Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Star Lounger
    Join Date
    Jul 2011
    Posts
    57
    Thanks
    13
    Thanked 1 Time in 1 Post

    Trying to get rid of virus

    I continually get a pop-up from Malware Bytes that says that it has "Successfully blocked access to a potentially malicious Website". The Web address is 185.8.107.66. This, on checking, is identified as a Lithuanian located computer and the virus is further identified as "obession.co.ua/reboot" (correct spelling). The Malware Bytes pop-up contains the further information: "Port 5439 coreservershell.exe". I have run a full scan with Malware Bytes with the computer fully booted and I have run a full scan with Malware Bytes with the computer in the "Safe Mode". Neither of these scans (with Malware Bytes) has identified the virus and so has failed to delete it. I am at a loss to understand how the same software can prevent a virus from doing it's dirty work and then fail to identify it and exorcise it. The bigger and, to me, the more important question is, does anyone know how to get rid of this thing?

  2. #2
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,187
    Thanks
    210
    Thanked 213 Times in 205 Posts
    It probably blocked the malware from getting on your computer. That's why it can't find it when you scan.

  3. #3
    Star Lounger
    Join Date
    Jul 2011
    Posts
    57
    Thanks
    13
    Thanked 1 Time in 1 Post
    Thank you for the reply. I can't deny the logic of what you say, on the other hand I have been experiencing this Malware Bytes pop-up every 30 minutes +/_ since at least yesterday. What could I have done to attract such an aggressive (here I am at a loss for words to describe who or whatever is sponsoring this thing). Is this something that others get. You understand that I think repeated attacks are as a result of something on my computer.

  4. #4
    Star Lounger
    Join Date
    Jul 2011
    Posts
    57
    Thanks
    13
    Thanked 1 Time in 1 Post
    I forgot to mention in my original post and also in my reply that the Malware Bytes pop-up that keeps showing up has a notation "Type: outgoing". After that, in the last block by Malware Bytes, was the name of something I had downloaded. I assumed that the meaning of that was that the virus was trying to mine my computer for information that it was attempting to send back to the sponsor. This is what I thought Malware Bytes was preventing.

  5. #5
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,187
    Thanks
    210
    Thanked 213 Times in 205 Posts
    It sounds like someone has your number, and they keep trying to call you. However, the "outgoing" description indicates that perhaps something is on your computer and is trying to phone home.

    Perhaps a thorough scan by another antivirus program would reveal something. I use Trend Micro myself. You can download and install the trial version, which is free for 30 days.

    Also, you might try scanning with a pre-Windows scanner, that is, it scans before Windows loads, thereby detecting stuff which is buried in Windows. The one I am familiar with is Windows Defender Offline (http://windows.microsoft.com/en-us/w...fender-offline). Click on the link, and it will walk you through creating a CD with the program on it. You will then boot the computer in question from the CD that you created. It will do a thorough scan. It will take a good while; be patient.

    I would go to another computer to create the CD, so that you don't get an infection on it.

    There are better pre-Windows scanners out there, but this is the one I am familiar with, and it is very easy to go through the process.

  6. The Following User Says Thank You to mrjimphelps For This Useful Post:

    d1940z (2014-01-30)

  7. #6
    Star Lounger
    Join Date
    Jul 2011
    Posts
    57
    Thanks
    13
    Thanked 1 Time in 1 Post
    Thank you for the reply. I am going to do exactly what you suggest, with the pre-Windows scan. I have already run another antivirus program both ways with no result. I am very excited about the possibility of a pre-windows scan. Thanks again for the reply and the suggestion. I hope you won't mind if I let you know how it worked out.

  8. #7
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,187
    Thanks
    210
    Thanked 213 Times in 205 Posts
    I hope you do let us know. We always like to know if what we suggest works in the given situation.

  9. #8
    Star Lounger
    Join Date
    Jul 2011
    Posts
    57
    Thanks
    13
    Thanked 1 Time in 1 Post
    I made a disk on another computer and ran it yesterday. A virus was detected and gotten rid of. I restarted the computer and got the same Malware Bytes Pop-up. I started running it again last night. When I restarted the computer this morning, no viruses were detected and I haven't seen the Malware Bytes pop-up so far today. I think your suggestion worked and I really appreciate it. Thanks again. Just as I was about to post this reply I got the Malware Bytes pop-up again. Back to the drawing board. Thanks for the help anyway.

  10. #9
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,986
    Thanks
    71
    Thanked 573 Times in 519 Posts
    Try a Clean boot with the exception of Malwarebytes entries:http://support.microsoft.com/kb/929135
    see if you still get the popup.

