Forums

Virus & Spyware

Virus & Spyware
Perspectives on PC security, including antivirus, anti-spyware and firewall solutions.

Virus removal I think

This question is not answered

Can someone help me with a virus infected laptop.  It does not seem to be servere. I used my Microsoft Antivirus and malwarebytes and both said they removed it but I still am running slow and Internet Exploxer is still going to different places then I search for. I also now keeping getting a message from malwarebytes every so often usually when going to a web site that says malwarebytes has successfully blocked access to a potentially malicious web site 206.161.121.4  .  It just seems like something is still there doing things. It looks like it did not remove some pieces of this virus.  I tried system restore. Short of doing a reinstall which I rather not do but if that is the only thing. Is there any software out there that wiill remove everything. I know the online support will do it for 120 dollars or more.

2012/03/23 09:17:22 -0400 DOLORES-PC dolores MESSAGE Starting protection
2012/03/23 09:17:28 -0400 DOLORES-PC dolores MESSAGE Protection started successfully
2012/03/23 09:17:31 -0400 DOLORES-PC dolores MESSAGE Starting IP protection
2012/03/23 09:17:33 -0400 DOLORES-PC dolores MESSAGE IP Protection started successfully
2012/03/23 09:22:38 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50490, Process: svchost.exe)
2012/03/23 09:22:46 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50492, Process: svchost.exe)
2012/03/23 09:23:10 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50578, Process: svchost.exe)
2012/03/23 09:29:07 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 51817, Process: svchost.exe)
2012/03/23 09:35:10 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 53190, Process: svchost.exe)
2012/03/23 09:35:26 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 53203, Process: svchost.exe)
2012/03/23 09:35:34 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 53206, Process: svchost.exe)
2012/03/23 09:42:09 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 54259, Process: svchost.exe)
2012/03/23 09:42:49 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 54467, Process: svchost.exe)
2012/03/23 09:47:56 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56095, Process: svchost.exe)
2012/03/23 09:54:06 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 57081, Process: svchost.exe)
2012/03/23 09:59:42 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 58140, Process: svchost.exe)
2012/03/23 10:00:22 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 58286, Process: svchost.exe)
2012/03/23 10:08:25 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 58588, Process: svchost.exe)
2012/03/23 10:10:18 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 58726, Process: svchost.exe)
2012/03/23 10:11:54 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 58828, Process: svchost.exe)
2012/03/23 10:12:27 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 58905, Process: svchost.exe)
2012/03/23 10:14:44 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 59135, Process: svchost.exe)
2012/03/23 10:18:21 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 59364, Process: svchost.exe)
2012/03/23 10:19:58 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 59421, Process: svchost.exe)
2012/03/23 10:20:46 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 59605, Process: svchost.exe)
2012/03/23 10:31:37 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 59645, Process: svchost.exe)
2012/03/23 10:33:05 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 59743, Process: svchost.exe)
2012/03/23 10:54:14 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 59806, Process: svchost.exe)
2012/03/23 10:55:58 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 59823, Process: svchost.exe)
2012/03/23 10:56:07 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 59825, Process: svchost.exe)
2012/03/23 11:01:04 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 59830, Process: svchost.exe)
2012/03/23 11:13:21 -0400 DOLORES-PC dolores IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 59854, Process: svchost.exe)
2012/03/23 11:16:01 -0400 DOLORES-PC dolores IP-BLOCK 89.114.9.97 (Type: outgoing, Port: 59889, Process: svchost.exe)
2012/03/23 11:18:01 -0400 DOLORES-PC dolores IP-BLOCK 89.114.9.97 (Type: outgoing, Port: 59920, Process: svchost.exe)
2012/03/23 11:20:02 -0400 DOLORES-PC dolores IP-BLOCK 89.114.9.96 (Type: outgoing, Port: 59924, Process: svchost.exe)
2012/03/23 11:22:02 -0400 DOLORES-PC dolores IP-BLOCK 89.114.9.96 (Type: outgoing, Port: 60019, Process: svchost.exe)
2012/03/23 11:24:02 -0400 DOLORES-PC dolores IP-BLOCK 89.114.9.98 (Type: outgoing, Port: 60189, Process: svchost.exe)
2012/03/23 11:26:03 -0400 DOLORES-PC (null) IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60269, Process: svchost.exe)
2012/03/23 11:26:03 -0400 DOLORES-PC (null) IP-BLOCK 89.114.9.97 (Type: outgoing, Port: 60284, Process: svchost.exe)
2012/03/23 12:18:08 -0400 DOLORES-PC dolores MESSAGE Starting protection
2012/03/23 12:18:12 -0400 DOLORES-PC dolores MESSAGE Protection started successfully
2012/03/23 12:18:15 -0400 DOLORES-PC dolores MESSAGE Starting IP protection
2012/03/23 12:18:17 -0400 DOLORES-PC dolores MESSAGE IP Protection started successfully

 

Thanks , Tom

All Replies
  • I'm having the same issue Tom.  Any progress?

    I've booted into safe mode, run MalwareBytes, it detects it and says it deleted it, but when I reboot and rerun MalwareBytes, it detects it again, so it obviously isn't being deleted.

    I've been getting messages from MalwareBytes that it's blocking access to 89.114.9.96, which I see in your log above.

    I read somewhere else that people are having luck with Norton Power Eraser.  I'm trying that now.

     

    Please post here if you learn anything more.

     

    Thanks.

    Jeff

     

     

  • (That MBAM is catching/blocking a bad site shows it's doing its job.)

    One-on-one Malware Analysis/Removal is no longer done at the Dell Forums.  

    Please follow the directions at http://spywarehammer.com/simplemachinesforum/index.php?topic=12262.0 to register and post the requested logs at spywarehammer.com ; there are expert helpers there who can "walk you through" procedures to analyze your system, and clean-up the infection.   All help provided there is FREE.   If you decide to go for help there, please wait for a response, and do NOT attempt to run any other scans/removers on your own --- do exactly what they instruct you to do, no more, no less.

    Good luck!

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]