Outgoing IP connection blocked 2

[licarse]

Hi,

One computer in my LAN started to get notifications from malwarebytes, saying IP 93.158.114.37 (outgoing) is blocked. The user can't install software, and he doesn't visit porn/games/etc. sites. I've run a full scan from SEP and Malwarebytes and there doesn't seem to be an infection.

I've also used TCPView and found that this only happens -randomly- when he's using IE. There are no suspicious add-ons also.

I used HJT and found two suspicious things. I can't post the whole log here but these two are the ones that call my attention:

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-CQJ7A.exe" /REG /REGSVRMODE

Any ideas/suggestions?

 

[goombawaho]

I thought there was a "no brainer" automatic setting for RADIX. Post what you got it you want to.

The idea of making an entry in the hosts file is a good one, though not a cure, it will keep the little bugger from phoning home.

Unknown is whether it might change the IP address it tries to contact, so I wouldn't let it go at that.

 

[licarse]

Hi,

There you go. It seems Radix made some fixes... haven't seen any activity since last Friday but want to be sure.

Thanks in advance!

 

[guitarzan]

sidenote.... 2ffat... i only had a chance to look very quickly, but nice link!! Thank you for that!