cancel
Showing results for 
Search instead for 
Did you mean: 
laomao
Level 7
Report Inappropriate Content
Message 1 of 20

Risky connection after XP antivirus 2012 remove

Merry Christmas to everybody!

My computer just got the xp antivirus 2012 attack two days ago. My Mcafee total protection 2011 did not help when virus attacked. At this time, it was more painful than what I deal with google search redirction virus last time. The virus made my system could not run any exe file. I search the website to get the regedit.com idea to help me to solve exe file problem. Later I used Malwarebytes to figure out the virus file. When I removed them (I also planed to send them to McAfee for virus samples), my Mcafee also pop-up to report it detected these virus files. If McAfee really detected those virus, it was too late. Hope McAfee can improve it.

However, after I recover my system, I started my firefox, McAfee reported the firefox tried to make a potentially risky connection to "83.133.121.xxx 83.133.124.xxx  83.133.125.xxx 27.255.64.111 212.36.9.58 ...". After I closed my firefox, McAfee still continue to report these risky connection.  Does anyone know how to fix these potentally risky connection? Thanks in advance.

19 Replies

Re: Risky connection after XP antivirus 2012 remove

Hi

First off you need to turned the pc off and and login as safe mode please check this link http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/ or visit google for more information, the run McAfee Antivirus full scan, make sure you have updated your McAfee antivirus, after that make sure you quarantined or  remove any virus etc from your system, besides that try with Internet explorer or another browser, check under firefox under network settings and check that you are not using any proxy ot the virus was directing you to  another specific website or ip, please contact McAfee support since they are the best !!

laomao
Level 7
Report Inappropriate Content
Message 3 of 20

Re: Risky connection after XP antivirus 2012 remove

Hi Chriso89,

Thank you for your reply. I have all those steps which you suggested before. I updated McAfee to latest and used McAfee total protection scan my PC twice. NO help. All reported no virus detection. Further support needed to pay.

Now even firefox did not start, McAfee had reported the ping command tried to ping "64.223.106.17" address. But I did not know what caused ping to started. No ping command in regedit run and starup. Do you know what made ping program started? Thanks.

laomao
Level 7
Report Inappropriate Content
Message 4 of 20

Re: Risky connection after XP antivirus 2012 remove

At this time, I do not know how the google search redirect virus came back again. In addition, when I login into my igoogle, it would auto open another tab for testendonline.com in my firefox 9.0. I used both McAfee and Malwarebytes to scan, neither helps. I also tried SuperAntiSpyware and Avg anti-virus 2012, no help also. I do not know which anti-virus software which I should select for 2012. Do you have any good suggestion?   Thanks.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 5 of 20

Re: Risky connection after XP antivirus 2012 remove

None of the major antivirus software will help with this sort of thing.    The best removal guide on the web is here:  http://www.bleepingcomputer.com/virus-removal/remove-xp-antivirus-2012 scroll down the page as the first links you see are advertising.

If nothing helps post a Hijackthis log on one of the specialist forumsfor expert advice as follows:

DOWNLOAD HIJACKTHIS

Do not post Hijackthis logs here, we can't help you with those !

Post the logs at one of these specialist Forums:

AUMHA

BLEEPINGCOMPUTER

MAJOR GEEKS

MALWAREBYTES

MALWARE REMOVAL

SPYWAREHAMMER

SPYWARE INFO

WHATTHETECH

Be sure to read all the sticky announcements/instructions at the top of each malware forum!

laomao
Level 7
Report Inappropriate Content
Message 6 of 20

Re: Risky connection after XP antivirus 2012 remove

Hi Ex_Brit,

Thank you for your information. I have followed the best remove guide. Malwarebytes has reported 0 virus. But my firefox still got the testendonline.com pop up and ping command to ping outside IP which was blocked by McAfee. I may have to post a Hijackthis log on the specialist forums for expert advice.

Re: Risky connection after XP antivirus 2012 remove

Dear laomao,

Kindly Download the Fake alert stinger and perform the full scan if its possible kindly turn off the system restore.

http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/stinger.aspx

laomao
Level 7
Report Inappropriate Content
Message 8 of 20

Re: Risky connection after XP antivirus 2012 remove

Hi Lakshmanans,

I have downloaded the stinger, turned off the system restore,  and performed the full scan, no virus was detected. But my firefox still opened the testendonline.com webpage. Also the ping command was opened by some virus and it continued to ping outside IP after my pc boot up. Any suggestion what can cause this kind issue? Thanks.

Re: Risky connection after XP antivirus 2012 remove

Dear  laomao,

kindly download the CF remover tool from the below said link and perform the full scan if there is infection it will asks for no of reboots after finishing the scan kindly perform full scan with McAfee AV

http://www.mediafire.com/?1ydazytjenn

laomao
Level 7
Report Inappropriate Content
Message 10 of 20

Re: Risky connection after XP antivirus 2012 remove

Hi Lakshmanans,

I have downloaded and tried CF remover tool. It run no more than 5 seconds then it showed "Conficker Not Found". No virus was reported.

Today as I used firefox to download the CF remover tool. Now my firefox was taken over by Virus now. Every time I start to open my firefox and click any link, it would auto open www.internetpayday.co/. And I can not close my firefox too. Now the status became more worse than before. Now McAfee did not report any internet block again.

In addition, I found one virus was hidden under %userprofile%\Application Data\Adobe\Flash Player/aei.exe. One file gvextw6g8lpw1ewy4vnx0n1142a7r was under %userprofile%\Applciation Data\ and %userprofile%\Local Settings\Applciation Data\ . Its property showed it was a system file.

I updated the latest Malwarebytes to 12/30, no help. Now I know the ping was a virus too. As I have remove the ping.exe from \windows\ folder. But it still showed up on processes list.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community