Redirect virus still giving me problems after following the steps in the removal guide
- Thread starter Lucy1
- Start date
- Mar 8, 2013
- 22,627
We will try using this method...
> Re-run zoek with this script and attach here fresh zoek log results.
> Re-run zoek with this script and attach here fresh zoek log results.
Code:
emptyalltemp;
autoclean;
emptyclsid;
shortcutfix;
emptyfolderscheck;delete
netsh int ip reset >> %temp%\log.txt;b
ipconfig /flushdns >> %temp%\log.txt;b
resethosts;
resetIEproxy;- Mar 8, 2013
- 22,627
- Dec 26, 2013
- 18
I paused ad-block, opened a new tab in browser, opened anilinkz site. This is what I got:
I re-start ad-block, reloaded the site page and notifications are gone.
A question here:
Q: Is it normal for an antivirus to give this notification depending on the site you try to access? Like for example, if the site if full of ads and pop-ups?
Thank you again for the help.
So far I have no notifications of TCP port attack (keeping fingers crossed)
I re-start ad-block, reloaded the site page and notifications are gone.
A question here:
Q: Is it normal for an antivirus to give this notification depending on the site you try to access? Like for example, if the site if full of ads and pop-ups?
Thank you again for the help.
So far I have no notifications of TCP port attack (keeping fingers crossed)
Attachments
Last edited:
- Mar 8, 2013
- 22,627
It depends from anti-virus to anti-virus. I remembered that when I was using Eset it also had a lot of similar notifications 
Anyway your PC is clean, no malware.
Anyway your PC is clean, no malware.
- Dec 26, 2013
- 18
So no more virus or malwares in my computer?
Thank you for your help.
It's very much appreciated!.
Anything else I need to do now?
with the tool we used.
Remove Zoek tool or something? o.o
====================
Man, sorry.
You said my computer is clean. But then, why do I keep getting these notifications by Malwarebytes like often and more than once a day:
Today:
2013/12/30 01:38:15 -0430 KARLA-PC Karla M IP-BLOCK 222.186.34.146 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/12/30 01:56:38 -0430 KARLA-PC Karla M IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8000, Process: svchost.exe)
I checked those IPs belong to "Chinanet Jiangsu Province Network" from China. I am nowhere near it.
Q: Why is that IP persistently trying to connect to my computer ports?
Q: How can I prevent that?
Thank you for your help.
It's very much appreciated!.
Anything else I need to do now?
with the tool we used.
Remove Zoek tool or something? o.o
====================
Man, sorry.
You said my computer is clean. But then, why do I keep getting these notifications by Malwarebytes like often and more than once a day:
Today:
2013/12/30 01:38:15 -0430 KARLA-PC Karla M IP-BLOCK 222.186.34.146 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/12/30 01:56:38 -0430 KARLA-PC Karla M IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8000, Process: svchost.exe)
I checked those IPs belong to "Chinanet Jiangsu Province Network" from China. I am nowhere near it.
Q: Why is that IP persistently trying to connect to my computer ports?
Q: How can I prevent that?
Last edited:
- Mar 8, 2013
- 22,627
Does this malwarebytes notifications appear all the time, or only when you browsing the internet?
- Dec 26, 2013
- 18
When I browse the net.
Let's say, I open my browser and try to access a page. At that time i'll get the notification.
For example right now, I opened here the forum page to reply to you and I got this notification:
2013/12/30 05:00:21 -0430 KARLA-PC Karla M IP-BLOCK 60.173.11.238 (Type: incoming, Port: 8080, Process: svchost.exe)
Again, the address belongs to Chinanet Anhui Province Network, China.
All are incoming connections and it happens not only with the forum but other pages as well like facebook and such.
Before we used the zoek tool i got registry of the incoming connection with chrome.exe (this is not happening now). Now, all are incoming connections blocked are to svchost.exe.
If it's not a malware i have in my machine. There is certainly something wrong happening.
Really sorry for all the trouble, I really appreciate the help.
Let's say, I open my browser and try to access a page. At that time i'll get the notification.
For example right now, I opened here the forum page to reply to you and I got this notification:
2013/12/30 05:00:21 -0430 KARLA-PC Karla M IP-BLOCK 60.173.11.238 (Type: incoming, Port: 8080, Process: svchost.exe)
Again, the address belongs to Chinanet Anhui Province Network, China.
All are incoming connections and it happens not only with the forum but other pages as well like facebook and such.
Before we used the zoek tool i got registry of the incoming connection with chrome.exe (this is not happening now). Now, all are incoming connections blocked are to svchost.exe.
If it's not a malware i have in my machine. There is certainly something wrong happening.
Really sorry for all the trouble, I really appreciate the help.
- Mar 8, 2013
- 22,627
It is False Postive detection, there is no malware on your PC
I saw a lot of people has such problem...you can put it in Ignore list. Just right click mbam icon in tray and choose Add to Ignore list.
We're done here
Please download DelFix by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
I saw a lot of people has such problem...you can put it in Ignore list. Just right click mbam icon in tray and choose Add to Ignore list.
We're done here
Please download DelFix by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
Similar threads
- Locked
