Jump to content

Recommended Posts

I just started getting alerts for C:\Windows\SysWOW64\msiexec.exe

And randomn Popping* based accounts: poppingx.com/poppingc.info.

I had ran a full scan last night and removed a few misc items, but I'm still getting these popping alerts every 5 minutes or so.  Is this a false positive?  Why would they be coming from msiexec.exe?

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Scan, 1/13/2015 6:40:28 AM, SYSTEM, KOS, Manual, Start:1/12/2015 5:04:29 PM, Duration:1 hr 43 min 55 sec, Custom Scan, Completed, 3 Malware Detections, 18 Non-Malware Detections, 

Protection, 1/13/2015 8:45:43 AM, SYSTEM, KOS, Protection, Malware Protection, Starting, 

Protection, 1/13/2015 8:45:43 AM, SYSTEM, KOS, Protection, Malware Protection, Started, 

Protection, 1/13/2015 8:45:43 AM, SYSTEM, KOS, Protection, Malicious Website Protection, Starting, 

Protection, 1/13/2015 8:45:43 AM, SYSTEM, KOS, Protection, Malicious Website Protection, Started, 

Detection, 1/13/2015 8:47:01 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 5.149.251.132, poppingx.com, 49617, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 8:47:01 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 5.149.251.132, poppingx.com, 49617, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 8:47:04 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingc.info, 49630, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 8:47:04 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingc.info, 49630, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 8:47:04 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingb.com, 49632, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 8:47:04 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingb.com, 49632, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 8:47:05 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 166.78.144.80, poppingd.info, 49634, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 8:47:05 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 166.78.144.80, poppingd.info, 49634, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 8:53:35 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingb.com, 49738, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 1/13/2015 8:53:48 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingb.com, 49746, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 1/13/2015 8:53:57 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingb.com, 49759, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 1/13/2015 8:56:38 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 5.149.251.132, poppingx.com, 49777, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 8:56:38 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingc.info, 49780, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 8:56:38 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingb.com, 49782, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 8:56:38 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 166.78.144.80, poppingd.info, 49784, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:06:11 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 5.149.251.132, poppingx.com, 50076, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:06:11 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingc.info, 50079, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:06:11 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingb.com, 50081, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:06:12 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 166.78.144.80, poppingd.info, 50083, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:15:44 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 5.149.251.132, poppingx.com, 50540, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:15:45 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingc.info, 50543, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:15:45 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingb.com, 50545, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:15:45 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 166.78.144.80, poppingd.info, 50547, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Update, 1/13/2015 9:16:18 AM, SYSTEM, KOS, Scheduler, Malware Database, 2015.1.12.9, 2015.1.13.10, 

Protection, 1/13/2015 9:16:18 AM, SYSTEM, KOS, Protection, Refresh, Starting, 

Protection, 1/13/2015 9:16:18 AM, SYSTEM, KOS, Protection, Malicious Website Protection, Stopping, 

Protection, 1/13/2015 9:16:19 AM, SYSTEM, KOS, Protection, Malicious Website Protection, Stopped, 

Protection, 1/13/2015 9:16:23 AM, SYSTEM, KOS, Protection, Refresh, Success, 

Protection, 1/13/2015 9:16:23 AM, SYSTEM, KOS, Protection, Malicious Website Protection, Starting, 

Protection, 1/13/2015 9:16:23 AM, SYSTEM, KOS, Protection, Malicious Website Protection, Started, 

Detection, 1/13/2015 9:25:18 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 5.149.251.132, poppingx.com, 50757, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:25:18 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 5.149.251.132, poppingx.com, 50757, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:25:21 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingc.info, 50760, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:25:21 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingc.info, 50760, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:25:21 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingb.com, 50762, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:25:21 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 94.102.53.180, poppingb.com, 50762, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:25:22 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 166.78.144.80, poppingd.info, 50764, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

Detection, 1/13/2015 9:25:22 AM, SYSTEM, KOS, Protection, Malicious Website Protection, IP, 166.78.144.80, poppingd.info, 50764, Outbound, C:\Windows\SysWOW64\msiexec.exe, 

 

(end)

Link to post
Share on other sites

Hello and :welcome: :
 
 
If you think these might be False Positives, then I suggest reporting them in the "Website False Positives" section of the forum >>HERE<<, after reading the pinned topic >>here<<.
 
OTOH, if you think you might be infected (as seems likely), then I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

Thanks,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.