Jump to content

Malicious Website Blocked 46.249.61.xx

keni
 Share

Recommended Posts

keni

keni

Posted
Posted

I'm running AVG and Malwarebytes Anti-Malware (Premium).  Malwarebytes is periodically reporting:

 

Malicious Website Blocked

IP: 46.249.61.90 (varies)

Domain: hoeger.biz (varies)

Outbound port: 49237 (varies)

Process: C:\Windows\System32\svchost.exe

 

I ran Malwarebytes Anti-Malware scan and also Malwarebytes mbar scan and neither found any issues.  A RogueKillerX64 scan detects and kills "Killed  Root.Zekos  svchost.exe" and then a Window pops up indicating "Windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly".

 

I've attached the FRST logs.

 

Thanks!

 

Addition.txt

FRST.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites
keni

keni

Posted
  • Author
Posted

Hi,

 

It looked like I had several issues including the Root.Zekos virus.  Malwarebytes wasn't able to detect any issue but RogueKiller(killed Root.Zekos in svchost.exe) and HitmanPro (rpcss.dll infected) did.  I reformatted the drive and re-installed Windows 7.  There was a 100MB partition I wasn't given an option to reformat (boot sector?); is that automatically setup/cleaned during a full windows install?  After installing windows I immediately downloaded Malwarebytes and AVG and then updated Windows.  I then ran the malwarebytes scan with the options you requested (results attached).  I also ran RogueKiller, HitmanPro, and AVG.  RogueKiller still reports some items (report attached) but everything else was clean. 

 

Sorry for not waiting but it looked like I had multiple issues and I read a re-format was a good idea after getting the Zekos virus.  I'm hoping your still willing to check the RogueKiller report since it had some items reported and I don't know if that is common or if my computer is still infected.

 

Thanks,
Ken

 

 

MalwareBytesAfterReformat.txt

RKreport_SCN_06072014_072223.log

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept