Jump to content

runtnc issue


Recommended Posts

Hello all!

Even tho ESET  has not found any virus in my PC I still keep getting these annoying "address has been blocked - amanda.run netc" or something similar. Any help?

Thanks

Link to comment
Share on other sites

  • Administrators

Please take a screen shot of the alert and post it here. Also collect logs with ESET Log Collector and post the generated archive.

Link to comment
Share on other sites

  • Administrators

Is access to the website blocked only in Chrome? Also if you run it without extensions? Or when you visit a specific website?

Link to comment
Share on other sites

It's getting blocked in both Chrome and IE, with and also without all my extensions. This pop up appears randomly as far as I can tell

Link to comment
Share on other sites

If this popup is appearing randomly, it is probably adware related. In Chrome, look for any suspicious, recently installed, etc., extensions and uninstall them.

Ref.: https://malwaretips.com/blogs/remove-runtnc-net/

You can also try one of the specialized adware cleaners like AdwCleaner: https://www.malwarebytes.com/adwcleaner/

Edited by itman
Link to comment
Share on other sites

I am pretty sure I have none suspicious extensions installed. Also tried multiple malware removal programs. None of them has helped so far

Link to comment
Share on other sites

I just scanned the FQDN at Quttera and it came up 100% clean: https://quttera.com/detailed_report/amanda.runtnc.net . So at this point, I don't know what to make of Eset's detection. What I do know is the IP address shown in this scan is not the same as those shown in previous malware detections associated with the domain name.

Here's the Robtex scan on the FQDN: https://www.robtex.com/dns-lookup/amanda.runtnc.net . Interestingly, the domain, runtnc.net, is associated with an Amazon server assigned to Massachusetts Institute of Technology in Boston, MA. Go figure? 

Link to comment
Share on other sites

  • Most Valued Members

Googling runtnc.net seems to show other people with the exact URL having the same issue but couldn't see what was causing it. 

Link to comment
Share on other sites

  • ENDSP1EL changed the title to runtnc issue

From what I have read about this, it appears to be browser redirect adware. The fact it is occurring in multiple browsers points to something that was installed. Again, best to check Windows -> Control Panel -> Programs for anything that shows that was not directly installed and uninstall it. Then it appears all browsers used need to be reset back to their default values to clear all traces of the adware in them.

I would also run AdwCleaner as previously suggested since it is great with removing adware crud like this.

Edited by itman
Link to comment
Share on other sites

1 hour ago, ENDSP1EL said:

I even re installed Windows so...

Are you stating that after reinstalling Windows, you are still getting this alert?

Link to comment
Share on other sites

I used this function so I could like start with brand new Windows but with my files so im not sure

Edited by ENDSP1EL
Link to comment
Share on other sites

2 hours ago, ENDSP1EL said:

used this function so I could like start with brand new Windows but with my files so im not sure

I assume you are running Win 10. If you did the "Reset option," all your user account files would have been retained but you would have had to reinstall all your apps. If you did a "Repair option," both your apps and files would have been retained.

I assume you did a "Reset" and then reinstalled your apps?

Link to comment
Share on other sites

23 hours ago, itman said:

I assume you are running Win 10. If you did the "Reset option," all your user account files would have been retained but you would have had to reinstall all your apps. If you did a "Repair option," both your apps and files would have been retained.

I assume you did a "Reset" and then reinstalled your apps?

Yes, that might fit

Link to comment
Share on other sites

I assume the popup issue has not reappeared since the Win 10 reinstall?

Also previously did you override an Eset PUA alert and proceed with the installation? Did you verify that Eset protections for PUA and suspicious applications are enabled? See below screen shot:

Eset_PUA.thumb.png.27aa3739bfdc15f51aaf2eb151e16567.png

Link to comment
Share on other sites

19 hours ago, itman said:

I assume the popup issue has not reappeared since the Win 10 reinstall?

Also previously did you override an Eset PUA alert and proceed with the installation? Did you verify that Eset protections for PUA and suspicious applications are enabled? See below screen shot:

Eset_PUA.thumb.png.27aa3739bfdc15f51aaf2eb151e16567.png

The pop ap also appeared after the "clean up". That is why  I have started this topic and yes everything is put to active.

Link to comment
Share on other sites

On 5/1/2019 at 9:27 PM, itman said:

Did you reinstall all your app software after you reinstalled the OS?

 

Yes, there are only few apps that had to be reinstalled

Link to comment
Share on other sites

1 hour ago, ENDSP1EL said:

Yes, there are only few apps that had to be reinstalled

Are you still getting the Eset alerts?

Link to comment
Share on other sites

Since you already did a Win 10 reset install and the issue still persists, do the following. At least, this will stop the Eset alerts for the time being and allow for hopefully, identifying which process is performing this activity.

1. Go to your Eset Filtered Web Sites log and search for all long entries related to amanda.run netc. Make a note of all IP addresses associated with the log entries. Hopefully, they are all the same IP Address or only a few.

2. Create an Eset firewall rule to block; i.e. "Deny", "TCP and UDP protocol", and  Direction set to "Out." Name your rule something meaningful.

  • Set Logging Severity to "Warning." Do not checkmark the Notify user option, since this will keep giving you alerts.
  • Click on the Remote tab. Navigate to the window labeled IP. Enter each previously noted IP address.  If entering multiple IP addresses, enter a comma after the end of the address, a space, and then the next IP address. Do not enter a comma after the last IP address entered. 

Click on the "OK" tab and every "OK" tab thereafter to save you newly created firewall rule.

Once a few Eset Network log entries have been created from this firewall, copy those entries and post them into your next forum reply. Hopefully, this will point us to what process is performing this activity.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...