Jump to content

112.175.243.12 - Constant Pop-up Malicious Website Blocked


Recommended Posts

Is this a virus issue? 

 

Continuous pop-up for Mal website blocked, every 30 second0s or so. I ran the MB rootkit and found nothing. I can't sort the Quarantine history by category (what the hell?) but there's "spigot" in Common Files and the path leads to "wthx195.dll" that keeps getting quarantined..

 

The IP 112.175.243.12 stays the same (far as I see in the popup message)

 

Domain: navu70zncn74.co.cc (though the prefix will change, only keeping the .co.cc ending)

Port: 50296, 50399, keeps changing

Type: Outbound

c:\windows\system\svchost.exe

 

BIG PS:  THE MB FORUM SEARCH DOES NOT FIND IP ADDRESS TITLED POSTS, SO THERE IS NO WAY TO FIND IF MY IP ISSUE ALREADY EXISTS OR NOT.  PLEASE FIX.

 

Thanks for the hard work you guys do!

Link to post
Share on other sites

Hello rws777and Welcome to Malwarebytes,

 

Briefly I think you are already infected now -

 

IP Address: 112.175.243.12 Resolves to Many infected sites from Korea Telecom. Below are the last 10 submissions to VirusTotal that are detected by one or more antivirus solutions

 

54/56 2014-12-22 17:01:28 7d29220d09c6504251f795b12e8e274b2180b3497f4c5a6ac5c06eb97717521f
54/56 2014-12-22 14:21:32 13e481bb1cb47018c3f3abd12f1e0a51d00656888230db5894091e7cc6cb1f4c
54/56 2014-12-22 14:12:52 1b751d2073e3cfab8b1c088b69a070c941152d0eb8114188c7556958e6d9db2b
48/53 2014-12-22 11:47:22 3571dcc673566dab14f80519d4abb7759732063e92916f1105e3b90d21df38bb
53/56 2014-12-22 10:49:21 bc30a7be1e45afd4ed4f250ad66de1bce9a70f664500f3fb44aa38b8c5f62429
48/55 2014-12-22 07:17:04 875de45c7b5bbf59b3e4090edb3831aacf873ffaa8f8d32cbe33bb7a692dc1a0
49/56 2014-12-22 05:26:53 c92dd4ffedfc77d859009a1012ae208277c860497487f5d83df73c2eabd8b1ed
47/56 2014-12-22 05:18:08 7b977460b056eab90ad70326666d3d1d7e0a6e7c2452f113e6ef0bce650cba0f
39/56 2014-12-21 23:36:17 5127a8c81607d984f13fee1f28bb03b3dd2a53d4c092cb433b9966b9675c2fe8
48/55 2014-12-21 21:45:47 c1ad8f4bf40aefa47b6ee3a2b6ca1bb7148ddb94073f0e2fbdee3e726d97fd98

 

The Red is the ratio of Antivirus / Antimalware companies that detect it as Unwanted or carrying Infections

Note that the result above is just a very brief example, there are hundreds more.

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

 

As an extra "wthx195.dll" resolves to a "widget", hidden or shown on your desktop (this will also be removed)
 

Note that our Free Helpers will be very busy at this time, so please be patient.

 

Thank You.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.