Jump to content
Sign in to follow this  
captarheel

MBAM frequently blocking outbound access to malicious site 208.73.210.29

Recommended Posts

What browsers are installed now and which ones give you the alert? MrC

Share this post


Link to post
Share on other sites

OK, between this post and your last I'm out of ideas.

There is no one solution to this problem, the only solution that made sense was this one:

http://forums.malwar...49

All I can suggest is to run these scans and see if they find anything:

SUPERAntiSpyware Portable Scanner

http://www.superanti...blescanner.html

----------------------------

Also this one which will take several hours to complete (3 or more):

VIPRE Rescue Program

http://live.vipreantivirus.com/

Let me know, MrC

Share this post


Link to post
Share on other sites

ran both. First scan found three tracking cookies. Cleaned and removed them.

The Vipre Rescue program took a long time, like you said, but found nothing.

If there is a log somewhere from either that you would like me to post, please point me to where I will find it.

Thanks!

Share this post


Link to post
Share on other sites

No, I don't need to see the logs, hang on while I decide what to do next, MrC

Share this post


Link to post
Share on other sites

You have some 'Scheduled Tasks' showing, lets try to disable one at a time and see if it makes any difference:

http://freewindowsvi...sInWindows7.php

Contents of the 'Scheduled Tasks' folder

.

2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 10:51]

.

2012-07-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 20:54]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-22 04:34]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-22 04:34]

Let me know, MrC

Share this post


Link to post
Share on other sites

MrC,

I will check these scheduled services, but I have not been running for about 2 hours this morning and have not had any alerts. I have not seen any alerts since we ran the last two scans. The long scan did not find anything, but the first scan, as you recall, did find and eliminate 3 tracking cookies.

I have not tried opening either FF or IE in regular mode, but I am running IE in safe mode.

Should I try running FF or IE in regular mode? I won't try that until I hear from you.

Share this post


Link to post
Share on other sites

have run both IE and FF in regular mode for a couple of hours now -- no IP block alerts. Will continue to monitor overnight and let you know.

Share this post


Link to post
Share on other sites

Since you haven't replied, I'll assume everything is OK.

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.