Post by journey on Aug 30, 2017 19:22:47 GMT -8
I have fully read the Welcome Rules posts and have followed them.
Starting on August 10th, 2017 Norton began notifying me 2-3 times per day that “an intrusion attempt by DESKTOP-HU2K987 was blocked.” Norton said the IPS Alert Name is “System Infected: Trojan.Zlob.Q Activity.” The only symptom I have noticed since the virus is that my computer is notably slower, whether navigating programs on my computer or browsing the internet. There have been no crashes or bluescreens. I can shut the PC down and restart it with no issues. I run Windows 10.
Norton indicated that the attacking computer was identified as: DESKTOP-HU2K987 (192.168.0.100, 59288). It states the attacker URL is: beautyfile.info/u/?a=RS25RAn2VQ8M-hO0Bno97F-Jfk4WnY4fX1JdqKn76yj6GldefBNpHQGyWCPRjEUD24Qmw_arbkHhg72NJ4dtGR65gWlm2KgIwesxIMERvU14sNBlE9hyM_naVbfO44XKIqn8eQHRX9S_1BaRAlacb8SsLuoBi6txTRA8mvv948ibAA9DYQQZx8FuI0PFoDUZyFA1fg7v0PKoZVaW3opcXv0T4CSnV4syjuRCUQb7LW2ZIAFo7jZYtgTUQPqA2SLrgq1HDy1KRQ20tSMWvaHGfesRfouLCfnIjePSCRO57JVc-_lSJR9IuNnJRkNhSPHf0dfluhx6jqRSLyLKpfuXgiU_CYvq20OsPtzxGq2K0fP4ZZSst0PqrEBoVYiDHwupdP6C_W78o5-NDY6mkLjG7Q3rs_zEw9RqvfEqzVsVdIVSdML8I4ZQAXZFiNkrFh8pRi_suiZHy7XdxZhXop-s16aQ0suats9N3AfQGytsgQh5r_whoO81nJXu9h00P_yfdcPzrzgukxf3QPPBHSLohVRd3YsC325pF_IEjX0AUELFnAWOWyyaM59Wyt78Uh_T_Nj_Iowmxz9wNqEKTAkGfo1GtVdRd1-BNPV17dh8FpSx9T0lxKu6AaZX-JICB9vjlA_mfexJiXi6DygKvLlN03miFsRBu_kYhGH9QC9k6WRSLi3XPemBJZirVF6y4m5jdjlPMGMFdXcOtc6RKwE_4zEkKWFeuN-Zy85co8ewBGzW8cTENfxOJuv6d3lqIamwRcLGJY1mMTJBzkX0mddG5SzhNIoYXaXkym3IXBO_AOKBDzA8NF7lcO8SWMnvW69OPHG7LUSr632hE7fGMkS7RG-ww3hWJF2xD9KWNaP3BYXm8j7kgcNmdbecjVoSbchJ_nm&c=LEGi3xkqzX4CtTKEjnrBkqRC1RPN5gO2Rl22NNkBYSLOxc1Y0YKvxz_TqC9QP5A-ZogbsggXWKs6Uz6r0UqcCey2KSojqYUwpsCFHZqgdEtEefK2DQaTU-7BMeR0JnSwcEQB9zePNy_F9Ja09NuAUOHVVWLKTiSPy9ARx5woStRR08Q5HYqqPpYzNQQvcTtntc13UOnFnnmXgxqcE1FeAOJDufKXEWIXNC2IZWEO8Qx38Z3T2nuEBmNtIAtu2PGq1IbncFP1YZ8hjUg_UnNjBkY_BpRdcG9RbhDIaIOTjZQx-FoG5eX900kJ79flhVGIym4FxPgFRg6yuSUjXrXM-x40y9LyCZudZ5sUvb4rmtq72uwBG13T40sVPCTR9JQxcURgKsSfNOtoAzye0A2dV8J-Ayw9j7kBnahazxqMf4yfhPbOW6SMpoGoUAqFjeDJSmR5WGSxti6WRvQMFvTETE5pSubobq_TD52eUbfkBaOZR67FwRbArARxEZkYIxUDeUDiFTUMxVwPAYoNa2OeGHU9hqqVQclFj4nfJIktYAx5rYHgwU8Tk3_KGxJFwtvTy823JIgPeWSsZRNuqIp38KXT3Y-PaK9UDGSJx2YQL7UHZOH7YhjVulgpe1MZBFmZ1F-QwrAEwQPHTmc01T70y2P5OtM5F_lWyyWkdXXPcdX3EF3hEm_K4hnj11t6KS0QKEd08I7VrDj0e6TvY5VIYMj58zhzmEiiO42GFhVno88FmFf6txEmqV0rdxucWzFTP0KSCYEWcMx5P-n8bOqo8i-4oaWkRUBUDgPUMk24-dDikIWTPTHXmYeDK7SF48ad5DavtUEl3Mvy1cXrS3mk1U9e4dlSZlCro8BOfeidF7fQHMF4BxKiNMmBA0OIyR-oz_pteAYDLXhd4DLIusIurBU2xd&r=1835987892575565785
Norton states that this “matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME6\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE.”
I have run the following from Norton: Quick Scan, Full Scan, Norton Power Eraser. None of those tools found any problematic files nor made any changes to the computer. I also ran Malwarebytes’ scan and that also found nothing.
FRST.txt: wikisend.com/download/589556/FRST.txt
Addition.txt: wikisend.com/download/135584/Addition.txt
Thank you in advance for your help!
