Re: windows explorer is remotly connected to an ip address

Try to catch and block the infection with Windows Defender
(http://www.microsoft.com/athome/security/spyware/software/default.mspx).
It should hook spyware calls and you'll be able to block spyware from
executing and registering itself on your machine. To the point, the
good solution for the corporate protection could be the doubling of
Windows Defender installed on local machines and Spyware engine
installed on servers. Here's what we have in our case. The network as a
whole is watched by Spyware protection component from Desktop Authority
(http://www.scriptlogic.com/da) and then we also push Windows Defender
to domain client computers with software deployment feature.
Mr.sedam@xxxxxxxxx wrote:
Hi everyone

I have this problem for some time now and i never found how to get ride
of it.

When i'm looking with netstat I get a strange connection initiated by
explorer. Exlporer is ALWAY connected to 82.98.235.141 on port 80 (2270
on local port)

I see the same connection using avg anti-spyware:
Process Proto Local Address Remote Address State
Explorer TCP 10.10.10.130(2270) 82.98.235.141(80)
Passive Close

I can stop explorer and restart it, so the connection stop, but it will
restart about 5 min later...

I cant understant why explorer is remote connected, and I nevers saw
that on other computer. Note that the ip is always the same, but
sometime (rarely) a get a second connection to 82.98.235.140 (80)

I tried to go on that ip and it's open many spyware page(about 3 or 4)
so dont type it in your web browser to test it hehe. I pass many
anti-spyware program (avg, ewido, smitfraudfix, online scan, bit
defender, esquare, spybot, ad-aware... all of them pass in safe mode)
and I'm alway infected by many trojan. I can remove them, but i got
other one (never the same) about 5 second later.

Hijackthis log is correct, I Mean i know every process showed in the
log, but avg still give me 3 bho i cant remove
xepilb.dll CLSID(4895B28F-75D7-46CD-8EAF-D48E27B0E12B)
qjltfjdp.dll CLSID(3FD6B99C-A275-46ea-8FD1-3D63986E51E4)
vgpgkiqj.dll CLSID(1329CEBF-804A-4E90-9BDB-59EBEB302ED1)
(cant find any info on google)


Here are some of the infection i got and remove, but they come back
often. I know they are common infection:

Logger.VBstat.e
SmithFraud.c
SmithFraud-C.toolbar888
Virtumond
CoolWWWsearch
Searchtoolbarcorp.

I need a clue to remove that crap. As i said i used MANY antivirus and
antispyware tool but i'm alway infected by some knind of trojan
downloader.

Thank you for the help :-)
Sedam

.

Relevant Pages

  • Re: gold underlines on keywords
    ... the gold underlining may very well be a symptom of your spyware ... infection. ... In addition, download CWShredder. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Unable to have a desktop image
    ... > My computer has recently been infected with spyware so my dad bought ... > WinAntivirusPro to remove all spyware. ... WinAntivirusPro is malware. ... You have a variety of the Smitfraud infection. ...
    (microsoft.public.windowsxp.general)
  • Re: Spyware Infection Notice -- NEED HELP
    ... | I use Windows XP Home with Norton Anti-Virus 2005, ... | Beta 1 and Ad-aware 6. ... | spyware over the weekend. ... Windows has stopped popping up "infection" messages and I believe ...
    (microsoft.public.windowsxp.security_admin)
  • Re: "mediaplex" certificate pop up
    ... Mediaplex, a subsidiary of ValueClick, puts tracking cookies on your system. ... Windows Defender and/or Spybot Search & Destroy ... I've run all the spyware software I ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • RE: Spyware Infection Notice -- TRY THIS AS I HAVE THE SAME PROBLM
    ... I have the same problem 'spyware Infected' in black ... To my surprise me too have Norton AV 2005, ... This will stop viruses, and infected files, spywares, adwares & other ... > SPYWARE INFECTION ...
    (microsoft.public.windowsxp.security_admin)