Jump to content

jamman

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Im having trouble removing this malware from a PC remotely. I have no physcial access to the machine and can not connect remotely. Safemode doesnt work as it still loads, ctrl, alt & Del appear to be disabled. I was hoping to be able to provide a boot disk or something to try to clean machine on boot, but see MBAM doesnt have a bootable CD version. Any suggestions ?
  2. Hi, Im having trouble removing this malware from a PC remotely. I have no physcial access to the machine and can not connect remotely. Safemode doesnt work as it still loads, ctrl, alt & Del appear to be disabled. I was hoping to be able to provide a boot disk or something to try to clean machine on boot, but see MBAM doesnt have a bootable CD version. Any suggestions ?
  3. Hi all, We were getting the following message every 30 minutes or so : "You have reached the maximum number of permitted Internet sessions. Please close one or more applications to allow furthur Internet access. Contact your system administrator for further information." Restarting the router resolved the issue for a short while, but always returned. Couldnt see anything causing it on the firewall and it wasnt set to have a maximum amount. I then ran Sophos scan on the server which found nothing, so installed MWB and ran a scan, again nothing found. However the issue has now stopped but MWB is blocking dns.exe from contacting the outside world on a regular basis which to me suggests that it is blocking what was causing the message to appear. The protection logs shows : 10:31:28 Administrator IP-BLOCK 194.85.61.20 (Type: outgoing, Port: 54850, Process: dns.exe) 10:53:28 Administrator IP-BLOCK 77.221.130.250 (Type: outgoing, Port: 54289, Process: dns.exe) 11:02:16 Administrator IP-BLOCK 82.146.43.2 (Type: outgoing, Port: 54217, Process: dns.exe) 11:02:24 Administrator IP-BLOCK 82.146.55.155 (Type: outgoing, Port: 53412, Process: dns.exe) 11:02:24 Administrator IP-BLOCK 82.146.43.2 (Type: outgoing, Port: 53412, Process: dns.exe) 11:02:24 Administrator IP-BLOCK 82.146.55.155 (Type: outgoing, Port: 53412, Process: dns.exe) 11:29:11 Administrator IP-BLOCK 77.221.130.250 (Type: outgoing, Port: 53103, Process: dns.exe) Any ideas what it is blocking and whether this looks like a DNS hijack ? As I say, since MWB has been running the issue hasnt affected users, and I assume if I disable the MWB protection it will. However MWB isnt actually detecting anything when it scans ?
  4. I shall repost in the other forum, but as I said, MWB is not detecting anything so was after general feedback....
  5. Hi all, We were getting the following message every 30 minutes or so : "You have reached the maximum number of permitted Internet sessions. Please close one or more applications to allow furthur Internet access. Contact your system administrator for further information." Restarting the router resolved the issue for a short while, but always returned. Couldnt see anything causing it on the firewall and it wasnt set to have a maximum amount. I then ran Sophos scan on the server which found nothing, so installed MWB and ran a scan, again nothing found. However the issue has now stopped but MWB is blocking dns.exe from contacting the outside world on a regular basis which to me suggests that it is blocking what was causing the message to appear. The protection logs shows : 10:31:28 Administrator IP-BLOCK 194.85.61.20 (Type: outgoing, Port: 54850, Process: dns.exe) 10:53:28 Administrator IP-BLOCK 77.221.130.250 (Type: outgoing, Port: 54289, Process: dns.exe) 11:02:16 Administrator IP-BLOCK 82.146.43.2 (Type: outgoing, Port: 54217, Process: dns.exe) 11:02:24 Administrator IP-BLOCK 82.146.55.155 (Type: outgoing, Port: 53412, Process: dns.exe) 11:02:24 Administrator IP-BLOCK 82.146.43.2 (Type: outgoing, Port: 53412, Process: dns.exe) 11:02:24 Administrator IP-BLOCK 82.146.55.155 (Type: outgoing, Port: 53412, Process: dns.exe) 11:29:11 Administrator IP-BLOCK 77.221.130.250 (Type: outgoing, Port: 53103, Process: dns.exe) Any ideas what it is blocking and whether this looks like a DNS hijack ? As I say, since MWB has been running the issue hasnt affected users, and I assume if I disable the MWB protection it will. However MWB isnt actually detecting anything when it scans ?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.