Solved

Google Chrome accesses an IP on startup, malwarebytes flags as malicious..

Posted on 2013-12-07
6
355 Views
Last Modified: 2013-12-09
On one of my machines – Windows 7 Pro 64 bit svc pack 1. Every time Google Chrome starts malwarebytes Pro blocks access to ip 128.204.198.67 on random ports like 49497, 63718, etc. On a full scan Malwarebytes pro comes up clean. I cannot find anything that is set for an initial page to load and I've tried uninstalling and re-installing Chrome, running tdsskiler, hitman, adwcleaner and it still persists. Should I just ignore it? Thanks!
0
Comment
Question by:Alan_Gould
6 Comments
 

Expert Comment

by:clintonpubliclibrary
ID: 39703290
Sounds like you may have a root kit.   Those programs you described are the common tools I use to remove them. I would assume the computer is compromised. You may just need to format and install a new OS from scratch.

I'm not too familiar with Chrome.  Is there a feature in Chrome that you must have?  Try Fire Fox and install ad block plus and flash block.  Chrome is like having the Eye of Soron installed on your computer.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39703329
128.204.198.67 belongs to "Snel Internet Services B.V. assigned to server #330".  They're located in the Netherlands.
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 250 total points
ID: 39703336
Alan_Gould--
Put 128.204.198.67 into your HOSTS file.

http://www.mvps.org/winhelp2002/hosts.htm
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39703341
ComboFix from Bleeping computer might fix it.  It goes deeper into your system than just about anything else.  http://www.bleepingcomputer.com/download/combofix/
0
 

Author Comment

by:Alan_Gould
ID: 39706926
Combofix came up clean.. ugh I think the hosts file is my best choice.. My guard is up for CryptoLocker
Thanks!
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39707034
Alan_Gould--You are welcome!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently found myself in a Corporate Situation where the client had requested blocking access to any and all websites except his own Domain? Easy? I am sure this would be your answer but their requirement was, this has to be done without using…
I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now