Hello Guys,
I'm receiving pop up message as shown below in my windows server 2012 machine.
Logs :
Detection, 5/31/2016 8:09 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 208.100.26.234, ns2.honeybot.us, 64571, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 8:10 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 94.242.206.221, 65180, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 8:10 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 94.242.206.221, 63706, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 8:10 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 94.242.206.36, 65180, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 8:10 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 94.242.206.36, 64807, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 8:10 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 94.242.206.36, 63706, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 8:11 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 94.242.206.221, 64807, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 9:04 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 148.81.111.111, sinkhole.cert.pl, 63902, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 9:04 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 148.81.111.111, sinkhole.cert.pl, 63902, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 9:05 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 148.81.111.111, sinkhole.cert.pl, 63306, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 9:13 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 122.228.198.140, 49287, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 9:25 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, Domain, 89.145.103.61, ns2.gwesystems.com, 64752, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 9:25 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, Domain, 89.145.103.61, ns2.gwesystems.com, 64752, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 9:25 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, Domain, 89.145.103.61, ns2.gwesystems.com, 63713, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 9:29 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 122.228.198.140, 65177, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 9:45 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 122.228.198.140, 65089, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 9:47 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 122.228.198.140, 64221, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 9:47 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 122.228.198.140, 64019, Outbound, C:\Windows\System32\dns.exe,
Update, 5/31/2016 9:51 AM, SYSTEM, PKSHQINF01, Scheduler, IP Database, 2016.5.27.3, 2016.5.30.1,
Update, 5/31/2016 9:51 AM, SYSTEM, PKSHQINF01, Scheduler, Domain Database, 2016.5.29.1, 2016.5.30.3,
Update, 5/31/2016 9:51 AM, SYSTEM, PKSHQINF01, Scheduler, Malware Database, 2016.5.30.4, 2016.5.30.7,
Protection, 5/31/2016 9:51 AM, SYSTEM, PKSHQINF01, Protection, Refresh, Starting,
Protection, 5/31/2016 9:51 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, Stopping,
Protection, 5/31/2016 9:52 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, Stopped,
Protection, 5/31/2016 9:52 AM, SYSTEM, PKSHQINF01, Protection, Refresh, Success,
Protection, 5/31/2016 9:52 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, Started,
Detection, 5/31/2016 9:56 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 80.77.81.89, 64421, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 10:03 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 109.163.226.148, 64209, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 10:04 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 148.81.111.111, sinkhole.cert.pl, 64135, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 10:05 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 148.81.111.111, sinkhole.cert.pl, 63241, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 10:09 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 122.228.198.140, 64386, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 10:09 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 122.228.198.140, 63591, Outbound, C:\Windows\System32\dns.exe,
Detection, 5/31/2016 10:11 AM, SYSTEM, PKSHQINF01, Protection, Malicious Website Protection, IP, 122.228.198.140, 63450, Outbound, C:\Windows\System32\dns.exe,
How do i solve this issue ?
Please assist,
Rgds,
Muraly
30 May Daily Protection Logs.txt
31 May Daily Protection Logs.txt