[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Google Chrome accesses an IP on startup, malwarebytes flags as malicious..

Posted on 2013-12-07
6
Medium Priority
?
373 Views
Last Modified: 2013-12-09
On one of my machines – Windows 7 Pro 64 bit svc pack 1. Every time Google Chrome starts malwarebytes Pro blocks access to ip 128.204.198.67 on random ports like 49497, 63718, etc. On a full scan Malwarebytes pro comes up clean. I cannot find anything that is set for an initial page to load and I've tried uninstalling and re-installing Chrome, running tdsskiler, hitman, adwcleaner and it still persists. Should I just ignore it? Thanks!
0
Comment
Question by:Alan_Gould
6 Comments
 

Expert Comment

by:clintonpubliclibrary
ID: 39703290
Sounds like you may have a root kit.   Those programs you described are the common tools I use to remove them. I would assume the computer is compromised. You may just need to format and install a new OS from scratch.

I'm not too familiar with Chrome.  Is there a feature in Chrome that you must have?  Try Fire Fox and install ad block plus and flash block.  Chrome is like having the Eye of Soron installed on your computer.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39703329
128.204.198.67 belongs to "Snel Internet Services B.V. assigned to server #330".  They're located in the Netherlands.
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 1000 total points
ID: 39703336
Alan_Gould--
Put 128.204.198.67 into your HOSTS file.

http://www.mvps.org/winhelp2002/hosts.htm
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 1000 total points
ID: 39703341
ComboFix from Bleeping computer might fix it.  It goes deeper into your system than just about anything else.  http://www.bleepingcomputer.com/download/combofix/
0
 

Author Comment

by:Alan_Gould
ID: 39706926
Combofix came up clean.. ugh I think the hosts file is my best choice.. My guard is up for CryptoLocker
Thanks!
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39707034
Alan_Gould--You are welcome!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question