Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus? Programs connecting to bad IP


  • This topic is locked This topic is locked
1 reply to this topic

#1 XplodingZ

XplodingZ

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 21 November 2017 - 10:46 AM

Hello all. I accidentally posted this in the wrong section I think, so this is a repost.

 

I am on W10 and I have a problem that is a little beyond me.

 

Long story short, I fell asleep binge watching Spongebob and so my PC was left on all night. When I woke, things were terribly wrong.

 

My connection to the internets on chrome slowed down rapidly then it ceased altogether. My Kaspersky  wouldn't go past 20% in its update. Fortunately I can connect through firefox.

 

However, here is the nasty stuff: svchost.exe, chrome.exe, avp.exe and rarely some other programs that pop up all point to "95.ry.cz" as an address in my resource monitor's network activity screen.

 

I instantly downloaded malwarebytes and did a scan and it found some stuff but nothing major. A Kaspersky scan said I am fine too. My brain thought my internet is hacked. however doing a trace through CMD to google.com works just fine. My DNS is okay.

I flushed my dns and restarted

 

Malwarebytes didnt work. Perhaps Kaspersky is broken. I uninstalled it. I tried to reinstall and guess what.. its trying to download from "95.ry.cz"

 

CCleaner does the same thing. so nothing updates to actually work.

Its as if.. any data my PC asks for is being requested from this "95.ry.cz" except firefox and League of Legends. (Have not tried connecting to anything else, oh The Powder Toy connects fine. )

 

As a note.. this "95.ry.cz" IP address is 185.82.212.95.

 

I proceeded to blocked this IP address using wf.msc. Now chrome doesn't know what an internet connection is. I can connect to kaspersky website on chrome, but no other website. if I google some random search term i get redirected to a fake google site? address is www.google.com.br

 

I hope you guys can help!



BC AdBot (Login to Remove)

 


#2 Al1000

Al1000

  • Global Moderator
  • 7,482 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:37 PM

Posted 21 November 2017 - 01:13 PM

Hi, your other topic is in the correct forum. Please read the forum guidelines at the top of this page, if you haven't already done so.

I'll close this topic to avoid confusion.

Edited by Al1000, 21 November 2017 - 01:14 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users