Jump to content

jinksy9

Honorary Members
  • Posts

    61
  • Joined

  • Last visited

Everything posted by jinksy9

  1. I'm having a problem with Malwarebytes blocking access to a website, www.adazing.com. I've done a search here on Malwarebytes for www.adazing.com and nothing came up. I then searched the IP address 192.124.249.18 and found one post about that dated 16 Dec 2016. (https://forums.malwarebytes.com/topic/192322-httpdriverscom/?tab=comments#comment-1081123) I have also Googled the IP address and found reference to it on various websites concerning ransomware etc. I need to access this website but am concerned about doing so because of Malwarebytes flagging up a Trojan. Also I don't know if the Trojan is already on my computer so how do I check for that please? Thanks in advance, Jane The results on my Malwarebytes are: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/15/18 Protection Event Time: 12:34 PM Log File: 3c804873-d06e-11e8-b3c5-2c6e85f404f6.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7355 License: Premium -System Information- OS: Windows 10 (Build 17134.345) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: www.adazing.com IP Address: 192.124.249.18 Port: [60937] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
  2. Hi Gringo. If I need to PM you how do I do it please. Thanks, jinksy9
  3. Thanks Gringo. I really appreciate all your efforts with this. I will complete a 'tidy up' to remove stuff on both laptops tomorrow and will email you to let you know it's done. Many thanks, jinksy9
  4. Hi Gringo. Hopefully router has been sorted. Result of ESET scan is: C:\Users\Jinks\Documents\AcerInvoice.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\Jinks\Documents\jinks_laptop.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\Jinks\Documents\laptop July11.pdf JS/Trackware.ReadNotify.A application C:\Users\Jinks\Documents\Spain Rent Exercise\SSmith Invoices\SSmith 050811.pdf JS/Trackware.ReadNotify.A application These are the same files that it found before and you didn't think they were a particuar threat. As these 4 files originated from the same person do you think they arrived infected? Since the router was reset we haven't seen the malwarebytes message about blocking outgoing so it looks like that worked but what happened with the router after that was very strange. Whatever hijacked it managed to change the settings and our IT guy also found that settings for our antivirus had been affected. Hopefully everything will be ok now. cheers, jinksy9
  5. Hi Gringo. It seems that we've been hijacked again. Router problem was caused by something nasty changing settings. Have had to get our IT guy to come again to try to sort it. He's coming back tomorrow so I will wait until he's done before I do the stuff in your last instructions. That'll be tomorrow evening now. Cheers, jinksy9.
  6. Hi Gringo. Sorry, we have another router problem. I've been able to get online using our old router with my laptop but can't get other laptop to conect to this router Hopefully I'll get it sorted tomorrow. I'll get back to you then. cheers, jinksy9
  7. Hi Gringo. Here are the MBAM and Hijackthis results; Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.30.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jinks :: JINKS-LAPTOP [administrator] Protection: Enabled 30/06/2012 21:39:49 mbam-log-2012-06-30 (21-39-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210218 Time elapsed: 2 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:53:48, on 30/06/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Users\Jinks\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8947 bytes No problems and both computers are still running ok with no sign of the malwarebytes message about any outgoing scvhost.exe. cheers, jinksy9
  8. Hi Gringo. Like I said - it got confused when the threads were amalgamated. We have used these programs on both laptops. We have finished with 'my' laptop (Dell) but are still working on 'other' laptop (Acer). Acer laptop already has ESET online scanner, Hijackthis and CCCleaner installed because we've used them once on that one as well as my Dell. So, should I uninstall them and then reinstall before I do the scans you want me to on this 'other' Acer laptop, which is the one we're working on now? cheers, jinksy9
  9. Hi Gringo. Before I do this stuff I need to check with you. We still have various programs installed that I think you'd want me to uninstall and then install new ones. ESET online scanner, Hijackthis and CCCleaner are all in the installed programs list on our 'other' laptop, which has Windows 7. Everything got confused when the 2 threads became one. What programs should I keep and which should I remove please? Thanks, jinksy9