Starting on August 10th, 2017 Norton began notifying me 2-3 times per day that “an intrusion attempt by DESKTOP-HU2K987 was blocked.” Norton said the IPS Alert Name is “System Infected: Trojan.Zlob.Q Activity.” The only symptom I have noticed since the virus is that my computer is notably slower, whether navigating programs on my computer or browsing the internet. There have been no crashes or bluescreens. I can shut the PC down and restart it with no issues. I run Windows 10.
Norton indicated that the attacking computer was identified as: DESKTOP-HU2K987 (192.168.0.100, 59288). It states the attacker URL is: beautyfile.info/u/?a=RS25RAn2VQ8M-hO0Bno97F-Jfk4WnY4fX1JdqKn76yj6GldefBNpHQGyWCPRjEUD24Qmw_arbkHhg72NJ4dtGR65gWlm2KgIwesxIMERvU14sNBlE9hyM_naVbfO44XKIqn8eQHRX9S_1BaRAlacb8SsLuoBi6txTRA8mvv948ibAA9DYQQZx8FuI0PFoDUZyFA1fg7v0PKoZVaW3opcXv0T4CSnV4syjuRCUQb7LW2ZIAFo7jZYtgTUQPqA2SLrgq1HDy1KRQ20tSMWvaHGfesRfouLCfnIjePSCRO57JVc-_lSJR9IuNnJRkNhSPHf0dfluhx6jqRSLyLKpfuXgiU_CYvq20OsPtzxGq2K0fP4ZZSst0PqrEBoVYiDHwupdP6C_W78o5-NDY6mkLjG7Q3rs_zEw9RqvfEqzVsVdIVSdML8I4ZQAXZFiNkrFh8pRi_suiZHy7XdxZhXop-s16aQ0suats9N3AfQGytsgQh5r_whoO81nJXu9h00P_yfdcPzrzgukxf3QPPBHSLohVRd3YsC325pF_IEjX0AUELFnAWOWyyaM59Wyt78Uh_T_Nj_Iowmxz9wNqEKTAkGfo1GtVdRd1-BNPV17dh8FpSx9T0lxKu6AaZX-JICB9vjlA_mfexJiXi6DygKvLlN03miFsRBu_kYhGH9QC9k6WRSLi3XPemBJZirVF6y4m5jdjlPMGMFdXcOtc6RKwE_4zEkKWFeuN-Zy85co8ewBGzW8cTENfxOJuv6d3lqIamwRcLGJY1mMTJBzkX0mddG5SzhNIoYXaXkym3IXBO_AOKBDzA8NF7lcO8SWMnvW69OPHG7LUSr632hE7fGMkS7RG-ww3hWJF2xD9KWNaP3BYXm8j7kgcNmdbecjVoSbchJ_nm&c=LEGi3xkqzX4CtTKEjnrBkqRC1RPN5gO2Rl22NNkBYSLOxc1Y0YKvxz_TqC9QP5A-ZogbsggXWKs6Uz6r0UqcCey2KSojqYUwpsCFHZqgdEtEefK2DQaTU-7BMeR0JnSwcEQB9zePNy_F9Ja09NuAUOHVVWLKTiSPy9ARx5woStRR08Q5HYqqPpYzNQQvcTtntc13UOnFnnmXgxqcE1FeAOJDufKXEWIXNC2IZWEO8Qx38Z3T2nuEBmNtIAtu2PGq1IbncFP1YZ8hjUg_UnNjBkY_BpRdcG9RbhDIaIOTjZQx-FoG5eX900kJ79flhVGIym4FxPgFRg6yuSUjXrXM-x40y9LyCZudZ5sUvb4rmtq72uwBG13T40sVPCTR9JQxcURgKsSfNOtoAzye0A2dV8J-Ayw9j7kBnahazxqMf4yfhPbOW6SMpoGoUAqFjeDJSmR5WGSxti6WRvQMFvTETE5pSubobq_TD52eUbfkBaOZR67FwRbArARxEZkYIxUDeUDiFTUMxVwPAYoNa2OeGHU9hqqVQclFj4nfJIktYAx5rYHgwU8Tk3_KGxJFwtvTy823JIgPeWSsZRNuqIp38KXT3Y-PaK9UDGSJx2YQL7UHZOH7YhjVulgpe1MZBFmZ1F-QwrAEwQPHTmc01T70y2P5OtM5F_lWyyWkdXXPcdX3EF3hEm_K4hnj11t6KS0QKEd08I7VrDj0e6TvY5VIYMj58zhzmEiiO42GFhVno88FmFf6txEmqV0rdxucWzFTP0KSCYEWcMx5P-n8bOqo8i-4oaWkRUBUDgPUMk24-dDikIWTPTHXmYeDK7SF48ad5DavtUEl3Mvy1cXrS3mk1U9e4dlSZlCro8BOfeidF7fQHMF4BxKiNMmBA0OIyR-oz_pteAYDLXhd4DLIusIurBU2xd&r=1835987892575565785
Norton states that this “matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME6\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE.”
I have run the following from Norton: Quick Scan, Full Scan, Norton Power Eraser. None of those tools found any problematic files nor made any changes to the computer. I also ran Malwarebytes’ scan and that also found nothing.
FRST.txt: wikisend.com/download/589556/FRST.txt
Addition.txt: wikisend.com/download/135584/Addition.txt
Thank you in advance for your help!