Recently i’ve been getting a notification from malwarebytes saying that it has blocked access to a potential malicious website:93.114.43.213 type:outgoing port:49704 process:chrome.exe. I’m worried it might be a backdoor trojan. I did all the steps from http://forum.avast.com/index.php?topic=53253.msg451454#msg451454 and attached the log files.
These are few more of the log files.
hey and welcome to the forum. thanks for attaching the neccassary logs a malware expert will guide you from here when one is online.
Hi,
Did you set this page as you home page to google chrome?
http://webspace.apiit.edu.my/
your logs looks good. We only remove and reset some remains.
If I understand you correctly, MBAM has blocked a some malicious page? It’s perfectly normal, MBAM just doing his job.
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
IE - HKU\S-1-5-21-2996048538-1955443101-3466748979-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2996048538-1955443101-3466748979-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O3 - HKU\S-1-5-21-2996048538-1955443101-3466748979-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
:files
C:\Program Files\ESET
C:\Users\Gann\AppData\Local\ESET
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
:commands
[CREATERESTOREPOINT]
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
HI,
No i didn’t set http://webspace.apiit.edu.my/ as my homepage in google chrome.
By the way I switched from ESET to AVG. Will that cause a problem?
By the way I switched from ESET to AVG. Will that cause a problem?Yes, I saw that in logs. ;D No, not a problem because you uninstall the previous.
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
CHR - homepage: http://webspace.apiit.edu.my/
CHR - homepage: http://webspace.apiit.edu.my/
:commands
[purity]
[Reboot]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
Is there any problems with computer? Any malware alerts?
Re-run OTL , click on RunScan and attach here fresh OTL.txt log
I did exactly as you said but there was no log report made but I found where the logs were stored. I think this is the log, I might be mistaken though.
By the way should i be careful on what i type, like typing password or mails and such?
Hi,
By the way should i be careful on what i type, like typing password or mails and such?Always have to be careful. But like I said, I did not see anything problematic (malware) in the logs.
Answer so that I knew my next step.
Well everytime i access this website http://www.manga-access.com/ or use utorrent a report from MBAM says that it has blocked access to a potentially maliciaous website. I never had this issues last time. This occurred when i tried to use a pirated game.
Aha, well MBAM detections are leght. 8)
Simply, if you want to stay safe, obey to mbam warnings, because it is the webpage marked as a threat for a reason.
I also noticed from the logs that you use P2P software.
P2P Programs
I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.
[]P2P file sharing: Know the risks
[]P2P File-Sharing: Evaluate the Risks
[*]ITSC: Risks in Peer-to-peer File Sharing
Note: Even if you are using a “safe” P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.
How to remove used tools?
Re-run OTL and click on CleanUp! button.
You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.
Gan, be safe
Ok Thxs for the help magna86