Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicions on infection due to detected executions of javscript and unwanted PC


  • This topic is locked This topic is locked
1 reply to this topic

#1 Resonce

Resonce

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 PM

Posted 03 October 2017 - 12:45 PM

I got quite a problem in my hands
Been having weird activity as of late like my mouse moving randonly but the movement doesn't feel completely mouse glitching
also, whenever I start windows without anything open yet, I suddenly get a bunch of 443 connects and most of which comes from Amazon web services which is real weird
 
I start trying to observe every connection that my firewall intercepts and I happen to run across something fishy so I looked it up and it seems it is a virus/worm or whatever you call it
 
it's too bad that it was late for me to know that the nestat can be used in a way that it saves into a text file automatically
 
  TCP    192.168.13.101:60135   ec2-52-4-174-137:https  ESTABLISHED     7116
  TCP    192.168.13.101:60138   a23-51-209-108:https   ESTABLISHED     7116
  TCP    192.168.13.101:60151   a23-37-151-96:https    ESTABLISHED     7116
  TCP    192.168.13.101:60169   53:https               LAST_ACK        7116
  TCP    192.168.13.101:60170   53:https               TIME_WAIT       0
  TCP    192.168.13.101:60171   a23-211-97-73:https    ESTABLISHED     7116
  TCP    192.168.13.101:60175   151.101.90.49:https    ESTABLISHED     7116
  TCP    192.168.13.101:60176   151.101.90.49:https    ESTABLISHED     7116
  TCP    192.168.13.101:60178   ec2-52-69-51-126:https  ESTABLISHED     7116
  TCP    192.168.13.101:60180   a23-211-97-73:https    ESTABLISHED     7116
  TCP    192.168.13.101:60190   ec2-52-78-173-103:https  ESTABLISHED     7116
  TCP    192.168.13.101:60191   ec2-52-78-173-103:https  ESTABLISHED     7116
  TCP    192.168.13.101:60204   s-prd-umpxl-adcom-scd-a:https  ESTABLISHED     7
116
  TCP    192.168.13.101:60205   s-prd-umpxl-adcom-scd-a:https  ESTABLISHED     7
116
  TCP    192.168.13.101:60214   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60217   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60220   s-prd-umpxl-adcom-scd-blue-b:https  TIME_WAIT
    0
  TCP    192.168.13.101:60221   s-prd-umpxl-adcom-scd-blue-b:https  TIME_WAIT
    0
  TCP    192.168.13.101:60222   unknown:https          TIME_WAIT       0
  TCP    192.168.13.101:60223   unknown:https          TIME_WAIT       0
  TCP    192.168.13.101:60224   70:https               TIME_WAIT       0
  TCP    192.168.13.101:60225   70:https               TIME_WAIT       0
  TCP    192.168.13.101:60259   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60264   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60281   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60282   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60290   96:https               LAST_ACK        7116
  TCP    192.168.13.101:60291   96:https               TIME_WAIT       0
  TCP    192.168.13.101:60299   kix05s01-in-f3:https   ESTABLISHED     4328
  TCP    192.168.13.101:60301   kix05s01-in-f3:https   CLOSE_WAIT      6740
  TCP    192.168.13.101:60302   kix05s01-in-f3:https   ESTABLISHED     6740
  TCP    192.168.13.101:60303   151.101.193.69:https   ESTABLISHED     4328
  TCP    192.168.13.101:60304   151.101.193.69:https   ESTABLISHED     4328
  TCP    192.168.13.101:60305   kix06s02-in-f10:https  ESTABLISHED     4328
  TCP    192.168.13.101:60307   a23-51-209-187:https   ESTABLISHED     4328
  TCP    192.168.13.101:60309   151.101.1.69:https     ESTABLISHED     4328
  TCP    192.168.13.101:60310   151.101.1.69:https     ESTABLISHED     4328
  TCP    192.168.13.101:60314   kix05s01-in-f2:https   LAST_ACK        7116
  TCP    192.168.13.101:60315   kix05s01-in-f2:https   TIME_WAIT       0
  TCP    192.168.13.101:60316   kix05s01-in-f2:https   TIME_WAIT       0
  TCP    192.168.13.101:60317   a23-51-209-187:https   ESTABLISHED     4328
  TCP    192.168.13.101:60318   a23-51-209-187:https   ESTABLISHED     4328
  TCP    192.168.13.101:60319   kix05s01-in-f2:https   ESTABLISHED     4328
  TCP    192.168.13.101:60323   a23-37-148-140:https   ESTABLISHED     4328
  TCP    192.168.13.101:60324   a23-37-148-140:https   ESTABLISHED     4328
  TCP    192.168.13.101:60326   kix05s01-in-f14:https  ESTABLISHED     4328
  TCP    192.168.13.101:60327   151.101.1.69:https     ESTABLISHED     4328
  TCP    192.168.13.101:60328   151.101.1.69:https     ESTABLISHED     4328
  TCP    192.168.13.101:60329   kix05s01-in-f2:https   ESTABLISHED     4328
  TCP    192.168.13.101:60330   kix05s01-in-f2:https   ESTABLISHED     4328
  TCP    192.168.13.101:60331   stackoverflow:https    ESTABLISHED     4328
  TCP    192.168.13.101:60332   ec2-23-21-117-64:https  CLOSE_WAIT      4328
  TCP    192.168.13.101:60333   ec2-23-21-117-64:https  CLOSE_WAIT      4328
  TCP    192.168.13.101:60334   server-54-192-127-54:https  ESTABLISHED     4328
 
