Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Constant MB popup blocking outbound connection after malware removal


ImagoX
 Share

Recommended Posts

I'm using Win7 64-bit and recently had the misfortune to run across the dread SearchProtect browser hijack. I used Malwarebytes to quarantine about 2 dozen files, all associated with the hijack, then did the following:

 

  • Uninstalled SearchProtect, Conduit, and everything else associated with the malware
  • Deleted all app files in "C:\Program Files (x86)" associated with SearchProtect
  • Deleted the entire contents of the "AppData\Temp" folder (using Safe Mode)
  • Reset both installed browsers (IE and Chrome) to remove reset homepage
  • Re-ran Malwarebytes scan, which came up clean

Problem is, I'm STILL getting the constant popup that MB is blocking an outbound connection attempt. When I look in AppData\Temp, I can see a newly-created folder that houses the file that's trying to call out. The call out happens even when Chrome and IE are NOT running (verified by using Process Explorer to make sure neither executable is active), so I think it's not using the browser to try and "call home". A screenshot of the popup and the AppData\Temp folder is in the thread's Attachments.

 

 

I then tried the Malwarebytes Root Kit beta (suggested in another thread), but to run it I will have to completely stop MB, which is currently blocking the call out and I don't want that to happen.

 

Next, I followed the advice in other threads, and downloaded then run FarBar as well as TDSSKiller with the suggested add-on configs enabled - all 3 log files are attached to this post. At this point MB is giving me a clean bill of health, but the popup remains so SOMETHING is embedded - I just can't figure out what.

 

What are the next steps please? Thanks a million in advance for assistance!

Addition.txt

FRST.txt

TDSSKiller.3.0.0.41_11.12.2014_11.17.52_log.txt

post-179607-0-42462200-1418315793_thumb.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.