windows explorer is remotly connected to an ip address

M

Mr.sedam

Hi everyone

I have this problem for some time now and i never found how to get ride
of it.

When i'm looking with netstat I get a strange connection initiated by
explorer. Exlporer is ALWAY connected to 82.98.235.141 on port 80 (2270
on local port)

I see the same connection using avg anti-spyware:
Process Proto Local Address Remote Address State
Explorer TCP 10.10.10.130(2270) 82.98.235.141(80)
Passive Close

I can stop explorer and restart it, so the connection stop, but it will
restart about 5 min later...

I cant understant why explorer is remote connected, and I nevers saw
that on other computer. Note that the ip is always the same, but
sometime (rarely) a get a second connection to 82.98.235.140 (80)

I tried to go on that ip and it's open many spyware page(about 3 or 4)
so dont type it in your web browser to test it hehe. I pass many
anti-spyware program (avg, ewido, smitfraudfix, online scan, bit
defender, esquare, spybot, ad-aware... all of them pass in safe mode)
and I'm alway infected by many trojan. I can remove them, but i got
other one (never the same) about 5 second later.

Hijackthis log is correct, I Mean i know every process showed in the
log, but avg still give me 3 bho i cant remove
xepilb.dll CLSID(4895B28F-75D7-46CD-8EAF-D48E27B0E12B)
qjltfjdp.dll CLSID(3FD6B99C-A275-46ea-8FD1-3D63986E51E4)
vgpgkiqj.dll CLSID(1329CEBF-804A-4E90-9BDB-59EBEB302ED1)
(cant find any info on google)


Here are some of the infection i got and remove, but they come back
often. I know they are common infection:

Logger.VBstat.e
SmithFraud.c
SmithFraud-C.toolbar888
Virtumond
CoolWWWsearch
Searchtoolbarcorp.

I need a clue to remove that crap. As i said i used MANY antivirus and
antispyware tool but i'm alway infected by some knind of trojan
downloader.

Thank you for the help :)
Sedam
 
M

Malke

Hi everyone

I have this problem for some time now and i never found how to get ride
of it.

When i'm looking with netstat I get a strange connection initiated by
explorer. Exlporer is ALWAY connected to 82.98.235.141 on port 80 (2270
on local port)

I see the same connection using avg anti-spyware:
Process Proto Local Address Remote Address State
Explorer TCP 10.10.10.130(2270) 82.98.235.141(80)
Passive Close

I can stop explorer and restart it, so the connection stop, but it will
restart about 5 min later...

I cant understant why explorer is remote connected, and I nevers saw
that on other computer. Note that the ip is always the same, but
sometime (rarely) a get a second connection to 82.98.235.140 (80)

I tried to go on that ip and it's open many spyware page(about 3 or 4)
so dont type it in your web browser to test it hehe. I pass many
anti-spyware program (avg, ewido, smitfraudfix, online scan, bit
defender, esquare, spybot, ad-aware... all of them pass in safe mode)
and I'm alway infected by many trojan. I can remove them, but i got
other one (never the same) about 5 second later.

Hijackthis log is correct, I Mean i know every process showed in the
log, but avg still give me 3 bho i cant remove
xepilb.dll CLSID(4895B28F-75D7-46CD-8EAF-D48E27B0E12B)
qjltfjdp.dll CLSID(3FD6B99C-A275-46ea-8FD1-3D63986E51E4)
vgpgkiqj.dll CLSID(1329CEBF-804A-4E90-9BDB-59EBEB302ED1)
(cant find any info on google)


Here are some of the infection i got and remove, but they come back
often. I know they are common infection:

Logger.VBstat.e
SmithFraud.c
SmithFraud-C.toolbar888
Virtumond
CoolWWWsearch
Searchtoolbarcorp.

I need a clue to remove that crap. As i said i used MANY antivirus and
antispyware tool but i'm alway infected by some knind of trojan
downloader.
Click to expand...

Go through the preparatory steps here:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Then go through the specific removal steps here:
http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan

If all else fails, run HijackThis and post your log in one of the specialty
forums listed at the first link above (not here, please). I'm sure the
expert analyzers will find the problems for you.

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a professional computer repair
shop (not your local version of BigStoreUSA). The only alternative to going
through the malware removal tediously and systematically, probably with
online help from an HJT forum, and taking the machine to a real
professional is to back up your data and do a clean install of Windows.
It's your call. Please be aware that not all local shops are skilled at
removing malware and even if they are, your computer may be so infested
that Windows will need to be clean-installed. Have all your data backed up
before you take the machine into a shop.

Malke
 
E

ephemeral.strobe

Try to catch and block the infection with Windows Defender
(http://www.microsoft.com/athome/security/spyware/software/default.mspx).
It should hook spyware calls and you'll be able to block spyware from
executing and registering itself on your machine. To the point, the
good solution for the corporate protection could be the doubling of
Windows Defender installed on local machines and Spyware engine
installed on servers. Here's what we have in our case. The network as a
whole is watched by Spyware protection component from Desktop Authority
(http://www.scriptlogic.com/da) and then we also push Windows Defender
to domain client computers with software deployment feature.
 
Top