  TCP    192.168.13.101:60338   kix05s01-in-f97:https  ESTABLISHED     4328
  TCP    192.168.13.101:60339   kix05s01-in-f97:https  ESTABLISHED     4328
  TCP    192.168.13.101:60340   kix05s01-in-f97:https  ESTABLISHED     4328
  TCP    192.168.13.101:60341   kix05s01-in-f2:https   ESTABLISHED     4328
  TCP    192.168.13.101:60342   kix05s01-in-f2:https   ESTABLISHED     4328
  TCP    192.168.13.101:60346   ec2-52-198-223-89:https  CLOSE_WAIT      4328
  TCP    192.168.13.101:60347   ec2-52-198-223-89:https  CLOSE_WAIT      4328
  TCP    192.168.13.101:60348   ec2-52-198-223-89:https  CLOSE_WAIT      4328
  TCP    192.168.13.101:60351   ec2-13-115-35-12:https  CLOSE_WAIT      4328
  TCP    192.168.13.101:60352   ec2-13-115-35-12:https  CLOSE_WAIT      4328
  TCP    192.168.13.101:60353   ec2-13-115-35-12:https  CLOSE_WAIT      4328
  TCP    192.168.13.101:60355   server-54-192-127-224:https  ESTABLISHED     432
8
  TCP    192.168.13.101:60356   kix05s01-in-f102:https  ESTABLISHED     4328
  TCP    192.168.13.101:60357   kix05s01-in-f102:https  ESTABLISHED     4328
  TCP    192.168.13.101:60360   ec2-54-64-10-38:https  CLOSE_WAIT      4328
  TCP    192.168.13.101:60361   ec2-54-64-10-38:https  CLOSE_WAIT      4328
  TCP    192.168.13.101:60362   ec2-54-64-10-38:https  ESTABLISHED     4328
  TCP    192.168.13.101:60363   kix05s01-in-f102:https  ESTABLISHED     4328
  TCP    192.168.13.101:60364   kix06s01-in-f226:https  ESTABLISHED     4328
  TCP    192.168.13.101:60365   kix06s01-in-f226:https  ESTABLISHED     4328
  TCP    192.168.13.101:60366   kix05s01-in-f102:https  ESTABLISHED     4328
  TCP    192.168.13.101:60367   kix06s01-in-f226:https  ESTABLISHED     4328
  TCP    192.168.13.101:60418   ec2-52-198-184-96:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60419   ec2-52-198-184-96:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60420   ec2-52-193-24-150:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60422   ec2-52-221-139-158:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60423   ec2-52-221-139-158:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60438   50.57.31.206:https     ESTABLISHED     7116
  TCP    192.168.13.101:60439   50.57.31.206:https     ESTABLISHED     7116
  TCP    192.168.13.101:60440   ec2-46-137-177-35:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60441   ec2-46-137-177-35:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60444   ec2-54-152-7-35:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60445   ec2-54-152-7-35:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60446   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60449   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60452   50.57.31.206:https     ESTABLISHED     7116
  TCP    192.168.13.101:60453   ec2-46-137-177-35:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60454   ec2-54-152-7-35:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60455   ec2-46-137-177-35:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60456   ec2-54-152-7-35:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60458   ec2-46-137-177-35:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60459   ec2-46-137-177-35:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60462   a:https                ESTABLISHED     7116
  TCP    192.168.13.101:60463   a:https                ESTABLISHED     7116
  TCP    192.168.13.101:60472   ec2-52-87-130-243:https  ESTABLISHED     7116
  TCP    192.168.13.101:60473   ox-173-241-248-220:https  ESTABLISHED     7116
  TCP    192.168.13.101:60474   ox-173-241-248-220:https  ESTABLISHED     7116
