Jump to content


Photo
- - - - -

Svchost Receiving Many Ecatel IP Connections

IPConnection Ecatel IP address Malware Infection Attack Malicious svchost.exe svchost

  • This topic is locked This topic is locked
14 replies to this topic

#1 Woohookitty

Woohookitty

    New Member

  • Members
  • Pip
  • 8 posts

Posted 28 October 2013 - 08:21 PM

Hi everyone, i'm having a chronic problem with Svchost.exe having connections with random IPs. For the past 3 days now Mbam has been blocking many incoming IP connections under the Svchost process, with all IP addresses coming from Ecatel LTD in the Netherlands (except for 1 attempt yesterday from Harbin, China). I'm seeing these blocked connections about 10 times per day, and they seem to be from different Ecatel IPs each time. The latest IP was 93.174.93.67. All ports targeted were different each time. Also, today after another IP connection block, that same IP ended up invoking my BitDef firewall to prompt for permission for Chrome having an outgoing connection to that same IP few seconds later! I blocked it.

 

Yesterday I disconnected my internet and scanned my pc with MBAM, Bitdefender AV, Malwarebytes Anti-rootkit, TDSSkiller, Kaspersky Virus Removal tool, Microsoft Safety Scanner (msert.exe), Microsoft Malware Removal tool, and all these scans found nothing. Today i scanned using Rkill, Combofix, and Adwcleaner with results attached below.

 

This is a very chronic problem i've had for the past year, with Mbam blocking svchost connections or my former Comodo firewall prompting for svchost connections from random IPs from Brazil, China, Russia, Iceland, and now Ecatel, and each time i run an AV, MBAM, Rkill and Combofix scan it found no malware (except once combofix deleted a worm few months ago). The majority of these were inbound, although many were outbound too. I also reformatted my pc many times in the past few months ( as recently as 4 days ago), because I didn't know what problem is going on, but i don't think the marathon of reformatting is a lasting solution because it'll reoccur again sooner or later.

 

I also tried blocking svchost from having any incoming connections with my firewall, but it only worked for last night. For some reason, right after i made that firewall rule, i couldn't find it in the list of firewall rules... :unsure: 

 

Is there any way I can make this problem stop once and for all? What is it that causes svchost to make these connections? Can i just block svchost altogether from connecting to the web? I would greatly appreciate any help to stop this madness. Thanks  :) 

Attached Files



#2 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,992 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 29 October 2013 - 07:23 AM

Download Zoek.zip from here http://www.hijackthi...220813/zoek.zip and save that zip file to your Desktop.

 

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

Zoeke.jpg

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: [url] http://www.techsuppo...90111.html[/url

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

standardsearch;
autoclean;
emptyclsid;
firefoxlook;
Chromelook;
autoclean;
iedefaults;

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced log in your next reply…..


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#3 Woohookitty

Woohookitty

    New Member

  • Members
  • Pip
  • 8 posts

Posted 30 October 2013 - 01:08 AM

Hi there, i just ran zoek with results attached. Also i would like to note, for 2 days now the blocked IP connections are all fromthe IP listed above, targeting port 21320

Attached Files



#4 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,992 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 30 October 2013 - 04:02 AM

Please download RogueKiller from here:

 

http://www.sur-la-to...RogueKiller.exe  <- 32 bit version

 

http://www.sur-la-to...ueKillerX64.exe  <- 64 bit version

                                     

  • Make sure to get the correct version for your system.

  • Quit all running programs

  • Please disconnect any USB or external drives from the computer before you run this scan!

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe

  • Wait until Prescan has finished...

  • The following EULA will appear, please select accept

     

    RKLicence.png

     

  • Ensure MBR scan, Check faked and AntiRootkit are checked

  • Select Scan

     

    RK1A.png

     

  • When the scan completes select Report, copy and paste that to your reply.