  10. Hi Gringo. Thanks for that. Since resetting router we've not seen the malwarebytes warning message on either of the laptops so hopefully all is now well. I've flushed dns on 'other' laptop and have run batch file anyway. Result is: Windows IP Configuration Host Name . . . . . . . . . . . . : Jinks-Laptop Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter Physical Address. . . . . . . . . : 18-F4-6A-D5-4B-F2 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::24ab:3983:602f:b8fc%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 26 June 2012 07:54:07 Lease Expires . . . . . . . . . . : 30 June 2012 21:59:17 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 387511402 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-AC-00-E6-1C-75-08-B0-32-A7 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet Physical Address. . . . . . . . . : 1C-75-08-B0-32-A7 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{CC604D7E-1F32-4AA6-89E7-EAD66244A8B6}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:300d:376d:3f57:fe9b(Preferred) Link-local IPv6 Address . . . . . : fe80::300d:376d:3f57:fe9b%16(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{24E9E55F-9551-4D52-B4D3-B5A2BF4D329C}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 192.168.1.1 Name: google.com Addresses: 2a00:1450:4009:802::1003 173.194.34.71 173.194.34.72 173.194.34.73 173.194.34.78 173.194.34.64 173.194.34.65 173.194.34.66 173.194.34.67 173.194.34.68 173.194.34.69 173.194.34.70 Server: UnKnown Address: 192.168.1.1 Name: yahoo.com Addresses: 72.30.38.140 98.139.183.24 209.191.122.70 Pinging google.com [173.194.34.70] with 32 bytes of data: Reply from 173.194.34.70: bytes=32 time=15ms TTL=54 Reply from 173.194.34.70: bytes=32 time=15ms TTL=54 Ping statistics for 173.194.34.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 15ms, Maximum = 15ms, Average = 15ms Pinging yahoo.com [209.191.122.70] with 32 bytes of data: Reply from 209.191.122.70: bytes=32 time=141ms TTL=49 Reply from 209.191.122.70: bytes=32 time=140ms TTL=49 Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 140ms, Maximum = 141ms, Average = 140ms =========================================================================== Interface List 11...18 f4 6a d5 4b f2 ......Atheros AR5B97 Wireless Network Adapter 10...1c 75 08 b0 32 a7 ......Broadcom NetLink Gigabit Ethernet 1...........................Software Loopback Interface 1 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.100 281 192.168.1.100 255.255.255.255 On-link 192.168.1.100 281 192.168.1.255 255.255.255.255 On-link 192.168.1.100 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.100 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.100 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 16 58 ::/0 On-link 1 306 ::1/128 On-link 16 58 2001::/32 On-link 16 306 2001:0:5ef5:79fd:300d:376d:3f57:fe9b/128 On-link 11 281 fe80::/64 On-link 16 306 fe80::/64 On-link 11 281 fe80::24ab:3983:602f:b8fc/128 On-link 16 306 fe80::300d:376d:3f57:fe9b/128 On-link 1 306 ff00::/8 On-link 16 306 ff00::/8 On-link 11 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ------------------------------------------------------------------------------------------------------------- Thanks for all your help. I'll check back tomorrow. cheers, jinksy9
  11. Hi Gringo, Lost in translation - had you noticed thtat we'd lost some posts when the threads were combined. The one was when you'd asked me to use the ESET scan on the other laptop. That had the following result: C:\Users\Jinks\Documents\AcerInvoice.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\Jinks\Documents\jinks_laptop.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\Jinks\Documents\laptop July11.pdf JS/Trackware.ReadNotify.A application C:\Users\Jinks\Documents\Spain Rent Exercise\SSmith Invoices\SSmith 050811.pdf JS/Trackware.ReadNotify.A application I don't remember what you said to do about this but I think it's interesting that all 4 files came from the same source. Would they have arrived infected do you think? As I've done the router reset and flushed the DNS on my laptop I'll flush the DNS on the other laptop now and then run the batch file that you've asked me to use. I'll update once I've done. cheers, jinksy9
  12. Hi Gringo. Since router was reset we've not seen the malwarebytes message on either of our laptops so that's looking good I'd flushed the DNS on my laptop but I've not had chance to do that on the other laptop nor to run the batch file on either of them yet. I'll have to do that tomorrow now. Sorry for dragging this on so long and many thanks for all your help. I'll get back to you tomorrow now. cheers, jinksy9
  13. Hi Gringo, Had to get our IT guy in to sort the router. He said the access problem could be something to do with MS updates and resetting the router should sort that out. I did that but then had lost settings to ISP and wasn't sure what to reset. Should be ok now but will have to check later as am currently at work. cheers, jinksy9
  14. Hi Gringo. Bit of a problem. Have the router IP address but username/password that I have don't work. Have tried other combinations that I thought I'd have used if i'd reset it but they don't work either. Have looked for router on the link you provided http://www.routerpasswords.com/ but router (TP-Link) not in list. I'll have to contact the guy who set this up for us. I'll get back to you tomorrow. cheers, jinksy9
