JoePGM Posted May 6, 2015 ID:960574 Share Posted May 6, 2015 Hello Malwarebyte, I have seek for help from "Malware Removal Help" forum before about Malwarebyte report similar malicious IP. After the clean up task from your advisor, some IP still occur, I'm not sure if they are safe or not, could you please check? Thank you.MBAM.txt Link to post Share on other sites More sharing options...
JoePGM Posted May 6, 2015 Author ID:960575 Share Posted May 6, 2015 Hi Malwarebyte, I have my system cleanup by your advisor few days before but now something come back, these application try to reach an external IP and reports malicious action by Malwarebyte, are they false positive? I have mentioned the similar problem before in my post#6 here:https://forums.malwarebytes.org/index.php?/topic/168043-syswow64-cmdexe-possible-malware-hijack/page-2 Any idea??MBAM.txt Link to post Share on other sites More sharing options...
MysteryFCM Posted May 6, 2015 ID:960628 Share Posted May 6, 2015 It's not an F/P (IPs have been found housing and/or infected with, Upatre). Because the software connecting to these are using P2P tech, this is unfortunately, to be expected (they'll always connect to both good and bad/infected machines). Link to post Share on other sites More sharing options...
JoePGM Posted May 6, 2015 Author ID:960631 Share Posted May 6, 2015 It's not an F/P (IPs have been found housing and/or infected with, Upatre). Because the software connecting to these are using P2P tech, this is unfortunately, to be expected (they'll always connect to both good and bad/infected machines). So am I get infected???? Link to post Share on other sites More sharing options...
JoePGM Posted May 6, 2015 Author ID:960632 Share Posted May 6, 2015 the NZXT CAM is the official software from NZXT which control and monitor and All-in-one watercooling blocks. I download it from NZXT official website. I'm afraid if my system is actually get infected but those virus/malware keeps hiding out, and randomly connect to outer world and show these "malicious IP connection" Is my system safe ? Link to post Share on other sites More sharing options...
MysteryFCM Posted May 6, 2015 ID:960645 Share Posted May 6, 2015 Not likely to be infected, no. It's producing them because it's using P2P tech, and such just happens to be trying to connect to known malicious IPs. In this specific case, you do not need to worry, MBAM is doing its job. Link to post Share on other sites More sharing options...
JoePGM Posted May 6, 2015 Author ID:960649 Share Posted May 6, 2015 thanks for your reply! you make me feel safe! my Malwarebyte reporting the NZXT CAM, Kaspersky and Chrome also get similar malicious action, they are all not any P2P software....(I have attached the MBAM export list showing these events)malwarebyte_log.txtMBAM.txt Link to post Share on other sites More sharing options...
MysteryFCM Posted May 6, 2015 ID:960653 Share Posted May 6, 2015 The Kaspersky detection is because it is intercepting the connection at the same time as MBAM. Chrome on the other hand, is showing an InstallRex presence (not an F/P, nor P2P related). Link to post Share on other sites More sharing options...
JoePGM Posted May 6, 2015 Author ID:960662 Share Posted May 6, 2015 so my system still totally in all-safe and clean? Link to post Share on other sites More sharing options...
MysteryFCM Posted May 6, 2015 ID:960665 Share Posted May 6, 2015 You'll need to remove InstallRex, but otherwise, yes. Link to post Share on other sites More sharing options...
JoePGM Posted May 6, 2015 Author ID:960666 Share Posted May 6, 2015 what is installRex and how to remove? Link to post Share on other sites More sharing options...
JoePGM Posted May 6, 2015 Author ID:960668 Share Posted May 6, 2015 The Chrome problem was happened a weeks before, during this week I have seek for your specialist help, and here I have included a FRST log, do you think my system is clean now?FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted May 6, 2015 Staff ID:960776 Share Posted May 6, 2015 Hello and welcome to malwarebytes Forum. I can assist you in removing the leftovers but this thread will be moved to the malware removal forum. Please do the following: Download attached fixlist.txt file and save it to the Downloads folder NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. FixList.txt NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Link to post Share on other sites More sharing options...
JoePGM Posted May 7, 2015 Author ID:960888 Share Posted May 7, 2015 thanks for help from MysterFCM and CatByte. I just checked the FixList.txt and I see it goint to clean up the XRD manager, that is one of the tools from my monitor calibration software, I think I have to keep that, is it? Please advice, thanks! Link to post Share on other sites More sharing options...
Staff CatByte Posted May 7, 2015 Staff ID:960912 Share Posted May 7, 2015 It's a job file that points to a temp file, likely corruptedplus it's set to clean up all the temp files which is most likely where any leftover malware resides Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 18, 2015 Root Admin ID:963489 Share Posted May 18, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts