Jump to content

Malbert

Members
  • Content Count

    10
  • Joined

  • Last visited

About Malbert

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Also, I can't find a way to mark the thread as solved. Yes .... victory!
  2. VICTORY! The remnants of the malware remained in the Firefox tiles! When cleaning out the system, I made the very useful error, when I failed to clear history. I didn't imagine that the problem would lie there. It was a Firefox helper who suggested that it could be the tiles ( jscher2000 ). ... and it was. Firefox Application Error unknown software exception (0xc0000409) occurred in the application at location 0x00406b64  This still exists. Whether it is a leftover of malware removal ... maybe we'll never know. I guess that I must bite the bullet and go for a re-install. However, the malware connection to the bad ip address is gone. That's the victory :) Ha! bloody marvelous ?
  3. Hello everybody ... I have a suggestion. I am currently working on cracking some malware that has escaped identification by AVG real time, and subsequently by Malwarebytes, SpyBot, Superantispyware, ETES, Hitman. The initial tags were based upon what I knew at the time of first posting. However ... knowledge has been gained. I've tracked the source of the malware down to (I am almost certain) putrr18.com. Searching putrr18.com brings lots of malware reports, and how to get rid of it. It no longer identifies the domain name. Instead it uses IP addresses : 198.134.112.241 198.134.112.242 198.134.112.243 198.134.112.244 Either way, it might be best if the tags could be edited, to include the new tag search information. You can see the evolution of knowledge acquisition in my thread: What it shows, is that there could be reason for editing the tags, to home in on relevance. It's a thought RE the malware ... I haven't cracked it yet ... but good proress has been made. If anybody reading this, thinks that they can help ... we have the possibility to defeat malware that is currently defeating everybody. That would be a win ?
  4. Progress (perhaps) Searching ipinfo.io I found this: https://ipinfo.io/198.134.112.242 Route 198.134.112.0/20 This was the closest to 198.134.112.243 I presume that it is in the block of 98 addresses 198.134.112.242 putrr18.com 98 Upon searching putrr18.com I found lots of links to removing it as a virus. I reckon that this must be it ? ------------ Further ... I note that Malwarebytes is blocking addresses: 241 242 243 244 IE. it is not just .243 ---------- I ran a search on files containing the words putrr18.com - nothing found. I'm now trying a search for 198.134.112.243 It showed up ... but only in a question that I put to Mozilla :( ----------- This site http://greatis.com/blog/howto/remove-putrr18-com-forever.htm claims that an app UnHackMe will remove the putrr18.com virus, but it may be out of date, as the new virus doesn't mention the site name. This site https://malwaretips.com/blogs/remove-putrr18-com/ suggests using Malwarebytes, Hitman, and Zemana (as a last resort) Does anyone have any knowledge of these tools unhackme and zemana? ---------- Clearly this malware is very well hidden.
  5. Refreshed firefox 52.9 (rather than re-install, as it was suggested that refresh should fix the problems). Ran IP Location Find: Geolocation data from ipinfo.io (Product: API, real-time) IP Address Country Region City 198.134.112.243 United States New York Westbury ISP Organization Latitude Longitude Webair Internet Development Company Inc. Webair Internet Development Company Inc. 40.7570 -73.5814 AND New tab in Firefox is still displaying: unknown software exception (0xc0000409) occurred in the application at location 0x00406b64  So far, a lot of work, but no success. Maybe I must try a reinstall of Firefox. Has anyone gone through this problem?
  6. Opening a new firefox tab : unknown software exception (0xc0000409) occurred in the application at location 0x00406b64 I appear to have fixed this problem, by disabling 'HTML5 video everywhere'. However, Malwarebytes is still blocking 198.134.112.243 (outbound) What is causing this connection I wonder.
  7. Malwarebytes blocked 198.134.112.243 (outbound) I got this checked on scanurl.net and the result was that it is not a valid URL. So Malwarebytes is identifying a malicious website, but I am struggling to know what it is, and why Firefox is trying to connect to it. Also, the software that is causing the connection, hasn't been picked up as malicious. Does anybody have any thoughts on this conundrum?
  8. On another thread, I noted that someone had identified a threat by using ESET scanner. I researched this app ... apparently it can give a false positive (to get you to buy), but otherwise it was stated to be a superior malware scanner, as compared to the free scanners. How true this statement is, I obviously don't know ... but I gave it a whirl. Here is what it found (after other apps had declared the system clear): Win32/CNETInstaller.B potentially unwanted application C:\Documents and Settings\Ace Administrator\Application Data\Sun\Java\jre1.7.0_51\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\Documents and Settings\Ace Administrator\Desktop\Unused Desktop Shortcuts\Old Firefox Data\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\delegate.js JS/Toolbar.Crossrider.AS potentially unwanted application C:\Documents and Settings\Ace Administrator\Desktop\Unused Desktop Shortcuts\Old Firefox Data\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\xhr.js JS/Toolbar.Crossrider.G potentially unwanted application C:\Documents and Settings\Ace Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp\1.0_0\popup.js JS/Adware.Laitis.A application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\cbsidlm-cbsi134-Clean_Disk_Security-ORG-10052111.exe a variant of Win32/CNETInstaller.B potentially