Jump to content

hacktress

Honorary Members
  • Posts

    39
  • Joined

  • Last visited

Everything posted by hacktress

  1. You may close this thread. I haven't had any popups since you removed the blocks on the *,asoshared servers. Thank you for your help.
  2. The sites that get blocked belong to the web host company A Small Orange which I mentioned in my first post. Their sub-domains are *.asoshared.com The four webservers that I get popup blocks on are: thewall,asoshared.com, starlord.asoshared.com, pam.asoshared.com, and bart.asoshared.com. I have one domain on each of those 4 servers. Can you please confirm that you removed the blocks on each of those four sites? I already started migrating my own domains from A Small Orange to another Web Host Provider but until I can afford to do them all, I can't work with the constant blocks as it's very frustrating. What concerns me is as I said previously is that I would get Popup Blocks even when I had no browser open. Thank you again for all your help.
  3. Hi Ron, Not sure if the two files are what you want. The .txt file is a renamed xml file since I can't upload vml here and I couldn't zip it either. I don't know why I have no Protection Logs that are newer than 2017-02-08. Then I looked for anything that had today's date and that's the LOG file. I had 20 website block pop-up alerts today without opening FIrefox and all of them preventing access to thewall.asoshared.com, where one of my domains lives. Then to gild the lily, I tried to access CPANEL and got a website block to bart.asoshared.com, another site where one of my other domains live. Thanks for your help. By the way, do you think that so far - the alerts have been false positives? MBAMSERVICE.LOG protection-log-2017-02-08.txt
  4. Hi Ron, Today, prior to recommended browser cleanup, had dozens of popups before I even opened Firefox. Dozens. Anyway, then followed instructions, I did everything to Firefox and Chrome as stated as carefully as I could. Also ran inetcpl.cpl to clean up Edge. Then I ran a ProcMon a few times so I have logs/screenshots attached. I would trigger the MBAM block by going to the CPANEL option on my host provider, used some filters too. Caught activity in ProcMon while triggering the event of executing CPANEL on web host. Then I wanted to do a few DNS checks so I went to Control Panel, Network Connections, Change Adapter Settings in order to view that IPV4 is set to determine DNS automatically. I clicked on Driver properties and then Event Viewer went a little crazy. Started to add console snap ons. Had no idea what was happening. So I took screenshots if helpful. Of course, now when I go to CPANEL, I don't get an error. I hope that the Event Viewer installation of the driver on my adapter card as shown in screenshot, didn't cause more damage. Also ran TDSKiller and HijackThis but no threats detected. Could this be a certificate issue as stored in my browsers? Maybe I need to install a new certificate on my site. I requested one earlier so I will see if that solves anything. Logfile.CSV
  5. No threats were detected. I've attached the TDSS logs below. TDSSKiller.3.1.0.12_24.03.2017_16.06.10_log.txt TDSSKiller.3.1.0.12_24.03.2017_15.22.57_log.txt TDSSKiller.3.1.0.12_24.03.2017_15.14.47_log.txt
  6. Ok, no problem but we ran TDSSkiller and MBAR a few days ago. Will be happy to do it again. Will report back shortly. Thanks again.
  7. You are correct, sorry I wasn't clear. The instances for Website Blocks happen when I first bootup at the start of my day before I open Firefox or Thunderbird. I get around 25 pops on SVCHOST.exe before I open those two apps. I also get a Website Block when I open firefox before I go to any page, and when I try to access cpanel.westsidevirtual.com:2083, which is CPANEL for my domain. Firefox reports: cpanel.westsidevirtual.com:2083 uses an invalid security certificate. I made three attempts to get my host provider to assist with the certificate issue but they told me to contact my ISP. Laughable. I also get a Website Block when I open Thunderbird and it is on thunderbird.exe.
  8. I contacted web host yesterday, they were useless. I still get website blocks even when firefox is not open. I still get website blocks when I open Thunderbird. I am going to switch from Thunderbird to a different mail client then I am going to delete Thunderbird.
  9. I will mention it to them tomorrow. It's strange that the only two IPs that trigger my MBAM's pop ups are where my domains are hosted.
  10. I mistakenly chose to auto re-add my bookmarks after I reset Firefox so I am going to reset it again without Bookmarks. I figured, what the heck, I'll check out my web host and sure enough MBAM popped and this is the error I get in Firefox when I try to hit CPANEL. It allowed me communicate yesterday but now I can't. I don't know if this is helpful at all. An error occurred during a connection to bart.asoshared.com:2083. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
  11. Ok,dokay, I have FIrefox, Chrome and Microsoft Edge. I reset Firefox and removed all bookmarks. I updated Chrome and removed all bookmarks. I only use FIrefox, rarely Chrome, and never Microsoft Edge. I exported Firefox Troubleshooting settings in case you want to see it.
  12. Forgot to mention that today, for first time, my AV popped that "we found an unreputable add-on in your browser" but when I went to resolve it thru the AV interface, it didn't do anything. The AV could be correct nonetheless since I think that it was my attempt to add on Tamper Data a few weeks ago that caused this mess. What's weird is that nothing popped on MBYTES all day Sunday. It's like this entity is on a work-week schedule. Very strange.
  13. No malware was detected. Here are the two logs from MBAR: mbar-log-2017-03-22 (15-52-04).txt system-log.txt
  14. Ok, will work on it right now. I will assume I close security apps again in order to run it. Thx again!
  15. Hi Ron, Ran the tool and it found nothing, here are the two logs. TDSSKiller.3.1.0.12_22.03.2017_15.29.30_log.txt TDSSKiller.3.1.0.12_22.03.2017_15.26.44_log.txt
  16. Whenever I try to go to CPANEL of my domain on my web host, I would trigger MBAM, so I thought I would do a test. Am running CurrPorts with ongoing refresh. I discovered that I have six instances of wmpnetwk.exe open for Windows Media Player which is strange because I don't have Media Player opened. Anyway, I killed the processes and was able to grab a remote address of deploy.static.akamaitechnologies.com:2083 but now since I closed wimpnetwk, I'm not getting a MBAM popup when I attempt CPANEL. Am going to try to recreate this by restarting PC, and seeing if Media Player opens on restart and if I get MBAM to pop. If I am wasting your time with my own novice exploration findings, please let me know. Thanks again so much.
  17. Fix completed successfully, it took two seconds, but still getting pop ups. Fixlog.txt
  18. Hi Ron, Thank you for your note. Over the weekend, I uninstalled/reinstalled Firefox. MBAM did not pop yesterday at all but it started popping again today with the same error. Very strange. My AV now warns me that I have an unreputable browser add-on but when I go to "fix" it in their interface it doesn't seem to be doing anything. I will run the latest fixlist that you have provided and I will post the results here. I am very grateful for your help, I know this can be wearisome, but I am very grateful to you for all your work.
  19. I thought I'd run netstat, wait until MBAM popped to grab a screenshot, so I did. Not too much information gathered but loopback appeared as expected. Should I block ports indicated in the screenshot, or not even bother.
  20. I uninstalled FIREFOX since I think the start of all this was when I installed Tamper Data add-on a few weeks ago. So I downloaded FIXLIST again and ran FIX, and here are the latest results. FRST64 still appears to stop running after 20-30 minutes. Thanks again. Fixlog.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.