Adlice forum

Software feedback => RogueKiller => Topic started by: arcolino1 on September 05, 2014, 06:09:40 AM

Title: unloaded \suspicious path 4916 explorer.exe reboot run roguekiller same message
Post by: arcolino1 on September 05, 2014, 06:09:40 AM

roguekiller in the processes tab says:
unloaded \suspicious path 4916 explorer.exe \c:\programdata\microsoft\bingdesktop\bingcore\bingdesktopcore.dll
unloaded \suspicious path 4916 explorer.exe \c:\programdata\microsoft\bingdesktop\bingcore\bingdesktopoverlays.dll
I press scan
then delete it says the same thing.
unloaded \suspicious path 4916 explorer.exe \c:\programdata\microsoft\bingdesktop\bingcore\bingdesktopcore.dll
unloaded \suspicious path 4916 explorer.exe \c:\programdata\microsoft\bingdesktop\bingcore\bingdesktopoverlays.dll
I reboot malwarebytes pops up 10x with this message.

malicious website blocked
ip 178.152.2.83
port (various)
outbound
process c:\windows\explorer.exe

I ran roguekiller and combofix reboot malwarebytes pops up 10x with same message. I posted on malwarebytes forum as well as here hopefully to get a fix to this. it seems to me something is on my machine that is trying to send information to ip 178.152.2.83 and trying different ports to send the information.

I checked my machine it does not seem that I have bingdesktop installed, I checked add/remove and windows update I did not find it, when I try to delete the folder it says in use. how can I get rid of it once and for all? please help.

Title: Re: unloaded \suspicious path 4916 explorer.exe reboot run roguekiller same message
Post by: Tigzy on September 09, 2014, 08:26:48 AM

Hello
Sounds not good.
178.152.2.83 is in Qatar.

Can you please send the full RogueKiller report (txt).
Can you also do a scan with Malwarebytes?