     

    RK2A.png

     

  • The log should be found in RKreport[?].txt on your Desktop

  • Exit/Close RogueKiller


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#5 Woohookitty

Woohookitty

    New Member

  • Members
  • Pip
  • 8 posts

Posted 31 October 2013 - 12:41 AM

Here's the report:
 
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : WL [Admin rights]
Mode : Scan -- Date : 10/31/2013 01:39:09
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD7500BPKT-75PK4T0 +++++
--- User ---
[MBR] 3835b3083c0c127b8a6b07735ad80c8f
[BSP] 16f4024e34566a678ac684a349fe1701 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 439298 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 940857344 | Size: 256000 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10312013_013909.txt >>
RKreport[0]_S_10282013_214302.txt


#6 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,992 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 31 October 2013 - 05:23 AM

RogueKiller log is clean, no DNS entries flagged either. OK do the following:

 

Run Zoek again exactly as you did previously, copy the following script into the text field:

firefoxlook; 
FFdefaults;
Chromelook; 
CHRdefaults;
autoclean; 
iedefaults; 

Select the "Run Script" tab, wait until log is produced, copy to your reply. Let me know if that clears the IP issue..

 

Kevin


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#7 Woohookitty

Woohookitty

    New Member

  • Members
  • Pip
  • 8 posts

Posted 31 October 2013 - 10:16 PM

***UPDATE***:

  • There's aggressive attempts by another Dutch IP 88.208.33.4, from Advancedhosters Limited trying to make my web browser have an outbound connection to this ip thru port 50457, about once/twice per hour, which were blocked by Mbam. (Less but still aggressive) attempts by Dutch IP 141.0.172.225 from Amsterdam ServerStack, once every 1 - 2 hrs, also blocked. 
  • 2 inbound connection attempts by IP 74.118.193.38
  • There's slightly decreased attempts by the Ecatel IP mentioned above trying to make inbound connections under svchost.
  • My Bitdefender AV can no longer update, even upon a manually executed update attempt.

I'll run Zoek in ~1 hr from this post. I'm just wondering, if i had my IP address changed, would these Dutch IP hackers "follow me" to my new address?  



#8 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,992 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 01 November 2013 - 05:19 AM

Post Zoek log when you`re ready. Let me know if the IP issue persists


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#9 Woohookitty

Woohookitty

    New Member

  • Members
  • Pip
  • 8 posts

Posted 03 November 2013 - 02:57 AM

Hi, sorry for the delay in posting. Here's the zoek log.

 

Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by WL on 11/03/13 at  2:36:39.62.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\WL\Desktop\zoek\zoek.exe [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2013-10-30-055647.log 128735 bytes
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [10/17/13 02:03 PM]
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[09/25/13 03:05 PM]
 
Bejeweled - WL - Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
Your Second Phone - WL - Default\Extensions\afgcliennfocnaoenlkmlhoakpaflpgo
BIODIGITAL HUMAN - WL - Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak
Angry Birds - WL - Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Google Docs - WL - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Task Timer - WL - Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif
Lucidchart Diagrams Online - WL - Default\Extensions\apboafhkiegglekeafbckfjldecefkhn
Google Drive - WL - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
TV - WL - Default\Extensions\beobeededemalmllhkmnkinmfembdimh
Desmos Graphing Calculator - WL - Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko
WOT - WL - Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
SKiD Racer - WL - Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno
YouTube - WL - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Bitdefender Wallet - WL - Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl
Last updated at time on date - WL - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Bouncy Mouse - WL - Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb
Yendo Accounting - WL - Default\Extensions\cgllmndceblpkjnakpnceoafddbechmp
Useful Periodic Table - WL - Default\Extensions\chachkegffmilnmdlonllkhkfkakghie
OneTab - WL - Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
Google Search - WL - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
MaskMe - WL - Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg
Gmail Offline - WL - Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk
ZenMate for Google Chrome\u2122 - WL - Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme
Full Screen Weather - WL - Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg
Springpad - WL - Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla
Digital Clock - WL - Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo
Picadilo - WL - Default\Extensions\geljjpapbfokifgnlnpdbiplebdhlein
AdBlock - WL - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Clock - WL - Default\Extensions\hoihofapbdnldlhecnhefifbcddgdkhm
Pixlr Editor - WL - Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk
Concentrate - WL - Default\Extensions\idfmgklhndkcggamadboiaepmohpjhjj
Stealthy - WL - Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje
ButtonBass Xylophone - WL - Default\Extensions\indlkficjfpogfdndmffegpjapkfaeoh
Wave Accounting - WL - Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa
Build with Chrome - WL - Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf
Evernote Web - WL - Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
Planner 5D - WL - Default\Extensions\mcafejemebbngbglfoinpoaannbihjna
ChemReference Periodic Table - WL - Default\Extensions\mjpnebljmdbglkmlnijcaplhfhkhdnib
Google Wallet - WL - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Docs PDFPowerPoint Viewer by Google - WL - Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn
Background Tab - WL - Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic
Tetris 3D - WL - Default\Extensions\pdkeccfoknbfheljdlnicdlbflmfkdpm
Gmail - WL - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
 
