Solved

Malwarebytes Malicious Site Blocked PopUp

Posted on 2014-12-09
11
549 Views
Last Modified: 2014-12-10
I have a system I am working on...

Malwarebytes Malicious Site Blocked / Outbound pop up keeps coming up... port 49583...
  gives a site.. different ones.. search net.blinkxcore.com   Outbound ...

I ran a couple of cleanup utilities...
Malwarebytes
SuperAntiSpyWare
Iobit Malware Fighter
AdwCleaner
Junkware Removal Tool JRT
CCleaner
Eset Nod32 - Ran scan

NONE of these programs are finding anything, accept AdwCleaner did some cleanup

I need help, I don't know what to do from here?

It also is attacking Internet Options - Disables Downloads.. not sure what else, but that is getting turned off...

Hope someone can help.

Thanks!  :-)
0
Comment
Question by:etronics6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 4

Expert Comment

by:hulsebosch
ID: 40488355
Give Hitmanpro a chance.
It's freeware and contains a coctail of software.
No waranty, but it has helped me out several times.
http://www.surfright.nl/en
0
 
LVL 23

Expert Comment

by:Eirman
ID: 40488527
A technicality hulsebosch
Hitmanpro is not freeware - You can get a free one month trial, (and it is really excellent).
0
 
LVL 4

Expert Comment

by:hulsebosch
ID: 40488606
Your right Eirman, it has become trial software.
Still, fully functional during this one month period. (which gives you more then enough time to fix the issue)
Thanks for correcting me.
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 

Author Comment

by:etronics6
ID: 40489171
Tried HMPro.. Still popping up

Tried Norton PEraser
Microsoft Malware scanner msert...

Still have popups.. Multiple Outbound websites... Different files in system32 & WOWsys (I think that's the folder)...

Any other suggestions??
0
 
LVL 4

Expert Comment

by:hulsebosch
ID: 40490112
You can follow the instructions on this website  :http://malwaretips.com/blogs/remove-adware-popup-ads/
You will find info about pop up adds, but also other malware.

Hope this will help you out.
For, if none of the software mentioned helps, probably something has been installed in a sneeky way.
(These a**holes get better and better in hiding this kind of stuff.)
0
 

Author Comment

by:etronics6
ID: 40490538
Here is the MalwareBytes graphic of "one of the pop-ups".. but there are many different ones that popup...

Let me know if that helps... any other ideas pleaseeeee :-)

mwb
0
 
LVL 4

Expert Comment

by:hulsebosch
ID: 40490572
See if sfc /scannow from the command prompt finds any system files that were tampered with.
Did you try using system restore to put your system files to a state before this issue started?
0
 

Author Comment

by:etronics6
ID: 40491570
Hi,

I tried all above..

Do you all agree that there is something (malware) somewhere that I am not getting to?  With this graphic I think there is malware of sorts still in system & NOT CLEAN, right?  Something is embedded in the system...

My client sounds like we will REPLACE system... I think that is the route we will go... If I give back like this.. I feel its still infected somehow that I just can't get... ONLY fix is to without reformat & rebuild... Correct?

Do you guys agree??

Thanks for all your help... please respond your thoughts on above...
0
 
LVL 4

Accepted Solution

by:
hulsebosch earned 500 total points
ID: 40491693
one last shot, what would happen when you change the extention for the file ? (regsvr)
Have you tried booting from usb (winpe or Linux) and scan the pc? Some virusses are very good at hiding themselves on a running OS.
Check Kaspersky for bootable software to scan your machine.
0
 

Author Comment

by:etronics6
ID: 40491778
its multiple popups with multiple files... not just the regsvr file...

I haven't used those tools before... thanks for all ur help!!  

I appreciate your fast responses too!
0
 
LVL 9

Expert Comment

by:davidanders
ID: 40493128
There are google results for the IP Address
https://www.google.com/search?q=88.214.193.212
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question