Jump to content

RetiredTech

Members
  • Content Count

    27
  • Joined

  • Last visited

Community Reputation

0 Neutral

About RetiredTech

  • Rank
    New Member

Profile Information

  • Location
    Western Michigan
  1. Root Admin's solution makes the most sense. Browser guard was installed but Sync was turned on in Chrome browser and possibly not cleared out. I will attempt a Sync logout and clean things up again.
  2. I have found several of my clients who all are using Malwarebytes Pro Version and have had there browser infected with a url called "accessblocked.azurewebsites.net" It admonishes them to NOT turn off the computer and lists itself as Microsoft Support with a phone number to contact. The fake support then requests a credit card to effect the repair. They don't understand why Malwarebytes did not block the website. The website continually reconnects itself so there is no opportunity to back out of the display other than exiting the browser via task manager with a delete of the browser task. I am
  3. I just installed the Version 4 upgrade and was looking around the new interface and noticed that there was a single "Allow List" entry with an unknown IP address. I am not aware that I have ever entered an IP address that allowed a website to be skipped with Malwarebytes. The IP address is owned by a Russian company. The IP address is 91.226.116.137. Has anyone ever heard of this or know what it might be? Could it have been entered remotely? Kaspersky addresses are not in this range. I thought it very peculiar.
  4. Jeff, Everything is working great now. I did this repair for a friend in a retirement park in Florida and he is very happy to get his computer back in good working order again. Thanks again for your help in this matter. He now has Malwarebytes Pro (as well as his antivirus program) purchased and running to keep some of the bad things out . Feel free to close this thread. Thanks again.
  5. Computer is running fine with no problems. Thanks very much for your help! Time to close this one out. I will paste again with most of the deleted Mobogenie files left out so you can see the beginning and end of Combofix. ComboFix 14-02-18.01 - JOSEPH 02/18/2014 21:13:25.2.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.1098 [GMT -5:00]Running from: c:\users\JOSEPH\Desktop\ComboFix.exeCommand switches used :: c:\users\JOSEPH\Desktop\cfscript.txtAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Ess
  6. Jeff, File was too big to paste so I attached the file as log.txt. IP blocking seems to have stopped. There were a ton of mobogenie files deleted in the user appdata\local directory. I will reboot and see if the computer seems clean again. Thank you very much for your help! You are greatly appreciated! RetiredTech
  7. Jeff, Combo fix was run as you requested. Here is the post for combofix.txt: ComboFix 14-02-16.01 - JOSEPH 02/18/2014 8:43.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.763 [GMT -5:00]Running from: c:\users\JOSEPH\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files C
  8. Jeff, Sorry but what I thought was dds.txt was only part of the Malwarebytes log. Here is DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19088Run by JOSEPH at 13:52:22 on 2014-02-16Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.843 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\spo
  9. Jeff, Thanks for responding! DDS.txt is already posted at the top of my first post. (it lists all the IP addresses stopped.) I had already run TDSSkiller with no errors, but I ran it again for you. Here is the report listed below for you: 20:59:17.0573 0x0980 TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:4120:59:26.0647 0x0980 ============================================================20:59:26.0647 0x0980 Current date / time: 2014/02/16 20:59:26.064720:59:26.0647 0x0980 SystemInfo:20:59:26.0647 0x0980 20:59:26.0647 0x0980 OS Version: 6.0.6002 ServicePack: 2.020:59:26.0647 0x
  10. I have run Malwarebytes, MBAR, Avast (in both OS and Boot version) and eliminated many pups, trojans, virus and rootkits on this VERY sick Vista SP2 desktop. However there is still something hanging around that causes Malwarebytes to block outgoing IP addresses to various ports at the following addresses: 5.45.6x.xx, all owned by the same vendor. Examples: ruggersner8.net at 5.45.69.131, rummerstain2.com at 5.45.66.208 and there are about 10 or so similar and all using slightly different ports. Process is generic MS svchost.exe but started by something bad. DDS.txt: 2014/02/16 11:10:12 -0500
  11. Thanks everyone and especially ShyWriter. Reducing the size worked perfectly. Most websites have a written notice that the picture must be less that a certain number of pixels or number of KB to work. I kind of thought that since there was a cropping tool involved that the program would reduce the size automatically. Guess I was wrong. Maybe Malwarebytes can include a statement that the picture size must be limited so future posters won't be confused. Thanks again to everyone who helped on this one!
  12. From #6 above, I have tried Chrome Version 26.0.1410.64 m, Firefox v20.01 and IE9 v9.0.8112.16421
  13. Sorry, the name shows above and to the RIGHT of the "Choose" File button.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.