My next course of action and I think the logical one is to remove malware bytes and see if the infection persists. I have ran msconfig and dissabled just about everything i dont need to start and also stopped a lot of system processes starting at bootime, but it still installs. It does slow my computer boot time by around 10 seconds. I think its probably tring to download more viruses via that port. I have no idea of what its is trying to share from my machine. Port 6881 is listed all over the net as a bit torrent tracker port and as this virus/trojan/dropper uses many ip's i am probably safe to assume that it is trying to use my computer as a torrent tracker of some sort. The *dll tries to access other computers on port 6881. Sacnning Malware Bytes folder results in a clean Scan. So after its removed, it is not running.ĬomboFix, AVG, Malwarebytes, RKill,AdwCleaner, JRT, tdsskiller do not detect this at all - AVG detects it if you tell it to do a shell scan on the file and point to it.Īccording to AVG "more info", the parent process on my machine is mbam (Malware Bytes) - Im not sure because Im no expert - just a long time users and fairly competant but its telling me that malware bytes is the source of the infection. I have set AVG to scan this file on windows startup and it will remove it, but it re-installs on reboot. ![]() There are many other ips it tries to contact this is just a few ![]() SecurityHelper.dll, it creates a subfolder called cache with at least two temporary files in it at each reboot, it seems to download two new ones every reboot and these were the last ones.Ģ17.23.187.11 on port 6881- Outbound via explorer.exeġ15.136.206.197 on port 6881- Outbound via explorer.exeġ15.136.206.197 on port 54434- Outbound via explorer.exeġ15.136.206.197 on port 54431- Outbound via explorer.exeġ78.152.12.155 on port 6881- Outbound via explorer.exeĨ8.85.80.153 on port 49952- Outbound via explorer.exeĨ8.85.80.153 on port 49953- Outbound via explorer.exeĨ8.85.80.153 on port 49954- Outbound via explorer.exeġ95.216.171.33 on port 6881- Outbound via explorer.exe ![]() C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |