Solved Spy/adware on this site?

May 5, 2013 at 13:43:06
Specs: Windows 7
Lately whenever I visit I get a pop-up warning from Malwarebytes saying it blocked access to malicious IP address Is this a false positive? If it is real, why is this site allowing it?

See More: Spy/adware on this site?

Report •

May 5, 2013 at 14:18:17
" If it is real, why is this site allowing it?"

If no one else is getting it, that is telling you, you are probably infected.

1: Download & run Unhide
A introduction as to what this program does.
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt. Let me know if it dosn't produce a log please.

2: Reboot

3: Download Security Check by screen317 from one of the following links and save it to your desktop.
* Unzip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

4: Run RogueKiller
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.

Report •

May 5, 2013 at 14:44:52
✔ Best Answer

Another user reported that same type of error not too long ago. However, I believe it is a false positive on Malwarebytes' end. Is there a place to report it and find out more?


Report •

May 5, 2013 at 16:02:02
I think you're right that this is a false positive. I did some checking and this IP only shows up blacklisted on 2 (out of about 40) malware reporting sites. Maybe there was some bad history that this IP address owner never cleared up.

This warning only shows up when I have the "protection module" enabled in MalwareBytes(PRO) so others using the free version of mwb might not be getting it.

Anyway, thanks for the quick responses and sorry if I created a minor panic.


Report •

Related Solutions

May 5, 2013 at 16:35:02
Does it list which 2 sites blacklisted it?

How To Ask Questions The Smart Way

Report •

May 5, 2013 at 17:14:22

Report •

May 5, 2013 at 18:09:59

That's interesting. Unfortunately, its very difficult to find what domain request is going to that IP. If I knew that, I could track it down. IPVoid has a domain, but I don't think that's the right one. Computing.Net doesn't make any calls to that domain.


Report •

Ask Question