Operating System
Windows 10
Infection date and initial symptoms
About a week ago
Current issues and symptoms
-Several messages of unusual traffic when visiting Google and other sites, related to my IP
-Facebook and Twitter blocking my accounts due to suspicious behaviour
-When launched Opera today, found four new bookmarks I never added although they're not malicious (Amazon, booking.com, dafiti, pontofrio)
Steps taken in order to remove the infection
-Manual scans of memory, boot, disks and appdata with MalwareBytes, Kaspersky Virus Removal Tool, Zemana Anti-Malware, and ESET Online Scanner
-Checked scheduled tasks and autoruns with SysInternals Autoruns
-Checked active processes with Process Explorer
-Enabled VirusTotal check on both programs above for all processes
-Checked my IP and DNS (Norton Connect Safe)
System logs
Yes, I've uploaded the FRST.txt logs
Yes, I've uploaded both FRST.txt and Addition.txt logs

RoboMan

Level 25
Content Creator
Verified
This is really weird and I'm failing to find it an explanation. Possible I'm paranoid and it's a series of coincidences, but with the possibility of infection I'd like to come to somebody that clearly knows better than me.

Useful facts:
  • I do have a VPN and I didn't have it active when this occured
  • Windows and software updates up to date.
  • Connected to a work network with shared devices OFF (PC not visible for others)
As for the Twitter and Facebook mentioned issue (below, on symptoms) I checked the accesses to my account after the blocking, but found nothing worth worrying, only my accesses.
 

Attachments

RoboMan

Level 25
Content Creator
Verified
Hello,

I do not see signs of infection in your logs.
To be expected. Thanks for the assistance though.

For those interested in this case, I have already figured it out on my own. There has been a network attack or IP leak on the office. We all share the same IP and I found it was compromised (used for spam emailing), therefore why Google detected unusual traffic on our IP and social networks were blocking our accounts.

Solution: rebooted and resetted routers, flushed DNS and ask ISP for an IP change. We need more restrictive policies regarding our employees lel.

See you soon!