svchost.exe connection on to rogue IP:

Discussion in 'Virus Information' started by faifuhi, May 22, 2010.

  1. faifuhi

    faifuhi Guest

    Hi,

    I have windows 7 on one of my machines, and I ran TCPView (Sysinternals
    and it's showing svchost.exe always connected to the following I
    Addresses:

    91.212.198.188
    91.212.226.33

    I have attached a pic of it. Am i infected with a virus??
    http://img684.imageshack.us/img684/8135/inspect1.jp
     
    faifuhi, May 22, 2010
    #1
    1. Advertisements

  2. From: "faifuhi" <>

    | Hi,

    | I have windows 7 on one of my machines, and I ran TCPView (Sysinternals) and it's
    | showing svchost.exe always connected to the following IP Addresses:

    | 91.212.198.188
    | 91.212.226.33

    | I have attached a pic of it. Am i infected with a virus??

    Maybe not a virus but a trojan.

    Download, install, update and then execute, Malwarebytes' Anti-Malware
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
     
    David H. Lipman, May 22, 2010
    #2
    1. Advertisements

  3. faifuhi

    Dean Garrett Guest

    I have an infected Win XP/Pro PC with something called "Antispyware Soft".
    This malware takes over all parts of the computer: can't browse any site
    other than the one the virus directs to, can't open a DOS box, can't run
    REGEDIT ...

    My question is about MS Security Essentials. I have it loaded on the PC, but
    it DID NOT detect the virus as it infected the computer. If I run a full
    scan, will SE find and eradicate this malware? SE has downloaded the most
    recent updates.

    If SE can't handle this malware, what will?

    Please help!
     
    Dean Garrett, May 22, 2010
    #3
  4. From: "Dean Garrett" <>

    | I have an infected Win XP/Pro PC with something called "Antispyware Soft".
    | This malware takes over all parts of the computer: can't browse any site
    | other than the one the virus directs to, can't open a DOS box, can't run
    | REGEDIT ...

    | My question is about MS Security Essentials. I have it loaded on the PC, but
    | it DID NOT detect the virus as it infected the computer. If I run a full
    | scan, will SE find and eradicate this malware? SE has downloaded the most
    | recent updates.

    | If SE can't handle this malware, what will?

    | Please help!


    Somhow you seem to have attached to another's thread.

    Please read..
    http://forums.malwarebytes.org/index.php?s=e6d22df65e8dec2eae351875ecb2b04f&showtopic=49527

    Download, install, update and then execute, Malwarebytes' Anti-Malware
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
     
    David H. Lipman, May 23, 2010
    #4
  5. This is typical rogue security scareware behavior. Not a virus really,
    you should have stuck to calling it just "malware".
    Any "solution" you use will occasionally miss some - especially any
    *new* ones.
    (some are more prone to false (+/-) than others are)
    If it missed it coming in, there's a good chance it will miss it when
    full scan is selected.
    I hear both "Malwarebytes' Anti-Malware" and "SUPERAntiSpyware" often
    recommended.

    IMO "bleepingcomputer.com" has been doing a great job trying to stay
    current with regard to these pests, sometimes HJT or ComboFix data
    analysis is the recommended way to fix a problem. Search for your
    specific annoying application.
     
    FromTheRafters, May 23, 2010
    #5
  6. faifuhi

    Johnw Guest

    faifuhi brought next idea :
    91.212.198.188
    http://www.google.com.au/#hl=en&q=91.212.198.188&aq=&aqi=&aql=&oq=&gs_rfai=&fp=6bfef12aefe0ce81
    http://www.malwareurl.com/listing.php?domain=makomset.com
    http://www.threatexpert.com/report.aspx?md5=a9e614f24b1b89f74116156b506a94c5
    7 domain were found on 91.212.198.188

    einrock.com 91.212.198.188 Malware URLs

    makomset.com 91.212.198.188 Malware URLs

    zemla-50.info 91.212.198.188 Malware URLs

    geo95.com 91.212.198.188 Trojan

    lctk.biz 91.212.198.188 Backdoor Syrutrk

    igs-ch.com 91.212.198.188 Worm

    geo555.com 91.212.198.188 Worm

    Use the tools already mentioned in this post.
     
    Johnw, May 23, 2010
    #6
  7. faifuhi

    Johnw Guest

    Dean Garrett used his keyboard to write :
    Antispyware Soft

    http://www.google.com.au/#hl=en&source=hp&q=Antispyware+Soft&btnG=Google+Search&aq=f&aqi=&aql=&oq=&gs_rfai=&fp=8ef692b29ab1643e

    http://www.myantispyware.com/2010/04/15/how-to-remove-antispyware-soft-uninstall-instructions/

    http://www.2-spyware.com/remove-antispyware-soft.html
     
    Johnw, May 24, 2010
    #7
  8. I googled "bleeping antispyware soft" without the quotes and got this:

    http://www.bleepingcomputer.com/virus-removal/remove-antispyware-soft
     
    FromTheRafters, May 24, 2010
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.