-
Posts
29 -
Joined
-
Last visited
Reputation
0 Neutral-
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
Ok thanks Ron. So nothing to worry about at the moment. Normal operations. That would explain why MB does not find anything. Thanks for your time in looking into this. -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
Here is the link. http://we.tl/kBWRvhRrta -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
I have installed Wireshark, but its way over my head to understand what I am looking at. I will run it again and see it its there. -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
I use Zone Alarm Internet Security Suite. I do not see anything in ZAP because I believe Peer Block is stopping it ahead of ZAP. I have turned off Peer Block to see if ZAP shows anything in the log but did not see anything. I'm not sure what the problem is or where it developed from. -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
Peer Block software is blocking it outbound. -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
Ron, Here are both files. Addition.txt FRST.txt -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
To my knowledge and experience, it does not. -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
Ron, Here is the App Log. AppLog.txt -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
Protection log? I am not sure what you are referring to. -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
Thats OK. Its never been fixed. I just live with it until such time that I have to reformat my drive or MB can remove it from my system. Thanks for your concern. -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
Microsoft Windows [Version 6.1.7601] Copyright © 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>netstat -a Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 ALPHA:0 LISTENING TCP 0.0.0.0:445 ALPHA:0 LISTENING TCP 0.0.0.0:2968 ALPHA:0 LISTENING TCP 0.0.0.0:5050 ALPHA:0 LISTENING TCP 0.0.0.0:5060 ALPHA:0 LISTENING TCP 0.0.0.0:5063 ALPHA:0 LISTENING TCP 0.0.0.0:5065 ALPHA:0 LISTENING TCP 0.0.0.0:5066 ALPHA:0 LISTENING TCP 0.0.0.0:5067 ALPHA:0 LISTENING TCP 0.0.0.0:5068 ALPHA:0 LISTENING TCP 0.0.0.0:5069 ALPHA:0 LISTENING TCP 0.0.0.0:5080 ALPHA:0 LISTENING TCP 0.0.0.0:5357 ALPHA:0 LISTENING TCP 0.0.0.0:8070 ALPHA:0 LISTENING TCP 0.0.0.0:49152 ALPHA:0 LISTENING TCP 0.0.0.0:49153 ALPHA:0 LISTENING TCP 0.0.0.0:49154 ALPHA:0 LISTENING TCP 0.0.0.0:49155 ALPHA:0 LISTENING TCP 0.0.0.0:49179 ALPHA:0 LISTENING TCP 127.0.0.1:1234 ALPHA:0 LISTENING TCP 127.0.0.1:5080 www:49272 ESTABLISHED TCP 127.0.0.1:5939 ALPHA:0 LISTENING TCP 127.0.0.1:9990 ALPHA:0 LISTENING TCP 127.0.0.1:23401 ALPHA:0 LISTENING TCP 127.0.0.1:37483 ALPHA:0 LISTENING TCP 127.0.0.1:49207 www:49208 ESTABLISHED TCP 127.0.0.1:49208 www:49207 ESTABLISHED TCP 127.0.0.1:49272 www:5080 ESTABLISHED TCP 127.0.0.1:59243 ALPHA:0 LISTENING TCP 169.254.235.250:139 ALPHA:0 LISTENING TCP 192.168.1.107:139 ALPHA:0 LISTENING TCP 192.168.1.107:49209 74.125.22.125:5222 ESTABLISHED TCP 192.168.1.107:49477 64.233.171.188:5228 ESTABLISHED TCP 192.168.1.107:49483 qc-in-f125:5222 ESTABLISHED TCP 192.168.1.107:49748 ntt-19:https ESTABLISHED TCP 192.168.1.107:49765 coral:http TIME_WAIT TCP 192.168.1.107:49766 coral:http TIME_WAIT TCP 192.168.1.107:49771 coral:http TIME_WAIT TCP 192.168.1.107:49772 coral:http TIME_WAIT TCP 192.168.1.107:49773 coral:http TIME_WAIT TCP 192.168.1.107:49774 coral:http TIME_WAIT TCP 192.168.1.107:49775 coral:http TIME_WAIT TCP 192.168.1.107:49776 coral:http TIME_WAIT TCP 192.168.1.107:49780 lga15s42-in-f7:https ESTABLISHED TCP 192.168.1.107:49781 lga15s35-in-f9:http TIME_WAIT TCP 192.168.1.107:49782 lga15s35-in-f9:http TIME_WAIT TCP 192.168.1.107:49783 lga15s35-in-f9:http TIME_WAIT TCP 192.168.1.107:49810 lga15s42-in-f2:https ESTABLISHED TCP 192.168.1.107:49837 lga15s35-in-f21:https ESTABLISHED TCP 192.168.1.107:49839 64.233.171.84:https ESTABLISHED TCP 192.168.1.107:49840 lga15s35-in-f15:https