  TCP    192.168.13.101:60502   74.117.199.102:https   TIME_WAIT       0
  TCP    192.168.13.101:60506   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60507   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60509   104.24.247.16:https    ESTABLISHED     7116
  TCP    192.168.13.101:60510   104.24.247.16:https    ESTABLISHED     7116
  TCP    192.168.13.101:60514   ec2-52-68-174-194:https  ESTABLISHED     7116
  TCP    192.168.13.101:60515   ec2-52-68-174-194:https  ESTABLISHED     7116
  TCP    192.168.13.101:60516   92:https               ESTABLISHED     7116
  TCP    192.168.13.101:60517   92:https               ESTABLISHED     7116
  TCP    192.168.13.101:60519   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60525   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60529   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60532   ec2-52-78-173-103:https  ESTABLISHED     7116
  TCP    192.168.13.101:60539   104.28.8.237:http      TIME_WAIT       0
  TCP    192.168.13.101:60540   104.28.8.237:http      TIME_WAIT       0
  TCP    192.168.13.101:60541   104.28.8.237:https     ESTABLISHED     4008
  TCP    192.168.13.101:60546   104.28.8.237:https     ESTABLISHED     4008
  TCP    192.168.13.101:60547   104.28.8.237:https     ESTABLISHED     4008
  TCP    192.168.13.101:60548   104.28.8.237:https     ESTABLISHED     4008
  TCP    192.168.13.101:60549   104.28.8.237:https     ESTABLISHED     4008
  TCP    192.168.13.101:60550   104.28.8.237:https     ESTABLISHED     4008
  TCP    192.168.13.101:60551   ec2-35-165-225-32:https  ESTABLISHED     4008
  TCP    192.168.13.101:60552   ec2-35-165-225-32:https  ESTABLISHED     4008
  TCP    192.168.13.101:60553   23.111.10.140:https    ESTABLISHED     4008
  TCP    192.168.13.101:60554   23.111.10.140:https    CLOSE_WAIT      4008
  TCP    192.168.13.101:60555   192.229.237.25:https   ESTABLISHED     4008
  TCP    192.168.13.101:60556   192.229.237.25:https   ESTABLISHED     4008
  TCP    192.168.13.101:60557   kix06s01-in-f232:https  CLOSE_WAIT      4008
  TCP    192.168.13.101:60558   kix06s01-in-f232:https  ESTABLISHED     4008
  TCP    192.168.13.101:60559   151.101.188.134:https  ESTABLISHED     4008
  TCP    192.168.13.101:60560   151.101.188.134:https  ESTABLISHED     4008
  TCP    192.168.13.101:60565   104.244.42.200:https   ESTABLISHED     4008
  TCP    192.168.13.101:60566   104.244.42.200:https   ESTABLISHED     4008
  TCP    192.168.13.101:60567   117.18.237.29:http     ESTABLISHED     4008
  TCP    192.168.13.101:60568   104.16.77.166:https    ESTABLISHED     4008
  TCP    192.168.13.101:60569   104.16.77.166:https    ESTABLISHED     4008
  TCP    192.168.13.101:60570   104.16.77.166:https    ESTABLISHED     4008
  TCP    192.168.13.101:60571   151.101.128.134:https  ESTABLISHED     4008
  TCP    192.168.13.101:60572   151.101.128.134:https  ESTABLISHED     4008
  TCP    192.168.13.101:60573   srv-sg-sgp-2:https     CLOSE_WAIT      4008
  TCP    192.168.13.101:60574   srv-sg-sgp-2:https     CLOSE_WAIT      4008
  TCP    192.168.13.101:60576   104.16.77.166:https    CLOSE_WAIT      4008
  TCP    192.168.13.101:60577   104.16.77.166:https    CLOSE_WAIT      4008
  TCP    192.168.13.101:60578   104.16.77.166:https    CLOSE_WAIT      4008
  TCP    192.168.13.101:60579   151.101.188.249:https  ESTABLISHED     4008
  TCP    192.168.13.101:60580   151.101.188.249:https  ESTABLISHED     4008
  TCP    192.168.13.101:60581   151.101.52.64:https    ESTABLISHED     4008
  TCP    192.168.13.101:60582   151.101.52.64:https    ESTABLISHED     4008
  TCP    192.168.13.101:60583   xx-fbcdn-shv-01-nrt1:https  ESTABLISHED     4008
 
