Solved

Google Chrome accesses an IP on startup, malwarebytes flags as malicious..

Posted on 2013-12-07
6
362 Views
Last Modified: 2013-12-09
On one of my machines – Windows 7 Pro 64 bit svc pack 1. Every time Google Chrome starts malwarebytes Pro blocks access to ip 128.204.198.67 on random ports like 49497, 63718, etc. On a full scan Malwarebytes pro comes up clean. I cannot find anything that is set for an initial page to load and I've tried uninstalling and re-installing Chrome, running tdsskiler, hitman, adwcleaner and it still persists. Should I just ignore it? Thanks!
0
Comment
Question by:Alan_Gould
6 Comments
 

Expert Comment

by:clintonpubliclibrary
ID: 39703290
Sounds like you may have a root kit.   Those programs you described are the common tools I use to remove them. I would assume the computer is compromised. You may just need to format and install a new OS from scratch.

I'm not too familiar with Chrome.  Is there a feature in Chrome that you must have?  Try Fire Fox and install ad block plus and flash block.  Chrome is like having the Eye of Soron installed on your computer.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39703329
128.204.198.67 belongs to "Snel Internet Services B.V. assigned to server #330".  They're located in the Netherlands.
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 250 total points
ID: 39703336
Alan_Gould--
Put 128.204.198.67 into your HOSTS file.

http://www.mvps.org/winhelp2002/hosts.htm
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39703341
ComboFix from Bleeping computer might fix it.  It goes deeper into your system than just about anything else.  http://www.bleepingcomputer.com/download/combofix/
0
 

Author Comment

by:Alan_Gould
ID: 39706926
Combofix came up clean.. ugh I think the hosts file is my best choice.. My guard is up for CryptoLocker
Thanks!
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39707034
Alan_Gould--You are welcome!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question