ESTABLISHED TCP 192.168.1.107:49844 lga15s35-in-f9:https ESTABLISHED TCP 192.168.1.107:49845 lga15s35-in-f11:https ESTABLISHED TCP 192.168.1.107:49852 iad23s05-in-f19:https ESTABLISHED TCP 192.168.1.107:49853 lga15s35-in-f2:https ESTABLISHED TCP 192.168.1.107:49855 lga15s35-in-f29:https ESTABLISHED TCP 192.168.1.107:49856 lga15s43-in-f7:https ESTABLISHED TCP 192.168.1.107:49868 tg-in-f94:https ESTABLISHED TCP 192.168.1.107:49883 a23-62-6-65:http SYN_SENT TCP [::]:135 ALPHA:0 LISTENING TCP [::]:445 ALPHA:0 LISTENING TCP [::]:5357 ALPHA:0 LISTENING TCP [::]:8070 ALPHA:0 LISTENING TCP [::]:49152 ALPHA:0 LISTENING TCP [::]:49153 ALPHA:0 LISTENING TCP [::]:49154 ALPHA:0 LISTENING TCP [::]:49155 ALPHA:0 LISTENING TCP [::]:49179 ALPHA:0 LISTENING TCP [::1]:49161 ALPHA:0 LISTENING UDP 0.0.0.0:68 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:2968 *:* UDP 0.0.0.0:3702 *:* UDP 0.0.0.0:3702 *:* UDP 0.0.0.0:3702 *:* UDP 0.0.0.0:3702 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:5070 *:* UDP 0.0.0.0:5355 *:* UDP 0.0.0.0:56911 *:* UDP 0.0.0.0:56913 *:* UDP 0.0.0.0:56915 *:* UDP 0.0.0.0:59285 *:* UDP 0.0.0.0:59286 *:* UDP 0.0.0.0:59287 *:* UDP 0.0.0.0:59288 *:* UDP 0.0.0.0:59289 *:* UDP 0.0.0.0:59290 *:* UDP 127.0.0.1:1900 *:* UDP 127.0.0.1:48200 *:* UDP 127.0.0.1:48201 *:* UDP 127.0.0.1:51459 *:* UDP 169.254.235.250:137 *:* UDP 169.254.235.250:138 *:* UDP 192.168.1.107:137 *:* UDP 192.168.1.107:138 *:* UDP 192.168.1.107:1900 *:* UDP 192.168.1.107:51458 *:* UDP 192.168.1.107:52054 *:* UDP [::]:500 *:* UDP [::]:3702 *:* UDP [::]:3702 *:* UDP [::]:3702 *:* UDP [::]:3702 *:* UDP [::]:4500 *:* UDP [::]:5355 *:* UDP [::]:56912 *:* UDP [::]:56914 *:* UDP [::]:56916 *:* UDP [::1]:1900 *:* UDP [::1]:51457 *:* UDP [fe80::8d42:f169:3767:701e%11]:546 *:* UDP [fe80::8d42:f169:3767:701e%11]:1900 *:* UDP [fe80::8d42:f169:3767:701e%11]:51456 *:* C:\Windows\system32> -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
Here is the output. Microsoft Windows [Version 6.1.7601]Copyright © 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>IPCONFIG /FLUSHDNS Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Windows\system32>arp -d * C:\Windows\system32>ipconfig /renew Windows IP Configuration No operation can be performed on Wireless Network Connection while it has its media disconnected. C:\Windows\system32>C:\Windows\system32>nbtstat -a Displays protocol statistics and current TCP/IP connections using NBT(NetBIOS over TCP/IP). NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [interval] ] -a (adapter status) Lists the remote machine's name table given its name -A (Adapter status) Lists the remote machine's name table given its IP address. -c (cache) Lists NBT's cache of remote [machine] names and their IP addresses -n (names) Lists local NetBIOS names. -r (resolved) Lists names resolved by broadcast and via WINS -R (Reload) Purges and reloads the remote cache name table -S (Sessions) Lists sessions table with the destination IP addresses -s (sessions) Lists sessions table converting destination IP addresses to computer NETBIOS names. -RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh RemoteName Remote host machine name. IP address Dotted decimal representation of the IP address. interval Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics. -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
I doubt it very much. -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
I have done this again as requested but the instant I bring up Chrome or any browser for that matter, I immediately see the blocking on Peer Block. -
body4u.diy.myrice.com
0nIQ23cFNJUo8r3 replied to 0nIQ23cFNJUo8r3's topic in Resolved Malware Removal Logs
Hey in another thread on this group there was some information about body4u. I tried disabling UPNP using Gibson Research tool and that seems to have stopped the body4u stuff. While that is a step forward in that regard, what does disabling UPNP do to the rest of the system?