Jump to content

HOW TO REMOVE A MALWARE FROM A COMPUTER


FJCZ
 Share

Recommended Posts

Hi, i have a computer that is trying to connect to hxxps://www.winchatsupport.com from firefox and also from msedge (Edge). I run malwarebytes, Eset and Fortinet and none of these detect or remove that malware. I do not have any extension or add on.

I also uninstall firefox manually because i just thought that the problem was only with firefox but then i realized that the same happened when i use Edge.

I know that the computer is trying to connect to that url because Eset Endpoint is showing me logs in filtered websites and i did not open that web site right now. May be in the past i opened by mistake.

 

Is there any way i can clean the computer?

 

 

Link to comment
Share on other sites

It appears the domain only has one IP address associated with it - 166.62.102.174 35.209.108.216

Create an Eset firewall rule to block all inbound/outbound network traffic to the IP address. Set the logging to warning level. Move the rule to the top of the existing firewall rule set.

You can then view in Eset Network log all apps trying to connect to this IP address.

Edited by itman
Link to comment
Share on other sites

Upon further review, the IP address to be blocked is 35.209.108.216.

Note this address resolves to Google.

Edited by itman
Link to comment
Share on other sites

Hi, I though that after i did:

safe mode delete temp, erase firefox, run sfc , run dism the virus were gone but today again tried to connect and now with msedge.

What can i do.

Link to comment
Share on other sites

First able was with firefox and now that firefox is gone it is trying to use msedge too.

Link to comment
Share on other sites

Eset blocks access to this domain via its anti-Phishing blacklist:

Time;URL;Status;Detection;Application;User;IP address;Hash
7/16/2022 7:40:05 PM;http://www.winchatsupport.com;Blocked;Anti-Phishing blacklist;C:\Program Files\mozilla firefox\firefox.exe;xxxxxxx;35.209.108.216;2E0048BC0143E8586DC2D7B84C252875AB9E0E4F

One reason I wanted you to create an Eset firewall rule to block all inbound/outbound access to the above IP address is to determine which processes are connecting to it. Does Edge attempt to connect to this address without you manually opening Edge?

 

Link to comment
Share on other sites

When he tried to connect Edge is open because i am using it. I delete Edge completely from Windows and 1 week later the same issue. Please help. I think i will have to format the computer.

Time;URL;Status;Detection;Application;User;IP address;Hash
7/30/2022 8:58:12 AM;hxxps://www.winchatsupport.com;Blocked;Anti-Phishing blacklist;C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe;FIT-WKS-FRN-00\FRANCISCO;35.209.108.216;66CAAFFB188BF3AFAAD4815A6FBFE2A1A7CED721
 

Link to comment
Share on other sites

5 hours ago, FJCZ said:

When he tried to connect Edge is open because i am using it. I delete Edge completely from Windows and 1 week later the same issue. Please help. I think i will have to format the computer.

Win 10 will reinstall Edge if you delete it. So that is not an issue.

My best guess here is something was downloaded from www.winchatsupport.com previously and was installed. In Win Control Panel -> Programs check if anything exists that is related to this web site; i.e. Publisher is Winchatsupport, etc.. If something does exist, uninstall it.

Link to comment
Share on other sites

I checked in control panel and there is nothing install for winchatsupport in programs and features. EDGE was not installed after i uninstalled. I installed again from Microsoft store since i deleted it and not browser were installed.

Link to comment
Share on other sites

  • 2 weeks later...

Along with MalwareBytes, I keep SuperAntiSpyware in my arsenal. It's possible that it's redundant with the other apps already mentioned. (I've never used Combofix; I'll keep it in mind for the 'next time.')

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...