Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    US charges Samourai cryptomixer founders for laundering $100 million

Featured Deal: A one-year Sam's Club membership is only $14 now

Latest Buyer's Guide:    How to setup a VPN on your router: Detailed walkthrough

Generic User Avatar

RTP Detection - Trojan - Outbound - Domain - en.ibelink.com.hk

Started by Netviperx , Apr 11 2024 01:22 PM

  • Please log in to reply
19 replies to this topic

#16 Netviperx

Netviperx
  • Topic Starter

  • Avatar image
  • Members
  • 12 posts
  • OFFLINE
    •  
  • Local time:12:30 AM

Posted 20 April 2024 - 10:47 PM

1.Combination Unit
2. Still happening in chrome.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by netvi (20-04-2024 20:44:16) Run:5
Running from C:\Users\netvi\Downloads
Loaded Profiles: netvi
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
File: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Data
File: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Dataold
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
Emptytemp:
End::
*****************
 
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
 
========================= File: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Data ========================
 
C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Data
File not signed
MD5: 6EDCEE50C30F90C2CF65EB05BE6EFBF8
Creation and modification date: 2024-04-18 19:33 - 2024-04-18 19:33
Size: 000040960
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= File: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Dataold ========================
 
C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Dataold
File not signed
MD5: 38F98C545AB9DED25028DB779DB17DCC
Creation and modification date: 2023-09-28 17:08 - 2024-04-18 08:32
Size: 000069632
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset resetlog.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
 
========= End of CMD: =========
 
 
========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
C:\Firewall.reg => moved successfully
 
========= netsh advfirewall reset =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
{7C1B6462-3041-404B-8640-ED0EE0222210} canceled.
{40FA3F22-3BB0-4246-976F-EC62C0DABFC7} canceled.
2 out of 2 jobs canceled.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-972714221-4249912248-3257112829-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-972714221-4249912248-3257112829-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12835332 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 101992899 B
Windows/system/drivers => 18123347 B
Edge => 0 B
Chrome => 634711376 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 71425 B
LocalService => 621795 B
NetworkService => 646365 B
netvi => 6576065685 B
 
RecycleBin => 1356 B
EmptyTemp: => 6.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:44:42 ====

BC AdBot (Login to Remove)

 

#17 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 21 April 2024 - 08:14 AM

Before resetting your router/modem or completely removing and reinstalling Chrome let me know the following.

Are you able to direct connect the computer to your modem via Ethernet, thereby bypassing the wireless connection?

Do you have other computers accessing the same network via wireless and if so do they experience the same behavior with Chrome Password?

In the Chrome address bar copy and paste chrome://settings/syncSetup then hit Enter. Let me know if it says Turn off or Turn on sync....
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#18 Netviperx

Netviperx
  • Topic Starter

  • Avatar image
  • Members
  • 12 posts
  • OFFLINE
    •  
  • Local time:12:30 AM

Posted 22 April 2024 - 09:59 PM

I am out today,  I will try tomorrow. 


#19 Netviperx

Netviperx
  • Topic Starter

  • Avatar image
  • Members
  • 12 posts
  • OFFLINE
    •  
  • Local time:12:30 AM

Posted Yesterday, 12:15 PM

1.This computer is connected wtih an ethernet cord. 

 

2.I do have other computers that do connect wirelessly - no issues that I know of.  I am going to check after this one gets fixed.

 

3.It says Turn On Sync


#20 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted Yesterday, 03:01 PM

When you check Chrome on the other computers see if those computers have the same bookmarks and passwords.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·