Inactive 213.163.89.104/6 pop ups & win explorer restarts/hangs when right clicked

Status
Not open for further replies.
The IP in the URL you left, IP 199.80.55.19, belongs to:
OrgName: WZ Communications Inc.
OrgID: WZCOM
Address: 110 E.Broward blvd
Address: Suite 1700
City: Fort Lauderdale
StateProv: FL

If you want us to check the system for malware, please follow the steps HERE and leave the logs for our review.

Please describe this :213.163.89.104/6 pop ups - what it looks like and what it says.
 
i still need help..apparently its bck,,Malwarebytes seems to be saying..it blocked intrusion from 213.163.89.106. i followed d steps and i gt kaspersky to scan it was removed...bt apparently i juz the intrusion again. pls help
 
I think you still don't understand the block: IF a security program blocks a site, usually giving an Alert flash saying the site is bad, then it's a good thing. Millions of scan go on daily as normal internet traffic, looking for unprotected systems. Sometime a security program will block a site, sometime it's the firewall.

A Rootkit doesn't get removed in 3 posts. If you want me to review the system, please follow the steps in out Preliminary Virus and Malware Removal thread HEREhttps://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/.

When you have finished, please paste all of the logs in your next reply and I will review them and instruct you accordingly.
 
I cant upload d gmer log as its size is larger then permitted.
 

Attachments

  • mbam-log-2010-05-26 (20-28-09).txt
    894 bytes · Views: 1
  • DDS.txt
    27.8 KB · Views: 2
  • Attach.txt
    20.1 KB · Views: 1
Bumping threads after a few hours is frowned upon.

The GMER log can be split if needed and included over 2 replies. Did you do this?
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system click NO.

Please explain clearly what problems you're having related to malware. Do you understand the difference between a security program, a firewall or a browser blocking an unsafe site?

You are running multiple security programs that double up at least on the antrivirus programs: You should have one software firewall, one antivirus program and 2 or more antimalware programs. Please uninstall the following to get down to this, depending on the versions you have of each and what they contain:
Avira
Eset Smart Security
Zone Alarm


Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

Run Eset NOD32 Online AntiVirus Scanner HERE
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Please leave these new logs in your next reply.

Do not use any other cleaning programs or scans while I am helping you unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Due to inactivity this thread is being closed.

If you need it reopened, please send a message to your helper.
 
Status
Not open for further replies.
Back