Link to home
Start Free TrialLog in
Avatar of Alan_Gould
Alan_Gould

asked on

Google Chrome accesses an IP on startup, malwarebytes flags as malicious..

On one of my machines – Windows 7 Pro 64 bit svc pack 1. Every time Google Chrome starts malwarebytes Pro blocks access to ip 128.204.198.67 on random ports like 49497, 63718, etc. On a full scan Malwarebytes pro comes up clean. I cannot find anything that is set for an initial page to load and I've tried uninstalling and re-installing Chrome, running tdsskiler, hitman, adwcleaner and it still persists. Should I just ignore it? Thanks!
Avatar of clintonpubliclibrary
clintonpubliclibrary
Sounds like you may have a root kit.   Those programs you described are the common tools I use to remove them. I would assume the computer is compromised. You may just need to format and install a new OS from scratch.

I'm not too familiar with Chrome.  Is there a feature in Chrome that you must have?  Try Fire Fox and install ad block plus and flash block.  Chrome is like having the Eye of Soron installed on your computer.
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image
128.204.198.67 belongs to "Snel Internet Services B.V. assigned to server #330".  They're located in the Netherlands.
ASKER CERTIFIED SOLUTION
Avatar of jcimarron
jcimarron
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Alan_Gould
Alan_Gould

ASKER

Combofix came up clean.. ugh I think the hosts file is my best choice.. My guard is up for CryptoLocker
Thanks!
Avatar of jcimarron
jcimarron
Flag of United States of America image
Alan_Gould--You are welcome!