Author Topic: unloaded \suspicious path 4916 explorer.exe reboot run roguekiller same message  (Read 4595 times)

0 Members and 1 Guest are viewing this topic.

September 05, 2014, 06:09:40 AM

arcolino1

  • Guest
roguekiller in the processes tab says:
unloaded \suspicious path 4916 explorer.exe \c:\programdata\microsoft\bingdesktop\bingcore\bingdesktopcore.dll
unloaded \suspicious path 4916 explorer.exe \c:\programdata\microsoft\bingdesktop\bingcore\bingdesktopoverlays.dll
I press scan
then delete it says the same thing.
unloaded \suspicious path 4916 explorer.exe \c:\programdata\microsoft\bingdesktop\bingcore\bingdesktopcore.dll
unloaded \suspicious path 4916 explorer.exe \c:\programdata\microsoft\bingdesktop\bingcore\bingdesktopoverlays.dll
I reboot malwarebytes pops up 10x with this message.

malicious website blocked
ip 178.152.2.83
port (various)
outbound
process c:\windows\explorer.exe

I ran roguekiller and combofix reboot malwarebytes pops up 10x with same message. I posted on malwarebytes forum as well as here hopefully to get a fix to this. it seems to me something is on my machine that is trying to send information to ip 178.152.2.83 and trying different ports to send the information.

I checked my machine it does not seem that I have bingdesktop installed, I checked add/remove and windows update I did not find it, when I try to delete the folder it says in use. how can I get rid of it once and for all? please help.

Reply #1September 09, 2014, 08:26:48 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 956
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Hello
Sounds not good.
178.152.2.83 is in Qatar.

Can you please send the full RogueKiller report (txt).
Can you also do a scan with Malwarebytes?