|
|
Post by wartronica on Nov 20, 2024 23:00:24 GMT -8
I reinstalled Windows not long ago and downloaded Wireshark to block all Microsoft telemetry IPs. On the new installation I began using aero10, some Windhawk mods, basicthemer6, themes10x64, tbconf_x64, desktop architect, retrobar, winpaletter, dwmblurglass, briefly tried openglass, used ultrauxthemepatcher, oldnewexplorer, winaero tweaker, 7++ taskbar tweaker, SIB and open-shell.
At some point I started getting network traffic from IPs that led back to a site called "poneytelecom.eu" which is apparently known for hosting botnets and cyber-criminal activities. I am not sure which particular program or mod caused this so I'd be cautious.
I set my firewall to block all incoming and outgoing traffic unless I allowed a program through, but it didn't stop it. After failing to configure my firewall to stop it I installed Malwarebytes, scanned with it and I had malware on my computer that wasn't getting detected by Windows Defender. I let Malwarebytes remove it, but even after that I still had traffic from those IPs leading back to that domain. I had to reinstall Windows again.
The only other things I had installed were Waterfox, Discord and Steam.
Just a heads up.
|
|
|
|
Post by Brawllux on Nov 20, 2024 23:40:14 GMT -8
I reinstalled Windows not long ago and downloaded Wireshark to block all Microsoft telemetry IPs. On the new installation I began using aero10, some Windhawk mods, basicthemer6, themes10x64, tbconf_x64, desktop architect, retrobar, winpaletter, dwmblurglass, briefly tried openglass, used ultrauxthemepatcher, oldnewexplorer, SIB and open-shell. At some point I started getting network traffic from IPs that led back to a site called "poneytelecom.eu" which is apparently known for hosting botnets and cyber-criminal activities. I am not sure which particular program or mod caused this so I'd be cautious. I set my firewall to block all incoming and outgoing traffic unless I allowed a program through, but it didn't stop it. After failing to configure my firewall to stop it I installed Malwarebytes, scanned with it and I had malware on my computer that wasn't getting detected by Windows Defender. I let Malwarebytes remove it, but even after that I still had traffic from those IPs leading back to that domain. I had to reinstall Windows again. The only other things I had installed were Waterfox, Discord and Steam. Just a heads up. Which file was infected? It could literally reveal what caused it by showing the file location. |
|
|
|
Post by wartronica on Nov 20, 2024 23:48:38 GMT -8
I reinstalled Windows not long ago and downloaded Wireshark to block all Microsoft telemetry IPs. On the new installation I began using aero10, some Windhawk mods, basicthemer6, themes10x64, tbconf_x64, desktop architect, retrobar, winpaletter, dwmblurglass, briefly tried openglass, used ultrauxthemepatcher, oldnewexplorer, SIB and open-shell. At some point I started getting network traffic from IPs that led back to a site called "poneytelecom.eu" which is apparently known for hosting botnets and cyber-criminal activities. I am not sure which particular program or mod caused this so I'd be cautious. I set my firewall to block all incoming and outgoing traffic unless I allowed a program through, but it didn't stop it. After failing to configure my firewall to stop it I installed Malwarebytes, scanned with it and I had malware on my computer that wasn't getting detected by Windows Defender. I let Malwarebytes remove it, but even after that I still had traffic from those IPs leading back to that domain. I had to reinstall Windows again. The only other things I had installed were Waterfox, Discord and Steam. Just a heads up. Which file was infected? It could literally reveal what caused it by showing the file location. The malware itself infected my recycle bin executable, Malwarebytes didn't tell me what the initial file was/couldn't find it. |
|
|
|
Post by Brawllux on Nov 21, 2024 0:14:47 GMT -8
Which file was infected? It could literally reveal what caused it by showing the file location. The malware itself infected my recycle bin executable, Malwarebytes didn't tell me what the initial file was/couldn't find it. If it is an executable it really cant be a Windhawk mod or a similar thing, and if every modification you did still works you can be sure that it wasnt caused by them. |
|
|
|
Post by wartronica on Nov 21, 2024 0:35:38 GMT -8
The malware itself infected my recycle bin executable, Malwarebytes didn't tell me what the initial file was/couldn't find it. If it is an executable it really cant be a Windhawk mod or a similar thing, and if every modification you did still works you can be sure that it wasnt caused by them. The malware itself somehow infected my recycle bin exe file according to Malwarebytes, and that was only a quick scan as I wasn't going to wait around for a full scan since it was clear my computer was compromised. I'm not sure whether it was a mod or program, I'm positive it's something I downloaded from that list because it happened after I used those and the only other things I installed were Waterfox, Discord and Steam.
Unless it's a virus from my old Windows installation I never realised I had and it somehow survived me wiping the hard drive I don't know how else I could've gotten it.
|
|
