Skip to main content
At least one of my home pc's is infected with "searchnet.blinkxcore.com". Beware that most online googled solutions are lengthy and many seem obviously wrong or malicious themselves.

Here is where I am seeing what I believe to be trusted help, "https://forums.malwarebytes.org/index.php?/topic/157580-searchnetblinkxcorecom-keeps-on-popping-up-as-blocked/"

Tiger Direct technician that I trust says he tried everything and had to reformat pc's that were infected as most solutions caused more problems.

My (free) Malwarebytes scans showed that several system EXE files were issuing outbound requests to searchnet.blinkxcore.com with different external IP addresses. Affected files included dvdupgrd.exe, dllhost.exe, and NAPSTAT.EXE.

Examples:

66.45.56.109, searchnet.blinkxcore.com, 54920, Outbound, C:WindowsSysWOW64dvdupgrd.exe

195.2.241.167, 55149, Outbound, C:WindowsSysWOW64dllhost.exe

31.184.192.92, e9967a.com, 56776, Outbound, C:WindowsSysWOW64dllhost.exe

66.45.56.109, searchnet.blinkxcore.com, 60000, Outbound, C:WindowsSysWOW64NAPSTAT.EXE

Malwarebytes (free version) seems to be blocking the outbound requests now and the frequency it is seeing them mirrors the perceived lags and slowdowns I was getting.

Problem remains that the pc is still trying to hit these external sites that are clearly at least adware and probably malicious.

These were found and quarantined later same day:

PUP.Optional.AddinExpress.A, C:UsersJeffrey_StormDocumentsAdd-in Express, , [0143b6b0740855e1c46b8fceb053916f],

PUP.Optional.AddinExpress.A, C:UsersJeffrey_StormDocumentsAdd-in Expressadxregistrator.log, , [0143b6b0740855e1c46b8fceb053916f],

Will report back after finishing the proposed cleanupsteps on the above mentioned web site.
Hi jeffreyh0601

 

Welcome to the Community Forums.

 

Thanks for the information, and we will be interested to hear the results of you endeavours though please not that as a goodly part of the Community is non-technical lengthy posts of out and out techncial details are likely to be a waste of time.  Also, and I have no wish to offend by saying so but the Community Guidelines prohibit the publication and/or discussion of personal malware testing.  Now I am not sayiing that you are engaged in testing per say but there is a fine line between that and the sort of detail that you are providing...so I would just respectfully, ask you to be careful as to what you post going forward.  Many thanks for your understanding in this matter...;)

 

May I also point out that if you are a WSA user with a valid subscription then you are entitled to Open a Support Ticket and let the Support Team take a look at this issue for you.

 

Regards, Baldrick

Reply