Hello,
I’ve been getting popups from Malwarebytes blocking incoming connections, all of which are from Operating System dependent executables. All the connections were from Ecatel servers, which is why they were blocked by Malwarebytes. This might just be port scanning, but just in case I’m making this thread. Logs attached, cheers! ;D

Edit: After an avast! scan, nothing was found. The result was “some files could not be scanned”, those files were everything under the “C:$Windows.~BT” directory. Please take a look if possible. Thanks again.

Your logs look clean. The files in the C:$Windows.~BT directory is the update to Win10 so those are locked from changing.

What did ComboFix find and fix?

I ran it after I got the first pop-up. I was worried because I just installed windows from a wiped drive two days ago. I’ll attach logs, as I’m not the best at understanding Combofix logs.

Checked the ComboFix.txt log and it is showing a clean system also. You may want to check your FireFox proxy setting (Menu > Options > Advanced > Network > Connection > Settings). Keep an eye on PureVPN as some users had issues with that software / service.

Also, did you run a aswMBR scan?

Not an aswMBR scan, but an avast! full scan. I’ve gone through all the settings and made the scan as thorough as possible, no detections. I’ve gotten rid of the FF proxy since then, that was an HTML Proxy that I scraped and used. Also, what have you heard with PureVPN? I haven’t had many, but I’d like to hear what you have to say.

I have not used VPNs in years; only really had to have them for professional business / domain connections where we would tie into the company’s mainframes remotely. That being said, there are many great ones out there and some not so great. You may want to check out Wilder’s forum where there are some great discussions on all thing computer related. http://www.wilderssecurity.com/

Hello, my computer has still been getting those pop-ups but I do not believe it’s a big deal. Anyway, I just recently found a file called “@ùÔ” (no extension) under C:\Windows. I looked it up and apparently it’s part of a rootkit. I started scanning with many programs, and currently am. I’ll update with logs now. MBAM scan came back clean. I’ve run many security/scanning programs out of fear, so bear with me. Thanks in advance.

Bumping with updated logs, these logs were run directly after the system was rebooted. The DHCP servers are from my VPN(the 104.* one). Thanks in advance.

hey michael_s can you give us a pitchure off what avast says? its usally give some more information for the expert how will help you out. it could be dbrisendine that will continue help you or someone else here.

thanks

Please run the aswMBR scan and attach the log file. Thank you.

Directions are given in this post => https://forum.avast.com/index.php?topic=53253.0

Hello, aswMBR runs fine on a quickscan, but on full scan(C:), it crashes when scanning the Windows 10 files. This is directory “C:$Windows.~BT”. It simply states that aswMBR stopped working, the last file scanned it a random file under that directory. I’ll attach quickscan logs.

The aswMBR log you posted is clean; there is no rootkit showing, in memory or in the standard loading locations.

Does Malwarebytes still block incoming connections?

Yes, I can post logs from most recent ones.

Detection, 8/27/2015 6:43 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 94.102.52.27, 1900, Inbound, C:\Windows\System32\svchost.exe,
Detection, 8/27/2015 6:43 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 94.102.52.27, 1900, Inbound, C:\Windows\System32\svchost.exe,

Here are some other examples:

Detection, 8/25/2015 5:46 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 93.174.93.51, 1900, Inbound, C:\Windows\System32\svchost.exe,
Detection, 8/25/2015 5:46 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 93.174.93.51, 1900, Inbound, C:\Windows\System32\svchost.exe,

Considering all IPs blocked are from Ecatel, I can safely assume they’re just port scanning. Most likely looking for exploits/open ports that they can use against me. I’ve blocked all connections are port 1900(uPnP), so I’m not worried, but Malwarebytes is still blocking.