4 Replies Latest reply on May 15, 2017 11:22 AM by Peacekeeper

    "suspicious incoming network connection blocked"

    qlahtarr

      Hello,

      I'm having a question regarding the "suspicious incoming network connections" that are being blocked by my McAfee firewall every minute, which are coming from the addresses such as 52.42.186.158   (ec2-52-42-186-158.us-west-2.compute.amazonaws.com) using random TCP ports such as 49797.

       

      + once in a while I got the warning from the McAfee that my web browser (firefox)  tried to connect to   someweirdsite.ru .

       

      What started the issue? Lately, I was having a problem with the maleware, had to do the boot-time scan and run malewarebytes to solve the issue. (These maleware programs were defined as PUP's by the McAfee) I attach the logs of scans below.

       

      I would like to ask you how to resolve the issue and if it is a potential threat, how to deal with it?( Currently, McAfee and Malewarebytes nor Stinger or Anti-Rootkit can find any problems. My computer seems to be clear.)

       

      Thanks

        • 1. Re: "suspicious incoming network connection blocked"
          Peacekeeper

          From malwaretps: Picexa is an adware program that is commonly bundled with other free programs that you download off of the Internet.
          Unfortunately, some free downloads do not adequately disclose that other software will also be installed and you may find that you have installed Picexa without your knowledge. Most commonly Picexa is bundled within the installers from Cnet, Softonic or other similar custom third-party installers.

          You should always pay attention when installing software because often, a software installer includes optional installs, such as this Picexa adware. Be very careful what you agree to install.

          From Enigmasoftware :The Chroomium Browser is a fake version of Google Chrome. The purpose of the Chroomium Browser is to make computer users believe that they are using Google Chrome instead of this fake Web browser. Computer users will be prompted to enter their password information in a fake 'password manager' Web page continually. The Chroomium Browser takes over a computer silently, replacing all instances of Google Chrome with its own shortcuts and links. However, Google Chrome will not be uninstalled; it will simply not launch as the default Web browser when computer users try to load a Web page. PC security analysts have encountered numerous fake versions of the Google Chrome Web browser, which use this tactic that may be associated with bogus 'unzipper' applications supposedly designed to manage ZIP and RAR files, fake PDF managers and similar low-quality apps.

          So you feel they have been removed?

          Re amazon have you used them and signed up or stay logged in. usually one gets hunfreds of these attempted connections a day but i rarely see any popup about them.

           

          Re the weird site warning sounds as if you still have something present. try some of the free scanners here that you have not tried already and clear all temp files both internet and windows.

          • 2. Re: "suspicious incoming network connection blocked"
            qlahtarr

            Thanks for the answer. I tried Stinger and Rootkit Remover. Both of them found nothing. However, when I ran the AdwCleaner it found malicious software and registry keys. Currently, I'm testing other software mentionened in the thread. I can upload the hijackthis log. If you could have a look into the content of the file, I would be grateful.

            • 4. Re: "suspicious incoming network connection blocked"
              Peacekeeper

              Just letting you know we here do not have experience in analysing hijackthis logs you need to submit them to one of the sites mentioned. Same with that zip file you posted.