Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - MalwareBytes and explorer.exe outgoing


  • Please log in to reply
1 reply to this topic

#1 JoeVH

JoeVH

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 20 November 2014 - 12:24 PM

A few days ago, Malware Bytes has a pop up declaring it blocked an outgoing process. Here's the log from Malware Bytes today (I've only got tons of these logs, nothing's really changed)

 

2014/11/20 10:38:57 -0600 ACE-PC ace IP-BLOCK 195.42.102.24 (Type: outgoing, Port: 52128, Process: explorer.exe)
2014/11/20 10:47:48 -0600 ACE-PC ace IP-BLOCK 5.149.250.194 (Type: outgoing, Port: 59038, Process: explorer.exe)

 

So I thought, "I have something". 5.149.250.194 is actually flagged on TrendMicro's website as one of the top 10 malicious domains blocked in the past 24 hours.

 

Full scans with MalwareBytes, Avira, Kaspersky, TrendMicro's HouseCall, and Spybot Search and Destroy are not finding anything.

 

If I look in Task Manager, Explorer.exe is running twice. One for the user logged in, and one for the system. The system one continues to grow in size and memory usage until the computer nearly comes to a halt due to 95+% memory usage, and I have to shut it down. It stays away for about 30 seconds, until it resurfaces and Malware Bytes starts popping back up with messages.

 

With all that said, I've attached my log files, and screenshots of my task manager and notifications.

 

Thanks in advance for anyone who can give me some help.

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:34 PM

Posted 22 November 2014 - 11:29 AM

Hi,

 

A malware process is using explorer.exe for communication. Get these if you still need help:

 

Please Download TDSSkiller to your desktop
Start it: Accept the disclaimer
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your root drive, C:)

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

 

Next:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    When the tool opens
When the tool opens click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
 
The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 Lets see what those drag up and we will go from there.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users