  TCP    192.168.13.101:60584   xx-fbcdn-shv-01-nrt1:https  ESTABLISHED     4008
 
  TCP    192.168.13.101:60585   kix05s01-in-f14:https  ESTABLISHED     4008
  TCP    192.168.13.101:60586   kix05s01-in-f14:https  CLOSE_WAIT      4008
  TCP    192.168.13.101:60587   23.111.10.148:https    ESTABLISHED     4008
  TCP    192.168.13.101:60588   23.111.10.148:https    ESTABLISHED     4008
  TCP    192.168.13.101:60589   edge-star-mini-shv-01-nrt1:https  ESTABLISHED
  4008
  TCP    192.168.13.101:60590   edge-star-mini-shv-01-nrt1:https  ESTABLISHED
  4008
  TCP    192.168.13.101:60591   xx-fbcdn-shv-01-nrt1:https  ESTABLISHED     4008
 
  TCP    192.168.13.101:60592   xx-fbcdn-shv-01-nrt1:https  ESTABLISHED     4008
 
  TCP    192.168.13.101:60593   kix05s01-in-f109:https  CLOSE_WAIT      4008
  TCP    192.168.13.101:60594   kix05s01-in-f109:https  ESTABLISHED     4008
  TCP    192.168.13.101:60598   ec2-54-200-150-117:https  ESTABLISHED     4008
  TCP    192.168.13.101:60599   kix05s01-in-f3:https   CLOSE_WAIT      4008
  TCP    192.168.13.101:60600   kix05s01-in-f3:https   ESTABLISHED     4008
  TCP    192.168.13.101:60602   151.101.52.64:https    ESTABLISHED     4008
  TCP    192.168.13.101:60603   151.101.52.64:https    ESTABLISHED     4008
  TCP    192.168.13.101:60604   151.101.188.134:https  ESTABLISHED     4008
  TCP    192.168.13.101:60605   151.101.188.134:https  ESTABLISHED     4008
  TCP    192.168.13.101:60606   jptk05:https           CLOSE_WAIT      4008
  TCP    192.168.13.101:60607   jptk05:https           CLOSE_WAIT      4008
  TCP    192.168.13.101:60608   a23-44-155-27:http     ESTABLISHED     4008
  TCP    192.168.13.101:60609   a23-37-151-96:https    CLOSE_WAIT      4008
  TCP    192.168.13.101:60610   a23-37-151-96:https    ESTABLISHED     4008
  TCP    192.168.13.101:60611   63.251.252.12:https    ESTABLISHED     4008
  TCP    192.168.13.101:60612   63.251.252.12:https    CLOSE_WAIT      4008
  TCP    192.168.13.101:60613   ec2-13-228-8-237:https  ESTABLISHED     4008
  TCP    192.168.13.101:60614   ec2-13-228-8-237:https  ESTABLISHED     4008
  TCP    192.168.13.101:60615   65:https               ESTABLISHED     4008
  TCP    192.168.13.101:60616   65:https               ESTABLISHED     4008
  TCP    192.168.13.101:60617   207.38.110.62:https    CLOSE_WAIT      7116
  TCP    192.168.13.101:60618   207.38.110.62:https    CLOSE_WAIT      7116
  TCP    192.168.13.101:60620   ec2-54-200-150-117:https  ESTABLISHED     4008
  TCP    192.168.13.101:60621   server-52-85-5-224:http  ESTABLISHED     4008
  TCP    192.168.13.101:60622   ec2-54-200-150-117:https  ESTABLISHED     4008
  TCP    192.168.13.101:60623   ec2-54-68-1-191:https  ESTABLISHED     4008