==== Reset Google Chrome ======================
 
C:\Users\WL\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\WL\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\WL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\WL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\WL\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\WL\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 11/03/13 at  2:49:11.65 ======================


#10 Woohookitty

Woohookitty

    New Member

  • Members
  • Pip
  • 8 posts

Posted 03 November 2013 - 03:03 AM

From the time my internet connection was fixed Saturday morning, these were the additional IPs that were attempting inbound connections to svchost, atop of the first ecatel ip mentioned in the first post, and some attempted outbound connections from my web browser:

 

*93.174.88.31 port 4921, port 28223

*94.102.49.213 port 19
*222.186.34.28 port 8080
*222.186.42.43 port 1433
*94.102.48.167 port 14075


#11 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,992 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 03 November 2013 - 04:43 AM

OK, run the following:

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwareby.../products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 

  •      

  • Internet access

         

  • Windows Update

         

  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Next,

 

If the logs from MBAR are clean also do this:

 

Go to the following link: http://www.ehow.com/...t-settings.html follow the instructions and reset your router.

 

Next,

 

Please download MiniToolBox, save it to your desktop and run it.

 

Checkmark the following checkboxes:

  • Flush DNS

  • Report IE Proxy Settings

  • Reset IE Proxy Settings

  • Report FF Proxy Settings

  • Reset FF Proxy Settings

  • List content of Hosts

  • List IP configuration

  • List Winsock Entries

  • List last 10 Event Viewer log

  • List Installed Programs

  • List Devices

  • List Users, Partitions and Memory size.

  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#12 Woohookitty

Woohookitty

    New Member

  • Members
  • Pip
  • 8 posts

Posted 06 November 2013 - 11:36 PM

Hi, i'm waiting to change my static IP address, because i contacted my ISP and they told me that they changed my IP address yesterday , yet the IP attacks kept coming! These are the new IPs, along with the Ecatel ones:

  • 46.246.111.54 port 8080
  • 93.174.93.139, 94.102.51.225 port 19
  • 109.230.220.126 port 5060
  • 211.198.225.149 port 21869
  • 222.186.34.31 port 1433
  • 218.7.37.194 port 22

As well, my PC froze twice on the Nov. 5th and 6th , with my input devices disabled, and any text box that i have open (like a web browser address bar, stickynote i'm writing on) would have number 2's being entered continuously non-stop (ie 2222222222222222222...), and i had to power-off the machine abruptly to stop it.

 

I ran MBAM Anti-rootkit and logs attached below (i ran it twice).

 

The ISP tech assistance rep told me that my problem is likely working in a 2 way direction, just like addressed in the previous post, and told me i probably have deeply-hidden malicious code on my pc that's contacting the hacker IPs, and the IPs keep pinging, port-scanning and contacting my machine, and he proposed that i have my PC cleaned or reformatted, and have my IP change simultaneously, to prevent any contact with the malicious IPs whatsoever. However, my IP would change only at times when my IP lease expires (November-07-13 10:41:34 PM New York time, mentioned from my Networking Sharing Center's LAN details), and having my modem disconnected for 4 - 24hrs to release my IP to someone else...

 

I'll make updated posts as soon as i can

 

Attached Files



#13 Woohookitty

Woohookitty

    New Member

  • Members
  • Pip
  • 8 posts

Posted 07 November 2013 - 04:45 AM

I just received this on my stickynote, same type of my pc crashing and having relentless number 2s being entered, however this time i pressed the F1 key then it stopped... this is part of what was entered in the note (enlarged for viewing purposes):

22222222☻22☻2222☻22222222222



#14 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,992 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 07 November 2013 - 05:06 AM

Did you reset the your router, did you run minitoolbox, can I see mini toolbox log


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#15 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 10 November 2013 - 02:01 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.





Also tagged with one or more of these keywords: IPConnection, Ecatel, IP address, Malware, Infection, Attack, Malicious, svchost.exe, svchost

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users