Jump to content

Nothing shows, but I still think that I may have something. Story should explain


Guest Jverstohlen
 Share

Recommended Posts

Guest Jverstohlen

So a couple days ago Malwarebyte notification popup said that it is blocking an IP address (93.174.93.51  , 4467)  and said that it was from C:\Windows\System32\svchost.exe 

 

So I search the internet first about that IP. I don't know if it is ok but I used the whatismyip dot com site and it showed it being in the Netherlands. So I check out svchost.exe and info on the web. In the end did what usually said for finding these kind of viruses & rootkits. I've used Kaspersky tdsskiller rootkit removal utility, which found nothing at all. Obviously I ran Malwarebyte (free version) and selected rootkits but nothing still. I then downloaded the Malwarebyte rootkit detector that is in beta, but nothing has showed up. So I just stopped.

 

So I ignored it

 

Days later (today pretty much) I saw that same pop up again saying IP blocked, but this IP was a bit different from the first one. (94.102.49.168  , 49152)This one though popped up twice! One second after the first popup.. This was  also saying from the svchost.exe. Although I think I remember it saying Website blocked, I could be mistaken though. Google chrome does show a svchost.exe but not in the system32 file though. Anyway again checked IP on that site again and the location was pretty much within the same location.as the first IP that I've checked from a couple days ago. The comments on that site that were place within a couple days from now were all saying pretty much the same thing, "Blocked from Malwarebyte, Trying to get through, etc.." So again. Did those same scans Malwarebyte (free version, rootkit set on), Kaspersky's Tdsskiller rootkit removal, Malwarebyte Rootkit Remover, and Windows Security Essential. All showing nothing at all.

 

Now Reading those comments do show that other Malwarebyte users have seen this IP blocked & I could have missed the Website blocked but it does say that it was coming from svchost.exe and this is what is bothering me.

 

Thank you for reading this and hopefully someone can help. 

Link to post
Share on other sites

Guest Jverstohlen

Sorry, I should have posted these files earlier. I thought I was going to be able to edit my post. Anyway here are the Farbar Recovery Scan Tool Results

Link to post
Share on other sites

Guest Jverstohlen

Update: First of all. I would like to apologize for putting in another post, I will not add anymore I promise, I just feel like this would be some useful info. Also there's no need to rush. I can most definitely wait, I do understand.. 

 

Anyway that IP address came back and it DOES say 'Malicious Website Blocked' I as well checked the previous ones in  the log & they all did say the same thing. So, it may be nothing. One thing though that was different is that it did say wininit.exe instead of the usual svchost.exe. But now seeing that it did say 'Malicious Website Blocked' I am not really worrried about me being infected anymore, especially seeing the many post with the same situation & the all the test said that they were fine & all they need to do was something like updating flash or something within their browser. I did notice though that these did pop up whenever I had my RSS reader Inoreader in one tab and a youtube in another. I can't really recall anything about the one that occurred a couple of days ago, bu witth this recent one, I was in the middle of a video on youtube when it popped up. My internet Browser is also Google Chrome Version 35.0.1916.153 m.  It said that it was up to date. And I do believe with Youtube certain JavaScript is running. Although not too sure of the info about my RSS Reader Inoreader that I have in another tab. If it is nothing, how come it shows svchost.exe or wininit.exe on these things? Other perople had these types of messages pops up too with everything clear on their end?

Link to post
Share on other sites

  • 1 month later...
  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.