hacktress
Honorary Members-
Posts
39 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by hacktress
-
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
You may close this thread. I haven't had any popups since you removed the blocks on the *,asoshared servers. Thank you for your help. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
The sites that get blocked belong to the web host company A Small Orange which I mentioned in my first post. Their sub-domains are *.asoshared.com The four webservers that I get popup blocks on are: thewall,asoshared.com, starlord.asoshared.com, pam.asoshared.com, and bart.asoshared.com. I have one domain on each of those 4 servers. Can you please confirm that you removed the blocks on each of those four sites? I already started migrating my own domains from A Small Orange to another Web Host Provider but until I can afford to do them all, I can't work with the constant blocks as it's very frustrating. What concerns me is as I said previously is that I would get Popup Blocks even when I had no browser open. Thank you again for all your help. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Hi Ron, Not sure if the two files are what you want. The .txt file is a renamed xml file since I can't upload vml here and I couldn't zip it either. I don't know why I have no Protection Logs that are newer than 2017-02-08. Then I looked for anything that had today's date and that's the LOG file. I had 20 website block pop-up alerts today without opening FIrefox and all of them preventing access to thewall.asoshared.com, where one of my domains lives. Then to gild the lily, I tried to access CPANEL and got a website block to bart.asoshared.com, another site where one of my other domains live. Thanks for your help. By the way, do you think that so far - the alerts have been false positives? MBAMSERVICE.LOG protection-log-2017-02-08.txt -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Hi Ron, Today, prior to recommended browser cleanup, had dozens of popups before I even opened Firefox. Dozens. Anyway, then followed instructions, I did everything to Firefox and Chrome as stated as carefully as I could. Also ran inetcpl.cpl to clean up Edge. Then I ran a ProcMon a few times so I have logs/screenshots attached. I would trigger the MBAM block by going to the CPANEL option on my host provider, used some filters too. Caught activity in ProcMon while triggering the event of executing CPANEL on web host. Then I wanted to do a few DNS checks so I went to Control Panel, Network Connections, Change Adapter Settings in order to view that IPV4 is set to determine DNS automatically. I clicked on Driver properties and then Event Viewer went a little crazy. Started to add console snap ons. Had no idea what was happening. So I took screenshots if helpful. Of course, now when I go to CPANEL, I don't get an error. I hope that the Event Viewer installation of the driver on my adapter card as shown in screenshot, didn't cause more damage. Also ran TDSKiller and HijackThis but no threats detected. Could this be a certificate issue as stored in my browsers? Maybe I need to install a new certificate on my site. I requested one earlier so I will see if that solves anything. Logfile.CSV -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
No threats were detected. I've attached the TDSS logs below. TDSSKiller.3.1.0.12_24.03.2017_16.06.10_log.txt TDSSKiller.3.1.0.12_24.03.2017_15.22.57_log.txt TDSSKiller.3.1.0.12_24.03.2017_15.14.47_log.txt -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Ok, no problem but we ran TDSSkiller and MBAR a few days ago. Will be happy to do it again. Will report back shortly. Thanks again. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
You are correct, sorry I wasn't clear. The instances for Website Blocks happen when I first bootup at the start of my day before I open Firefox or Thunderbird. I get around 25 pops on SVCHOST.exe before I open those two apps. I also get a Website Block when I open firefox before I go to any page, and when I try to access cpanel.westsidevirtual.com:2083, which is CPANEL for my domain. Firefox reports: cpanel.westsidevirtual.com:2083 uses an invalid security certificate. I made three attempts to get my host provider to assist with the certificate issue but they told me to contact my ISP. Laughable. I also get a Website Block when I open Thunderbird and it is on thunderbird.exe. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
I contacted web host yesterday, they were useless. I still get website blocks even when firefox is not open. I still get website blocks when I open Thunderbird. I am going to switch from Thunderbird to a different mail client then I am going to delete Thunderbird. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
I will mention it to them tomorrow. It's strange that the only two IPs that trigger my MBAM's pop ups are where my domains are hosted. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
I mistakenly chose to auto re-add my bookmarks after I reset Firefox so I am going to reset it again without Bookmarks. I figured, what the heck, I'll check out my web host and sure enough MBAM popped and this is the error I get in Firefox when I try to hit CPANEL. It allowed me communicate yesterday but now I can't. I don't know if this is helpful at all. An error occurred during a connection to bart.asoshared.com:2083. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Ok,dokay, I have FIrefox, Chrome and Microsoft Edge. I reset Firefox and removed all bookmarks. I updated Chrome and removed all bookmarks. I only use FIrefox, rarely Chrome, and never Microsoft Edge. I exported Firefox Troubleshooting settings in case you want to see it. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Forgot to mention that today, for first time, my AV popped that "we found an unreputable add-on in your browser" but when I went to resolve it thru the AV interface, it didn't do anything. The AV could be correct nonetheless since I think that it was my attempt to add on Tamper Data a few weeks ago that caused this mess. What's weird is that nothing popped on MBYTES all day Sunday. It's like this entity is on a work-week schedule. Very strange. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
No malware was detected. Here are the two logs from MBAR: mbar-log-2017-03-22 (15-52-04).txt system-log.txt -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
It's still running... So far nothing has been detected... -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Am running it now... Thx!. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Ok, will work on it right now. I will assume I close security apps again in order to run it. Thx again! -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Hi Ron, Ran the tool and it found nothing, here are the two logs. TDSSKiller.3.1.0.12_22.03.2017_15.29.30_log.txt TDSSKiller.3.1.0.12_22.03.2017_15.26.44_log.txt -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Ok thanks. Will work on it right now. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Hi Ron, I ran it but it did not complete. Here it is. Fixlog.txt -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Ok, cool. Here is the latest FIXLOG which ran successfully. Fixlog.txt -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Whenever I try to go to CPANEL of my domain on my web host, I would trigger MBAM, so I thought I would do a test. Am running CurrPorts with ongoing refresh. I discovered that I have six instances of wmpnetwk.exe open for Windows Media Player which is strange because I don't have Media Player opened. Anyway, I killed the processes and was able to grab a remote address of deploy.static.akamaitechnologies.com:2083 but now since I closed wimpnetwk, I'm not getting a MBAM popup when I attempt CPANEL. Am going to try to recreate this by restarting PC, and seeing if Media Player opens on restart and if I get MBAM to pop. If I am wasting your time with my own novice exploration findings, please let me know. Thanks again so much. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Fix completed successfully, it took two seconds, but still getting pop ups. Fixlog.txt -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
Hi Ron, Thank you for your note. Over the weekend, I uninstalled/reinstalled Firefox. MBAM did not pop yesterday at all but it started popping again today with the same error. Very strange. My AV now warns me that I have an unreputable browser add-on but when I go to "fix" it in their interface it doesn't seem to be doing anything. I will run the latest fixlist that you have provided and I will post the results here. I am very grateful for your help, I know this can be wearisome, but I am very grateful to you for all your work. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
I thought I'd run netstat, wait until MBAM popped to grab a screenshot, so I did. Not too much information gathered but loopback appeared as expected. Should I block ports indicated in the screenshot, or not even bother. -
Keep getting outbound connection block to website
hacktress replied to hacktress's topic in Resolved Malware Removal Logs
I uninstalled FIREFOX since I think the start of all this was when I installed Tamper Data add-on a few weeks ago. So I downloaded FIXLIST again and ran FIX, and here are the latest results. FRST64 still appears to stop running after 20-30 minutes. Thanks again. Fixlog.txt