Trying to get rid of virus

Topic

New Reply

I continually get a pop-up from Malware Bytes that says that it has “Successfully blocked access to a potentially malicious Website”. The Web address is 185.8.107.66. This, on checking, is identified as a Lithuanian located computer and the virus is further identified as “obession.co.ua/reboot” (correct spelling). The Malware Bytes pop-up contains the further information: “Port 5439 coreservershell.exe”. I have run a full scan with Malware Bytes with the computer fully booted and I have run a full scan with Malware Bytes with the computer in the “Safe Mode”. Neither of these scans (with Malware Bytes) has identified the virus and so has failed to delete it. I am at a loss to understand how the same software can prevent a virus from doing it’s dirty work and then fail to identify it and exorcise it. The bigger and, to me, the more important question is, does anyone know how to get rid of this thing?

Reply | Quote

Replies

It probably blocked the malware from getting on your computer. That’s why it can’t find it when you scan.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

Thank you for the reply. I can’t deny the logic of what you say, on the other hand I have been experiencing this Malware Bytes pop-up every 30 minutes +/_ since at least yesterday. What could I have done to attract such an aggressive (here I am at a loss for words to describe who or whatever is sponsoring this thing). Is this something that others get. You understand that I think repeated attacks are as a result of something on my computer.

Reply | Quote

I forgot to mention in my original post and also in my reply that the Malware Bytes pop-up that keeps showing up has a notation “Type: outgoing”. After that, in the last block by Malware Bytes, was the name of something I had downloaded. I assumed that the meaning of that was that the virus was trying to mine my computer for information that it was attempting to send back to the sponsor. This is what I thought Malware Bytes was preventing.

Reply | Quote

It sounds like someone has your number, and they keep trying to call you. However, the “outgoing” description indicates that perhaps something is on your computer and is trying to phone home.

Perhaps a thorough scan by another antivirus program would reveal something. I use Trend Micro myself. You can download and install the trial version, which is free for 30 days.

Also, you might try scanning with a pre-Windows scanner, that is, it scans before Windows loads, thereby detecting stuff which is buried in Windows. The one I am familiar with is Windows Defender Offline (http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline). Click on the link, and it will walk you through creating a CD with the program on it. You will then boot the computer in question from the CD that you created. It will do a thorough scan. It will take a good while; be patient.

I would go to another computer to create the CD, so that you don’t get an infection on it.

There are better pre-Windows scanners out there, but this is the one I am familiar with, and it is very easy to go through the process.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

Thank you for the reply. I am going to do exactly what you suggest, with the pre-Windows scan. I have already run another antivirus program both ways with no result. I am very excited about the possibility of a pre-windows scan. Thanks again for the reply and the suggestion. I hope you won’t mind if I let you know how it worked out.

Reply | Quote

I hope you do let us know. We always like to know if what we suggest works in the given situation.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

I made a disk on another computer and ran it yesterday. A virus was detected and gotten rid of. I restarted the computer and got the same Malware Bytes Pop-up. I started running it again last night. When I restarted the computer this morning, no viruses were detected and I haven’t seen the Malware Bytes pop-up so far today. I think your suggestion worked and I really appreciate it. Thanks again. Just as I was about to post this reply I got the Malware Bytes pop-up again. Back to the drawing board. Thanks for the help anyway.

Reply | Quote

Try a Clean boot with the exception of Malwarebytes entries:http://support.microsoft.com/kb/929135
see if you still get the popup.

Jerry

Reply | Quote

Thank you for the reply. I went to the site you suggested and read all the instructions preparatory to following them. Just before I did that I decided to try one of the two other antivirus programs that I have installed. I had run them both before with no results. This time neither would work for a variety of reasons. So I decided to download an antivirus program that I used to use, AVG. When I scanned with AVG it found 8 items that it deleted. I have not had that Malware Bytes pop-up since. I am assuming (hoping would be more accurate) that the problem is now solved. I appreciate every ones help. Thank You.

