RedZed69

CLOSED Suspected malicious activity

Recommended Posts

Hi, I'm a customer of Emsisoft antimalware. Recently, I've received an email from facebookmail security about an attempted log in to my facebook account from an intruder. I verified that this mail was legitimate from facebook itself.
Furthermore, I've noticed via TCPView that svchost.exe has an established connection to this IP Address 117.18.237.29 (apparently EdgeCast Networks Asia Pacific Network) which I closed. I added a custom rule into Emsisoft Antimalware to block connections to this IP address, and attempts to connect to 117.18.237.29 would be blocked every time I booted the desktop & successively after. I'm not tech-savvy and would like to seek expert help.

Addition.txt FRST.txt scan_190311-100110.txt

Share this post


Link to post
Share on other sites

Your logs show no malware.  117.18.237.29 (AS15133) is  MCI Communications Services, Inc. d/b/a Verizon Business out of Taiwan.  They provide Webhosting services.

Share this post


Link to post
Share on other sites

Thanks.
I have 3 more questions before this thread can be concluded.
It's normal for svchost.exe to have an "established" connection and not a "listening" connection to 117.18.237.29 ?
Are attempted facebook account intrusions common ?
Combofix should only be used with expert supervision ?

Share this post


Link to post
Share on other sites

Svchost accessing the Internet is not unusual.  Especially, when there is a running service that would need to connect to the internet.

Facebook intrusions happen and they have nothing to do with malware, but instead, someone is attempting to access your account. You will also get messages when you try to log into your account from a location and device that Facebook does not recognize as one you have used and the location is not one that you would normally log in from.

ComboFix should never be used unless you are instructed to use it.  ComboFix is dangerous to use and has been known to cause unintended issues when run.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.