Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is making suspicious connections to a certain website.


  • Please log in to reply
3 replies to this topic

#1 malwaremagnet123

malwaremagnet123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 26 March 2017 - 04:35 PM

Hello, and thank you for volunteering your time to help me. The problem started when I noticed connections to www.mediaforce.com via process hacker a few months ago. The strange thing is that it always appears whenever I start my computer and disappears eventually. In addition the local and network address is showing this website as well. For example, in the process hacker network tab, the programs waterfox, svchost and f.lux are showing the local address as www.mediaforce.com; waterfox is exhibiting it in the remote address as well. I checked my other computer and can confirm this it is only this computer that is acting funny. I had this window 7 64 bit computer close to 5 years and have not gotten malware in a long time.There are many things that I have done to try to fix it. I have scanned with hitmanpro, clamwin, adwcleaner, malwarebyte anti-rootkit and malwarebytes free. I have also tried to block it with window firewall rules and host file. To uninstalling unnecessary programs from the computer. Do you think it is possibly an infection or am I just being paranoid? Thank you.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,882 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:40 PM

Posted 27 March 2017 - 06:36 AM

Welcome to BC...

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 malwaremagnet123

malwaremagnet123
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 27 March 2017 - 10:46 AM

Well it seemed that I have stumbled upon the solution. What had happened was that I deleted all of the entries I had made in the host file and the there was no more weird connections. The local address and remote address returned back to normal. I really like the ccleaner program as it had made a bunch of space available on my hard drive. I really appreciate the help and recommendations you gave. Will you please mark this topic as resolved. Again, thank you.



#4 buddy215

buddy215

  • BC Advisor
  • 12,882 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:40 PM

Posted 27 March 2017 - 11:36 AM

You're welcome...good you fixed the problem. You said it is resolved...that's good enough.

 

You may be interested in taking this step:

 

Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users