Jump to content

malicious website : dispatch.integrate.drivethelife.com

Zayphod

By Zayphod
in Resolved Malware Removal Logs

 Share

Recommended Posts

Zayphod

Zayphod

Posted
Posted

Hi

just started using MalwareBytes - removed malware infection ok  - 

but something is left over which repeatedly ( about 20 or 30 attempts a day ) tries to connect to   dispatch.integrate.drivethelife.com    MalwareBytes repeatedly blocks the outbound connection as Malicious Website

details

IP Address: 13.57.48.181

Port: [50852]

Type: Outbound

File: C:\Windows\SysWOW64\svchost.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reports say MB does not find anything as such but lists all the repeated attempts to make an outbound connection - got 100's now

Is there anything I can to to remove whatever is causing these repeated attempted connections  ?

thanks

Zayphod

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello Zayphod and welcome to Malwarebytes,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin..

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for those logs,

I do not see any obvious malware or infection in either log.. The IP address you listed in your opening reply is to Amazon, the IP checks clean so am not sure why the blocks happen. The URL you also listed checks back clean and is also associated to Amazon..

I see you have Kindle software, can you Uninstall that software and see if the blocks cease.

Thanks,

Kevin...

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello again Zayphod,

Can you navigate to this folder: C:\Program Files (x86)\OSTotoSoft\ConquerorLive if this file is inside double click to run Uninstall.exe Does that run successfully.. If so navigate to and delete this folder if present: C:\Program Files (x86)\OSTotoSoft

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Post logs from FRST in your reply...

Thanks to @shadowwar for help with this issue...

Kevin..

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello Zayphod,

Thanks for the information update, yes monitor your system see what happens... If the blocks do not return we can clean up as follows:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.