Reply | Quote

Thank you for the reply. I went to the site you suggested and read all the instructions preparatory to following them. Just before I did that I decided to try one of the two other antivirus programs that I have installed. I had run them both before with no results. This time neither would work for a variety of reasons. So I decided to download an antivirus program that I used to use, AVG. When I scanned with AVG it found 8 items that it deleted. I have not had that Malware Bytes pop-up since. I am assuming (hoping would be more accurate) that the problem is now solved. I appreciate every ones help. Thank You.

I use AVG Premium 2014 also that got rid of some Trojans that were causing trouble. So far my computer stays clean 😀
AVG Premium is the same as AVG Internet Security, just with a few extras.
On sale for $19.99 → http://store.downloadcrew.com/?act=search&brand=18

🙂

Reply | Quote

Glad that you got it solved. Only time will tell, but it sounds like you did.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

knowing that it is happening and blocking it
is different from finding out what is making it happen

try downloading all the microsoft stand alone programs to scan for and remove scumware
sometimes alternate AV programs will succeed
none of them is 100%
unfortunately all of them is never 100% either

sometimes a new virus will require a custom search and destroy program
CWS cool web search comes to mind in that category

be happy that it is blocking them
i also have norton and it blocks some phone homes that mbam allows
and vice versa
sometimes the norton blocks good items but i have the option to allow it once/forever anyway
mbam just blocks AFAIK and you have to go into some table to allow it

I continually get a pop-up from Malware Bytes that says that it has “Successfully blocked access to a potentially malicious Website”. The Web address is 185.8.107.66. This, on checking, is identified as a Lithuanian located computer and the virus is further identified as “obession.co.ua/reboot” (correct spelling). The Malware Bytes pop-up contains the further information: “Port 5439 coreservershell.exe”. I have run a full scan with Malware Bytes with the computer fully booted and I have run a full scan with Malware Bytes with the computer in the “Safe Mode”. Neither of these scans (with Malware Bytes) has identified the virus and so has failed to delete it. I am at a loss to understand how the same software can prevent a virus from doing it’s dirty work and then fail to identify it and exorcise it. The bigger and, to me, the more important question is, does anyone know how to get rid of this thing?

Reply | Quote

One place a virus can hide and reload itself after it has been cleaned out is in the System Restore files. When you are clearing out a virus such as you had, shut down System Restore, run your anti-virus programs ( make sure if you have a second drive to set the scanners to full scan both drives) and when all is clean turn System Restore back on and create a restore point .

Reply | Quote

Glad you’re in the clear, Acme. :):

For what it’s worth (I’m not shilling for these guys) I’ve had good luck with a bootable USB malware scanner called FixMeStick:

http://store.fixmestick.com/fixmestick#learnmore

PROS:

1. The device scans at boot — Windows never loads. It’s for this reason, I think, that my inaugural scan with FixMeStick found a couple of trojans that had been hiding on my system for years (am guessing “years,” based on where the bugs were hiding), and which three AV programs and regular scans with Malwarebytes had missed.

2. Any post-disinfection changes to your system are reversible.

3. Free phone support (although I haven’t needed it).

CON:

Cost. The initial outlay ($59.99) buys a year’s worth of unlimited use on three PCs, plus regular malware updates. Thereafter, a renewable yearly subscription is $54.99.

Davefrombc makes an excellent point about shutting down System Restore before cleaning out an infection. I still do that, although I’m thinking FixMeStick might be able to find infections in old System Restore points. Again, Windows isn’t running when FixMeStick is scanning.

I’m a remedial computer user, and so far (knock on wood) FixMeStick has been great.

Reply | Quote

Thank you for the suggestion. By the way, I love the phrase “remedial computer user”. I am whatever comes just before that.

Reply | Quote

If I’m to be honest, Miv, “remedial” is too lofty a term for what I am, but it’s a gentler word than “simpleminded.”

Ah, well. A tip o’ the hat to the simpleminded!

Reply | Quote