RoboMan

Level 24
Content Creator
Verified
Joined
Jun 24, 2016
Messages
1,358
OS
Windows 10
Antivirus
Bitdefender
#1
This is really weird and I'm failing to find it an explanation. Possible I'm paranoid and it's a series of coincidences, but with the possibility of infection I'd like to come to somebody that clearly knows better than me.

Useful facts:
  • I do have a VPN and I didn't have it active when this occured
  • Windows and software updates up to date.
  • Connected to a work network with shared devices OFF (PC not visible for others)
As for the Twitter and Facebook mentioned issue (below, on symptoms) I checked the accesses to my account after the blocking, but found nothing worth worrying, only my accesses.
 
Operating System
Windows 10
Are you using a 32-bit or 64-bit operating system?
64-bit (x64)
Infection date and initial symptoms
About a week ago
Current issues and symptoms
-Several messages of unusual traffic when visiting Google and other sites, related to my IP
-Facebook and Twitter blocking my accounts due to suspicious behaviour
-When launched Opera today, found four new bookmarks I never added although they're not malicious (Amazon, booking.com, dafiti, pontofrio)
Steps taken in order to remove the infection
-Manual scans of memory, boot, disks and appdata with MalwareBytes, Kaspersky Virus Removal Tool, Zemana Anti-Malware, and ESET Online Scanner
-Checked scheduled tasks and autoruns with SysInternals Autoruns
-Checked active processes with Process Explorer
-Enabled VirusTotal check on both programs above for all processes
-Checked my IP and DNS (Norton Connect Safe)
Logs added to Help Request
FRST.txt, Addition.txt

Attachments

RoboMan

Level 24
Content Creator
Verified
Joined
Jun 24, 2016
Messages
1,358
OS
Windows 10
Antivirus
Bitdefender
#3
Hello,

I do not see signs of infection in your logs.
To be expected. Thanks for the assistance though.

For those interested in this case, I have already figured it out on my own. There has been a network attack or IP leak on the office. We all share the same IP and I found it was compromised (used for spam emailing), therefore why Google detected unusual traffic on our IP and social networks were blocking our accounts.

Solution: rebooted and resetted routers, flushed DNS and ask ISP for an IP change. We need more restrictive policies regarding our employees lel.

See you soon!