    Jerry

  11. #10
    Star Lounger
    Join Date
    Jul 2011
    Posts
    57
    Thanks
    13
    Thanked 1 Time in 1 Post
    Thank you for the reply. I went to the site you suggested and read all the instructions preparatory to following them. Just before I did that I decided to try one of the two other antivirus programs that I have installed. I had run them both before with no results. This time neither would work for a variety of reasons. So I decided to download an antivirus program that I used to use, AVG. When I scanned with AVG it found 8 items that it deleted. I have not had that Malware Bytes pop-up since. I am assuming (hoping would be more accurate) that the problem is now solved. I appreciate every ones help. Thank You.

  12. The Following User Says Thank You to Miv For This Useful Post:

    speedball (2014-01-30)

  13. #11
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,187
    Thanks
    210
    Thanked 213 Times in 205 Posts
    Glad that you got it solved. Only time will tell, but it sounds like you did.

  14. #12
    4 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    519
    Thanks
    76
    Thanked 6 Times in 6 Posts
    knowing that it is happening and blocking it
    is different from finding out what is making it happen

    try downloading all the microsoft stand alone programs to scan for and remove scumware
    sometimes alternate AV programs will succeed
    none of them is 100%
    unfortunately all of them is never 100% either

    sometimes a new virus will require a custom search and destroy program
    CWS cool web search comes to mind in that category

    be happy that it is blocking them
    i also have norton and it blocks some phone homes that mbam allows
    and vice versa
    sometimes the norton blocks good items but i have the option to allow it once/forever anyway
    mbam just blocks AFAIK and you have to go into some table to allow it



    Quote Originally Posted by Miv View Post
    I continually get a pop-up from Malware Bytes that says that it has "Successfully blocked access to a potentially malicious Website". The Web address is 185.8.107.66. This, on checking, is identified as a Lithuanian located computer and the virus is further identified as "obession.co.ua/reboot" (correct spelling). The Malware Bytes pop-up contains the further information: "Port 5439 coreservershell.exe". I have run a full scan with Malware Bytes with the computer fully booted and I have run a full scan with Malware Bytes with the computer in the "Safe Mode". Neither of these scans (with Malware Bytes) has identified the virus and so has failed to delete it. I am at a loss to understand how the same software can prevent a virus from doing it's dirty work and then fail to identify it and exorcise it. The bigger and, to me, the more important question is, does anyone know how to get rid of this thing?

  15. #13
    New Lounger
    Join Date
    Dec 2009
    Location
    Mission, BC, Canada
    Posts
    6
    Thanks
    2
    Thanked 4 Times in 4 Posts
    One place a virus can hide and reload itself after it has been cleaned out is in the System Restore files. When you are clearing out a virus such as you had, shut down System Restore, run your anti-virus programs ( make sure if you have a second drive to set the scanners to full scan both drives) and when all is clean turn System Restore back on and create a restore point .

  16. The Following User Says Thank You to davefrombc For This Useful Post:

    mrjimphelps (2014-01-30)

  17. #14
    New Lounger
    Join Date
    Aug 2012
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Thumbs up Avg

    Quote Originally Posted by Miv View Post
    Thank you for the reply. I went to the site you suggested and read all the instructions preparatory to following them. Just before I did that I decided to try one of the two other antivirus programs that I have installed. I had run them both before with no results. This time neither would work for a variety of reasons. So I decided to download an antivirus program that I used to use, AVG. When I scanned with AVG it found 8 items that it deleted. I have not had that Malware Bytes pop-up since. I am assuming (hoping would be more accurate) that the problem is now solved. I appreciate every ones help. Thank You.




    I use AVG Premium 2014 also that got rid of some Trojans that were causing trouble. So far my computer stays clean
    AVG Premium is the same as AVG Internet Security, just with a few extras.
    On sale for $19.99 → http://store.downloadcrew.com/?act=search&brand=18




  18. #15
    Lounger
    Join Date
    Dec 2009
    Location
    New York, NY, USA
    Posts
    46
    Thanks
    19
    Thanked 1 Time in 1 Post
    Glad you're in the clear, Acme.

    For what it's worth (I'm not shilling for these guys) I've had good luck with a bootable USB malware scanner called FixMeStick:

    http://store.fixmestick.com/fixmestick#learnmore

    PROS:

    1. The device scans at boot -- Windows never loads. It's for this reason, I think, that my inaugural scan with FixMeStick found a couple of trojans that had been hiding on my system for years (am guessing "years," based on where the bugs were hiding), and which three AV programs and regular scans with Malwarebytes had missed.

    2. Any post-disinfection changes to your system are reversible.

    3. Free phone support (although I haven't needed it).

    CON:

    Cost. The initial outlay ($59.99) buys a year's worth of unlimited use on three PCs, plus regular malware updates. Thereafter, a renewable yearly subscription is $54.99.

    Davefrombc makes an excellent point about shutting down System Restore before cleaning out an infection. I still do that, although I'm thinking FixMeStick might be able to find infections in old System Restore points. Again, Windows isn't running when FixMeStick is scanning.

    I'm a remedial computer user, and so far (knock on wood) FixMeStick has been great.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •