infected with IDP.ALEXA.54 think it maybe a false positive so ran the program.

FRST.txt Addition.txt FSS.txt SecurityCheck.txt

Edited 9 hours ago by mike2874

[AdvancedSetup]

Are you actively and purposefully running Carbonite backup software?  Just want to make sure as they're using PowerShell to do the update  @mike2874

How is the computer running now?

Are there still any blocks or alerts or any other signs of infection at this time?

 

 

Please Uninstall, Update, or otherwise address the following as appropriate for your computer

1. Python 3.10.11 (64-bit) v.3.10.11150.0 Warning! Download Update
2. Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 v.14.40.33810.0 Warning! Download Update
3. Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 v.14.40.33810.0 Warning! Download Update

Then RESTART the computer and check for Windows Updates and install any found

 

 

[mike2874]

Yes I'm purposefully running Carbonite I've had a subscription for years.

Computer is running fine and has all along except for the Malwarebytes alert screens. Looks like i have one remaining alert screen.

(1) I just download the latest 64-bit correct?

(2) I skip this because my computers 64-bit correct?

(3) I just download this correct?

 

Edited 8 hours ago by mike2874

[AdvancedSetup]

Python can be annoying. Generally speaking you would uninstall the older version and install the new version. However sometimes program that use it need a specific version to work.

Yes, just download he latest version and if you're not using some specific software that need Python then you can uninstall the older version before installing the new one.

 

The other actually needs both updated. Your computer though x64 does also run x32 as well

 

10 minutes ago, mike2874 said:

Computer is running fine and has all along except for the Malwarebytes alert screens. Looks like i have one remaining alert screen.

Please show me a current Alert screen from Malwarebytes

 

Then get me the MBST logs

 

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download the Malwarebytes Support Tool
• In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
• In the User Account Control pop-up window, click Yes to continue the installation
• Run the MBST Support Tool
• In the left navigation pane of the Malwarebytes Support Tool, click Advanced
• In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
• A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

[mike2874]

So I don’t even know what Python is or if one of my programs specifically requires it. Where do you find it to uninstall first before installing the new I’m not seeing it in Control Panel > Programs?

On the current alert screen I’ll have to wait until it randomly pops up again to get a snapshot. Then I’ll get you the MBST logs.

Pretty sure I’ve already provided the mbst-grab-results.zip are you saying this needs to be done again.

Edited 7 hours ago by AdvancedSetup
Corrected font issue

[AdvancedSetup]

The logs constantly update. So I need either the current Protection log or I need the MBST log which contains those updated logs

 

[AdvancedSetup]

For Python, it is typically used for programs that run custom scripts or for stuff like AI tools.

Go ahead and go to Control Panel, Programs and uninstall the current version. Then download and install the new version

 

[mike2874]

Ok so there's no Python installed in Programs so guess I'll go ahead and install the latest version.

I'll work on the other installs you listed.

In the meantime alert screen has not popped up for a couple of hours but this was the last one and I think the only one randomly popping up. Possibly I'm opening a program and I'm not aware it is causing the alert screen.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/17/2024
Protection Event Time: 6:31 PM
Log File: fc32c5d0-8cdf-11ef-acdf-047c16e86794.json

-Software Information-
Version: 5.1.11.133
Components Version: 1.0.5048
Update Package Version: 1.0.90577
License: Premium

-System Information-
OS: Windows 11 (Build 22631.4317)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, System, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Compromised
Domain:
IP Address: 95.214.55.138
Port: 137
Type: Outbound
File: System

 

(end)

[mike2874]

Ok I've installed everything you listed to download & install. Rebooted computer each time as required.

Windows updates are up to date.

mbst-grab-results.zip

[AdvancedSetup]

Please do the following @mike2874

 

• Download CurrPorts by Nir Sofer
• CurrPorts - Monitoring Opened TCP/IP network ports / connections
• Product information:   https://www.nirsoft.net/utils/cports.html
• Direct download link:  https://www.nirsoft.net/utils/cports-x64.zip
• Make a new folder. Suggestion  C:\Utils\CurrPorts   then extract the files from the zip to C:\Utils\CurrPorts as shown below

• Right-click over cports.exe and select Run as administrator to launch the program

• Run the program and review it to become accustomed to it.
• Click on the Option menu and place a check mark on Beep on New Ports 

• Wait until you see an alert or block for an IP or Network block from Malwarebytes and then switch to CurrPorts 
• Click the View menu and select HTML Report - All items 

• The program will now create an HTML report of all of the network connection data
• The report is saved to the location where CurrPorts is run from. In our case C:\Utils\CurrPorts\report.html   
• Zip the file C:\Utils\CurrPorts\report.html and attach it to a Private Message for me - DO NOT post it here in this public forum

 

Thank you