Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe trying to connect to 2-3 different ip's and changing ports


  • Please log in to reply
4 replies to this topic

#1 Midnite

Midnite

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 22 July 2013 - 12:34 AM

I have 3 strange things going on with my PC and would appreciate all the help ... thank you so much ... IN ADVANCE

 

this is driving me NUTS ... first let me say I am a computer tech myself and usually don't have these issues but this one has me and a fellow TECH stumped ...

 

1 - Malwarebytes keeps alerting me of multiple IP addresses trying to connect thru explorer to an outgoing port - there is one MAIN port something that is in the NETHERLANDS supposedly but it tries ever 2-3 minutes sometimes more ... and is rotating PORTS as if its looking to connect any way it can ...

 

2- A very odd thing is happening that started at the start of all this for some reason no matter what program I open ... Word, Photoshop, notepad ETC ETC when I select open to look for a FILE to open I get an open dialog box where I can select what folder to look in but when I do the right side BOX that should show the files in that folder is EMPTY ( however when I browse to the same folders thru my computer and then C drive etc etc all the files are there and open fine ) they just do not appear for me to open thru the OPEN dialog box ... this is first what has me stumped

 

3- I noticed that my cut and paste ( even thru keyboard shortcut Cntrl V etc etc ) is not working ... very strange as well ...

 

If anyone can help resolve this for me I would really appreciate it I will follow all EXP tech help instructions FULLY

 

I have run malwarebytes, Symantec Copr antivirus, Superantispyware, ETC and all come up clean ... which is why I am confused as to how to take care of this ... thanks so much

 

Please see attached MBAM IP block log ...

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 PM

Posted 22 July 2013 - 02:29 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 PM

Posted 25 July 2013 - 03:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 PM

Posted 29 July 2013 - 09:48 AM

This topic has been re-opened at the request of the person who originally posted.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Midnite

Midnite
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 29 July 2013 - 07:40 PM

I have tried the ABOVE in a NEW post but it didn't resolve anything ... if you have any other ideas please help thanks so much






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users