Explorer error on pop up

I have been getting a random pop up that gives me a window with the usual "Internet explorer cannot display webpage" message that comes up when the computer cannot connect to a web site but the browser I'm running doesn't come up with an error. The address it is trying to reach is "http://212.117.161.140" which is followed by a string of numbers and letters. I had run spybot a week ago and found a couple of cookies or something and fixed them. I have fprot antivirus and spybot both of which I run frequently and are automaticly updated. Is this something I should be concerned about? Or can anyone tell me how to eliminate this?

Reply to
Shawn C
Loading thread data ...

you are infected with malware of some description. Check for any unscanned folders/ignore list in your anti virus and spybot. I have found spybot to be generally very good, never used fprot, I would recommend starting your PC in safe mode and running spybot and anti- virus scans, if nothing foudn still, unistall fprot, install avast free edition, start in safe mode again and scan again.

Flamer.

Reply to
die.spam

Shawn C,

Same here on popup and timeframe. Running an XP SP3 box all MS updates current before and still after this happened. Running Spybot and Eset Virus, same on status for updates prior to and after. Ran deep scans in 'Safe Mode', both found nothing, rebooted - popup still there. IE7 current, thought maybe Browser Helper - disabled all, even known good ones. Rebooted - still there. Really don't know that much about ActiveX in IE, can it push a URL?

What worries me is that 212.117.161.140 - hooks to a site in Amsterdam Netherlands. I know it's a problem, I just can seem to figure out what's doing it and other than your post I've found out nothing else.

YoMon

Reply to
yomon

thi sis a known malware issue, try these steps:

1) open msconfig and disable the item called Xxagukedom identified by the file: C:\\WINDOWS\\ofipebeh.dll from starting at boot. Then, you can upload this file for a viruscheck on
formatting link

2) Go to

formatting link
and upload/submit the c:\\windows \\ofipebeh.dll file and post the results.

3) Disable System Restore for now, run Malwarebytes again and let it delete the object. Then navigate to c:\\windows and manually delete the ofipebeh.dll file.

4) Boot in SafeMode

Go into Device Manager | View | Show Hidden Devices

Run Malware Bytes & then your Normal AV Scan.

5) If all else fails try running ComboFix. You can download it here:
formatting link
Flamer.
Reply to
die.spam

Unfortunately, no "..Xxagukedom identified by the file: C:\\WINDOWS\\ofipebeh.dll.." n my unit.

If this is a known malware problem, why so few posts concerning it?? I know my problems started around 13/04/09 and still continues. I still can not figure out where the push to 212.117.161.140 is coming from. I don't have the resources availavle to me to 'watch' what happens with IE as it hits the net or uses support programs. I'm at a loss as to what is really happening. I just know that SpyBot and Eset32, current update versions, can't find anything.

Really like to know what this known malware problem is, cause I have it blocked now -- just like to remove it.

Thanks Flamer for your response!

YoMon

Reply to
yomon

unfortunately I can't be of any more help as I only gave info from what i had googled.

Go to

formatting link
right down to the bottom) to see some advice on the same issue, as they say, this particular malware uses random file names so you may need to just look for anything oddly/suspiciously named.

Flamer.

Reply to
die.spam

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.