FJCZ 0 Posted July 16, 2022 Share Posted July 16, 2022 Hi, i have a computer that is trying to connect to hxxps://www.winchatsupport.com from firefox and also from msedge (Edge). I run malwarebytes, Eset and Fortinet and none of these detect or remove that malware. I do not have any extension or add on. I also uninstall firefox manually because i just thought that the problem was only with firefox but then i realized that the same happened when i use Edge. I know that the computer is trying to connect to that url because Eset Endpoint is showing me logs in filtered websites and i did not open that web site right now. May be in the past i opened by mistake. Is there any way i can clean the computer? Link to comment Share on other sites More sharing options...
itman 1,789 Posted July 16, 2022 Share Posted July 16, 2022 (edited) It appears the domain only has one IP address associated with it - 166.62.102.174 35.209.108.216 Create an Eset firewall rule to block all inbound/outbound network traffic to the IP address. Set the logging to warning level. Move the rule to the top of the existing firewall rule set. You can then view in Eset Network log all apps trying to connect to this IP address. Edited July 17, 2022 by itman Link to comment Share on other sites More sharing options...
itman 1,789 Posted July 17, 2022 Share Posted July 17, 2022 (edited) Upon further review, the IP address to be blocked is 35.209.108.216. Note this address resolves to Google. Edited July 17, 2022 by itman Link to comment Share on other sites More sharing options...
FJCZ 0 Posted July 23, 2022 Author Share Posted July 23, 2022 Hi, I though that after i did: safe mode delete temp, erase firefox, run sfc , run dism the virus were gone but today again tried to connect and now with msedge. What can i do. Link to comment Share on other sites More sharing options...
FJCZ 0 Posted July 23, 2022 Author Share Posted July 23, 2022 First able was with firefox and now that firefox is gone it is trying to use msedge too. Link to comment Share on other sites More sharing options...
itman 1,789 Posted July 23, 2022 Share Posted July 23, 2022 Eset blocks access to this domain via its anti-Phishing blacklist: Time;URL;Status;Detection;Application;User;IP address;Hash 7/16/2022 7:40:05 PM;http://www.winchatsupport.com;Blocked;Anti-Phishing blacklist;C:\Program Files\mozilla firefox\firefox.exe;xxxxxxx;35.209.108.216;2E0048BC0143E8586DC2D7B84C252875AB9E0E4F One reason I wanted you to create an Eset firewall rule to block all inbound/outbound access to the above IP address is to determine which processes are connecting to it. Does Edge attempt to connect to this address without you manually opening Edge? Link to comment Share on other sites More sharing options...
FJCZ 0 Posted July 30, 2022 Author Share Posted July 30, 2022 When he tried to connect Edge is open because i am using it. I delete Edge completely from Windows and 1 week later the same issue. Please help. I think i will have to format the computer. Time;URL;Status;Detection;Application;User;IP address;Hash 7/30/2022 8:58:12 AM;hxxps://www.winchatsupport.com;Blocked;Anti-Phishing blacklist;C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe;FIT-WKS-FRN-00\FRANCISCO;35.209.108.216;66CAAFFB188BF3AFAAD4815A6FBFE2A1A7CED721 Link to comment Share on other sites More sharing options...
itman 1,789 Posted July 30, 2022 Share Posted July 30, 2022 5 hours ago, FJCZ said: When he tried to connect Edge is open because i am using it. I delete Edge completely from Windows and 1 week later the same issue. Please help. I think i will have to format the computer. Win 10 will reinstall Edge if you delete it. So that is not an issue. My best guess here is something was downloaded from www.winchatsupport.com previously and was installed. In Win Control Panel -> Programs check if anything exists that is related to this web site; i.e. Publisher is Winchatsupport, etc.. If something does exist, uninstall it. Link to comment Share on other sites More sharing options...
FJCZ 0 Posted July 30, 2022 Author Share Posted July 30, 2022 I checked in control panel and there is nothing install for winchatsupport in programs and features. EDGE was not installed after i uninstalled. I installed again from Microsoft store since i deleted it and not browser were installed. Link to comment Share on other sites More sharing options...
Jessk2 0 Posted August 10, 2022 Share Posted August 10, 2022 Along with MalwareBytes, I keep SuperAntiSpyware in my arsenal. It's possible that it's redundant with the other apps already mentioned. (I've never used Combofix; I'll keep it in mind for the 'next time.') Link to comment Share on other sites More sharing options...
Recommended Posts