Solved

Malwarebytes Malicious Site Blocked PopUp

Posted on 2014-12-09
11
536 Views
Last Modified: 2014-12-10
I have a system I am working on...

Malwarebytes Malicious Site Blocked / Outbound pop up keeps coming up... port 49583...
  gives a site.. different ones.. search net.blinkxcore.com   Outbound ...

I ran a couple of cleanup utilities...
Malwarebytes
SuperAntiSpyWare
Iobit Malware Fighter
AdwCleaner
Junkware Removal Tool JRT
CCleaner
Eset Nod32 - Ran scan

NONE of these programs are finding anything, accept AdwCleaner did some cleanup

I need help, I don't know what to do from here?

It also is attacking Internet Options - Disables Downloads.. not sure what else, but that is getting turned off...

Hope someone can help.

Thanks!  :-)
0
Comment
Question by:etronics6
11 Comments
 
LVL 4

Expert Comment

by:hulsebosch
Comment Utility
Give Hitmanpro a chance.
It's freeware and contains a coctail of software.
No waranty, but it has helped me out several times.
http://www.surfright.nl/en
0
 
LVL 23

Expert Comment

by:Eirman
Comment Utility
A technicality hulsebosch
Hitmanpro is not freeware - You can get a free one month trial, (and it is really excellent).
0
 
LVL 4

Expert Comment

by:hulsebosch
Comment Utility
Your right Eirman, it has become trial software.
Still, fully functional during this one month period. (which gives you more then enough time to fix the issue)
Thanks for correcting me.
0
 

Author Comment

by:etronics6
Comment Utility
Tried HMPro.. Still popping up

Tried Norton PEraser
Microsoft Malware scanner msert...

Still have popups.. Multiple Outbound websites... Different files in system32 & WOWsys (I think that's the folder)...

Any other suggestions??
0
 
LVL 4

Expert Comment

by:hulsebosch
Comment Utility
You can follow the instructions on this website  :http://malwaretips.com/blogs/remove-adware-popup-ads/
You will find info about pop up adds, but also other malware.

Hope this will help you out.
For, if none of the software mentioned helps, probably something has been installed in a sneeky way.
(These a**holes get better and better in hiding this kind of stuff.)
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:etronics6
Comment Utility
Here is the MalwareBytes graphic of "one of the pop-ups".. but there are many different ones that popup...

Let me know if that helps... any other ideas pleaseeeee :-)

mwb
0
 
LVL 4

Expert Comment

by:hulsebosch
Comment Utility
See if sfc /scannow from the command prompt finds any system files that were tampered with.
Did you try using system restore to put your system files to a state before this issue started?
0
 

Author Comment

by:etronics6
Comment Utility
Hi,

I tried all above..

Do you all agree that there is something (malware) somewhere that I am not getting to?  With this graphic I think there is malware of sorts still in system & NOT CLEAN, right?  Something is embedded in the system...

My client sounds like we will REPLACE system... I think that is the route we will go... If I give back like this.. I feel its still infected somehow that I just can't get... ONLY fix is to without reformat & rebuild... Correct?

Do you guys agree??

Thanks for all your help... please respond your thoughts on above...
0
 
LVL 4

Accepted Solution

by:
hulsebosch earned 500 total points
Comment Utility
one last shot, what would happen when you change the extention for the file ? (regsvr)
Have you tried booting from usb (winpe or Linux) and scan the pc? Some virusses are very good at hiding themselves on a running OS.
Check Kaspersky for bootable software to scan your machine.
0
 

Author Comment

by:etronics6
Comment Utility
its multiple popups with multiple files... not just the regsvr file...

I haven't used those tools before... thanks for all ur help!!  

I appreciate your fast responses too!
0
 
LVL 8

Expert Comment

by:davidanders
Comment Utility
There are google results for the IP Address
https://www.google.com/search?q=88.214.193.212
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I recently found myself in a Corporate Situation where the client had requested blocking access to any and all websites except his own Domain? Easy? I am sure this would be your answer but their requirement was, this has to be done without using…
I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now