Press enter to see results or esc to cancel.

Malwarebytes has successfully blocked access to a potentially malicious website

I’ve just finished dealing with the worst malware attack I have ever had to deal with, period. I’ve been a software professional for 9 years and not once have I felt as hopeless as during periods of today while fixing the malware issue I will describe below.

Over the last day or so my Malwarebytes anti-malware installation has been showing “has successfully blocked access to a potentially malicious website” messages with some random port number (21210 or whatever) and a seemingly random IP address displayed. I ran various scans with Avira, MalwareBytes anti-malware, HijackThis, Spybot search and destroy and nothing was found – repeatedly. Yet, after every scan, the bubble with the “has successfully blocked access” kept coming back up.

If you haven’t tried Malwarebytes yet, you definitely should as it’s a great anti-malware tool for your machine. I have it installed together with AVG on my machine. Below are links to download Malwarebytes and AVG if you haven’t got them already:
Download Malwarebytes for Free!
Download AVG AntiVirus 2014 Free

Incidentally, I have recently also experienced an unusual issue where right clicking my desktop would cause my explorer.exe to crash and restart – but I had not connected the two issues. My Windows 7 is licenced and up-to-date and I was thinking perhaps some Windows update had caused the issue and the issue would be fixed with a subsequent update/upgrade.

It turns out the issues are indeed connected and here is how: some rogue mediaiconsoverlay.dll got into my system at C:/ProgramData/Microsoft/MediaTools/mediaiconsoverlay.dll and it was in fact downloading and serving movies over my internet connection. Gigabytes of movies! The movies were being downloaded into C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\plugins\mediahash\downloads. And all this was happening through explorer.exe which was corrupted somehow.

This also explains my malwarebytes IP blocking bubbles – my PC was being used as a server to serve these illegal movies to “clients” all over the world. The above downloads folder was full of illegal movie downloads!

So, now that I finally knew what was going on I immediately cut my internet connection and did the following to get rid of the problem:

1. Changed ownership of C:/ProgramData/Microsoft/MediaTools/ folder
2. Deleted the entire C:/ProgramData/Microsoft/MediaTools/ folder.
3. Reconnected to internet and downloaded VipreRescueScanner… installed it and ran it. It found and destroyed 2 malware issues… one for above mentioned MediaIconsOverlays.dll and one for C:\Program Files\Mega Codec Pack\Filters\Haali\mmdinfo.dll
4. Downloaded AutoRuns for Windows (By Mark Russinovich and Bryce Cogswell) and ran it. Fixed all the broken issues reported by this tool.
5. Restarted my system.
6. Ran SFC /SCANNOW in command prompt to fix my broken Windows.

The issue has not come back. What a horrible experience! I hope this helps someone else fix the same issue.

Comments

1 Comment

rrrmmm

I get the same “has successfully blocked access to a potentially malicious website” messages with some random port number (21210 or whatever) but I usually get the same malicious sites one is tcf hunter and another is oh I can’t remember. This does not happen immediately or all of the time when I am searching on Chrome or IE but randomly it seems Can you give me any free advice I tried doing searches in the search box for the C/ files you said had been corrupted but nothing happened I imagine you can tellI am not that Savy with computers thanks


Leave a Comment