  15. Hi Gringo. Sorry, haven't had chance to check router today. Will do tomorrow. cheers, jinksy9
  16. Hi Gringo. Just checking. To hardwire the router I just need to plug in a network cable from one of the laptops to the router? Right? (Need to find what I've done with the network cables I used to use with old desktop PC) cheers, jinksy9
  17. Hi Gringo. Neither laptop is hardwired to the router. I can do this but it'll have to be tomorrow now. Sorry to be dragging this out. cheers, jinksy9
  18. Hi Gringo. I've found the info about the router and realised I didn't change the username or password. I'll have to leave resetting the router because we need to be online for things at the mo and I don't want to find I've lost connection. Also, should I do this from my laptop or the other one that we use? And do I need to flush the DNS on both? I'll catch up with this later now. Many thanks, jinksy9
  19. Hi Gringo. sorry, should have explained. Re. your note: I believe I did set up my own password for the new router but need to check. Does this make a difference? cheers, jinksy9
  20. Hi Gringo. Have read your post in full now. Had a new router installed about 12 months ago when we also got the new laptop. I've put the info somewhere safe but can't think where at the mo. I'll have a good look and get it sorted. cheers, jinksy9
  21. Hi Gringo. Sorry I'm late picking this up and very much appreciate all your efforts. I'll get on to this now and update you asap. cheers, jinksy9
  22. Hi Gringo. Result of router.bat is: Windows IP Configuration Host Name . . . . . . . . . . . . : Dell Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection Physical Address. . . . . . . . . : 00-13-02-8D-EA-B0 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 8.8.8.8 212.117.175.185 Lease Obtained. . . . . . . . . . : 19 June 2012 18:54:32 Lease Expires . . . . . . . . . . : 22 June 2012 18:54:32 Server: google-public-dns-a.google.com Address: 8.8.8.8 Name: google.com Addresses: 173.194.41.128, 173.194.41.137, 173.194.41.134, 173.194.41.135 173.194.41.129, 173.194.41.136, 173.194.41.132, 173.194.41.142, 173.194.41.130 173.194.41.133, 173.194.41.131 Server: google-public-dns-a.google.com Address: 8.8.8.8 Name: yahoo.com Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140 Pinging google.com [173.194.41.128] with 32 bytes of data: Reply from 173.194.41.128: bytes=32 time=13ms TTL=54 Reply from 173.194.41.128: bytes=32 time=13ms TTL=54 Ping statistics for 173.194.41.128: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 13ms, Maximum = 13ms, Average = 13ms Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=101ms TTL=45 Reply from 98.139.183.24: bytes=32 time=110ms TTL=44 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 101ms, Maximum = 110ms, Average = 105ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 13 02 8d ea b0 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 25 192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 25 192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 25 224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 25 255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1 Default Gateway: 192.168.1.1 =========================================================================== Persistent Routes: None
  23. Hi Gringo. My laptop had a blue screen stop yesterday, something about a driver but it seemed fine afterwards. This other one had a very strange screen soon after I booted it up today. It looked liked the window was suddenly split into pieces - couldn't decipher anything so shut it down and rebooted. Seems ok now. However, both laptops are still popping up the malwarebytes message to say that scvhost.exe is blocked outgoing to same IP address. Is there anyway to find out what's causing this or should I just be glad it's been blocked and just ignore it? BTW - sorry about hijacking the original post. cheers, jinksy9
  24. Hi Gringo. Thought this was going on forever - it was showing 99% complete for about half an hour!! ESET scan found 4 threats. log follows: C:\Users\Jinks\Documents\AcerInvoice.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\Jinks\Documents\jinks_laptop.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\Jinks\Documents\laptop July11.pdf JS/Trackware.ReadNotify.A application C:\Users\Jinks\Documents\Spain Rent Exercise\SSmith Invoices\SSmith 050811.pdf JS/Trackware.ReadNotify.A application FYI - all 4 files found are from the same source. Do you think that means they're infected and don't know it? cheers, jinksy9
  25. B****r, it's still there. Whatever is causing the malwarebytes message is still there because it's just popped up again. It appeared just as I'd opened a new window and did a search for train times. Same IP address outgoing. Is there anyway to find out what's causing this or should I just be glad it's been blocked and just ignore it? Fed up with it - as I'm sure you are. Bedtime now (once the scan has finished on the other one). Goodnight. jinksy9
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.