sicayman

Redirecting... with no browser open.

3 posts in this topic

Having an issue with a computer. Took it in to have it looked at in a store on Friday, got it back for the office on Monday, and by Wednesday we were back with popups and the "Smart Fortress" fake antivirus. I uninstalled that from the program list before looking into it far enough to see that wouldn't work completely.

Our normal Trend Micro didn't detect any of this, so I went onto their website and ran their Fake AV removal. Still got pop-ups on the machine, which the normal Trend Micro detects as malicious and blocks. So then loaded MalwareBytes, ran the computer in safe mode and did the search, and it found a bunch of infected processes. Cleaned those off, but am still getting blocked popups. Now both Trend Micro AND MalwareBytes are showing these blocked addresses, even with Internet Explorer closed. We run in XP here in the office, and I checked the forums to see if there was anything to tell where the "outgoing" link was coming from, and downloaded Tcpview.exe to see if I could find where the problem is originating from.

The closest thing I can tell is that it's a "ping.exe" that's doing it... but there's no name to the process and it seems to remove itself immediately after it's blocked. Exceedingly confused by all of this. Any help would be appreciated.

Share this post


Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.