  TCP    192.168.13.101:60624   ec2-54-68-1-191:https  ESTABLISHED     4008
  TCP    192.168.13.101:60625   kix03s01-in-f162:https  ESTABLISHED     4008
  TCP    192.168.13.101:60626   kix03s01-in-f162:https  CLOSE_WAIT      4008
  TCP    192.168.13.101:60627   ec2-34-234-185-154:https  ESTABLISHED     4008
  TCP    192.168.13.101:60628   ec2-34-234-185-154:https  ESTABLISHED     4008
  TCP    192.168.13.101:60629   119:https              CLOSE_WAIT      4008
  TCP    192.168.13.101:60630   119:https              ESTABLISHED     4008
  TCP    192.168.13.101:60631   ec2-52-72-156-243:https  ESTABLISHED     4008
  TCP    192.168.13.101:60632   ec2-52-72-156-243:https  ESTABLISHED     4008
  TCP    192.168.13.101:60634   265:https              CLOSE_WAIT      7116
  TCP    192.168.13.101:60635   265:https              CLOSE_WAIT      7116
  TCP    192.168.13.101:60636   207.38.110.62:https    CLOSE_WAIT      7116
  TCP    192.168.13.101:60637   207.38.110.62:https    CLOSE_WAIT      7116
  TCP    192.168.13.101:60638   bd:https               CLOSE_WAIT      7116
  TCP    192.168.13.101:60639   bd:https               CLOSE_WAIT      7116
  TCP    192.168.13.101:60640   207.38.110.62:https    CLOSE_WAIT      7116
  TCP    192.168.13.101:60641   207.38.110.62:https    CLOSE_WAIT      7116
  TCP    192.168.13.101:60642   ec2-34-194-78-111:https  ESTABLISHED     4008
  TCP    192.168.13.101:60643   ec2-34-194-78-111:https  ESTABLISHED     4008
  TCP    192.168.13.101:60644   adtechus-ads-adtech-scd-blue-a:https  CLOSE_WAIT
      7116
  TCP    192.168.13.101:60645   adtechus-ads-adtech-scd-blue-a:https  CLOSE_WAIT
      7116
  TCP    192.168.13.101:60646   ec2-13-114-227-58:https  ESTABLISHED     4008
  TCP    192.168.13.101:60647   ec2-13-114-227-58:https  ESTABLISHED     4008
  TCP    192.168.13.101:60650   90:https               CLOSE_WAIT      7116
  TCP    192.168.13.101:60651   90:https               CLOSE_WAIT      7116
  TCP    192.168.13.101:60652   ec2-52-6-17-99:https   CLOSE_WAIT      7116
  TCP    192.168.13.101:60653   ec2-52-6-17-99:https   CLOSE_WAIT      7116
  TCP    192.168.13.101:60654   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60655   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60658   67:https               CLOSE_WAIT      7116
  TCP    192.168.13.101:60659   67:https               CLOSE_WAIT      7116
  TCP    192.168.13.101:60660   oneads-sspums-adtech-scd-blue-b:https  ESTABLISH
ED     7116
  TCP    192.168.13.101:60661   oneads-sspums-adtech-scd-blue-b:https  TIME_WAIT
       0
  TCP    192.168.13.101:60663   oneads-sspums-adtech-scd-blue-b:https  ESTABLISH
ED     7116
  TCP    192.168.13.101:60664   53:https               CLOSE_WAIT      7116
  TCP    192.168.13.101:60665   53:https               ESTABLISHED     7116
  TCP    192.168.13.101:60666   63:https               ESTABLISHED     7116
  TCP    192.168.13.101:60667   63:https               ESTABLISHED     7116
  TCP    192.168.13.101:60668   ec2-52-69-127-11:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60669   ec2-52-69-127-11:https  CLOSE_WAIT      7116
  TCP    192.168.13.101:60671   oneads-sspums-adtech-scd-blue-b:https  CLOSE_WAI
T      7116
  TCP    192.168.13.101:60673   209.15.36.33:https     CLOSE_WAIT      7116
  TCP    192.168.13.101:60674   209.15.36.33:https     CLOSE_WAIT      7116
  TCP    192.168.13.101:60679   oneads-sspums-adtech-scd-blue-b:https  ESTABLISH
ED     7116
  TCP    192.168.13.101:60681   64.94.116.170:https    SYN_SENT        7116
  TCP    192.168.13.101:60682   64.94.116.170:https    SYN_SENT        7116
  TCP    192.168.13.101:60683   64.94.116.170:https    SYN_SENT        7116
  TCP    192.168.13.101:60684   pr-bh-2:https          CLOSE_WAIT      7116
  TCP    192.168.13.101:60685   pr-bh-2:https          CLOSE_WAIT      7116
  TCP    192.168.13.101:60686   64.94.116.170:https    SYN_SENT        7116
  TCP    192.168.13.101:60688   64.94.116.170:https    SYN_SENT        7116
 
C:\Users\Minas Tirith>
 
I suspect I have already been infiltrated quite some time ago already
 
I caught a blank process using up a chunk of my net last month and i solved it by making a new user and ensuring startup is clean
 
it was good for quite a while but I started getting weird mouse movements and sometimes a different button in my keyboard is pressed as I am using it
 
I only got Malwarebytes pRotecting me before the susected infection.
 
now, because of that I got ESET Smart security up back then but no luck finding the source
 
a few hours ago, my eset blocked 7 Javascript executions coming from 54.192.127.86 which were very suspicious
 
I made this topic on my phone out of fear on what else could happen to my PC
 
If anyone out there could help me find the culprit, I can never give enough thanks to show my gratitude.
 
EDIT:
I have confirmed that this is definitely malware in the works and it seems this section is not suitable for the level of my problem at hand. Please close this topic.

Edited by Resonce, 04 October 2017 - 05:24 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 05 October 2017 - 12:32 PM

MRL forum topic
https://www.bleepingcomputer.com/forums/t/659284/eset-caught-subtle-executions-of-javascript-files-coming-from-aws/

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 5 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic3
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users