unwanted application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\cbsidlm-cbsi134-HD_Tune-ORG-10974407.exe a variant of Win32/CNETInstaller.B potentially unwanted application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\cbsidlm-cbsi145-Freemake_Video_Converter-ORG-75218346.exe a variant of Win32/CNETInstaller.B potentially unwanted application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\cbsidlm-cbsi145-Free_MOV_to_WMV_Converter-ORG-75894393.exe a variant of Win32/CNETInstaller.B potentially unwanted application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\cbsidlm-cbsi145-Photo_Pos_Pro-BP-10264444.exe a variant of Win32/CNETInstaller.B potentially unwanted application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\cbsidlm-cbsi145-VSDC_Free_Video_Editor-ORG-75764187.exe a variant of Win32/CNETInstaller.B potentially unwanted application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\ccsetup531.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\cdbxp_setup_4.5.8.6795.exe a variant of Win32/FusionCore.Q potentially unwanted application,a variant of Win32/FusionCore.T potentially unwanted application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\dfsetup218.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\dfsetup219.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\dfsetup221 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\dfsetup221.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\firebug.exe a variant of Win32/DownloadSponsor.C potentially unwanted application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\Flash-2017.zip JS/TrojanDownloader.Nemucod.CWZ trojan C:\Documents and Settings\Ace Administrator\My Documents\Downloads\notepad.exe a variant of Win32/DownloadSponsor.C potentially unwanted application C:\Documents and Settings\Ace Administrator\My Documents\Downloads\tb_free.exe a variant of Win32/FusionCore.L potentially unwanted application C:\Documents and Settings\Khaled Shbib\My Documents\Downloads\cbsidlm-cbsi118-Wise_Disk_Cleaner-ORG-10613345.exe a variant of Win32/CNETInstaller.B potentially unwanted application C:\Documents and Settings\Khaled Shbib\My Documents\Downloads\dfsetup214.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8PIRC5AV\wajam_update[1].exe Win32/Adware.Wajam.BE application C:\Endoscope\DriverInstall_IncludeDX9.0c.rar Win32/Agent.RNS trojan C:\Program Files\Freemake\Freemake Video Converter\SetupUpdate.exe a variant of Win32/Freemake.A potentially unwanted application,a variant of Win32/OpenCandy.A potentially unsafe application C:\ZZ_Oli_usb\General Folder\cbsidlm-cbsi188-EaseUS_Partition_Master_Free_Edition-ORG-10863346.exe a variant of Win32/CNETInstaller.B potentially unwanted application After examining the list, I decided to clean them all. Most were potentially unwanted or unsafe. A couple of trojans in zip files, and some browser related adware and pop ups Nothing jumped out at me as being a serious active risk (what do I know ??), but I must presume that it eliminated some dodgy software Post Quarantine Before closing the ESET scan window (as advised), I loaded firefox and chrome, to confirm that they still worked. I then rebooted. Opening a new firefox tab : unknown software exception (0xc0000409) occurred in the application at location 0x00406b64 Malwarebytes blocked 198.134.112.243 (outbound) Ha! So this hasn't changed. Maybe I need to force an update for Firefox ... just had a quick look, and didn't see such an option, but I'll look closer. Mouse It's still working fine. Conclusion It's still a fog, regarding what happened with the mouse. ... why it suddenly began working fine. Any independent engineer possessing 'concept to production' capabilities, will recognise and appreciate coincidental 'detrimental action/effects on an ongoing basis'. The difficulty is in seperating genuine coincidence from standard practice. In many cases, malpractice is evident and repeatably testable ... but it is not always the case. The firefox software exception and the Malwarebytes blocking of 198.134.112.243 (outbound) does appear to be linked, but this may simply be a coincidence. Does anybody have any thoughts? ... and what is this site 198.134.112.243 (that firefox is trying to connect to)? Edit: Just checked, and Firefox is set to auto update. Maybe I must reinstall, but that's always a worry ........
  9. I was using AVG anti virus and mb3-setup-consumer-3.1.2.1733.exe Mouse behaviour If left untouched for a period, my mouse needed a button click in order to function. It seemed to be moving slowly, and would drift upwards, when hovering over a link. Modded the setup to max speed, but it still wasn't right. (In all my decades of computing, I've never experienced this mouse behaviour) I had watched F1 via a stream - many such streams launch an advert new window if the stream page is clicked. This would be a good way of forcing the user to click the page. Opening a new firefox tab : unknown software exception (0xc0000409) occurred in the application at location 0x00406b64 Malwarebytes scan Tried to run a Malwarebytes scan, but it wouldn't run. Spybot found nothing threatening. Installed super antispyware - it found no threats. Chameleon Ran chameleon - option 2 worked - it suggested that I upgrade, which I did to 3.5.1 However, 3.5 wouldn't launch. Uninstalled it and reinstalled 3.1 Option 2 no longer worked ... I think it was option 8 that worked ... I ran a scan ... zero threats. Note: each time an option wouldn't work, it would stop at 'enabling driver' requiring a reboot every time. Testing the 13 options took a long time. 3.5.1 Reinstalled 3.5.1 - it wouldn't launch, but it did launch the following day (maybe it needed a reboot). Ran a scan - zero threats. ------------------------ I finally finished a big report last night. Today, booted the PC ... Malwarebytes blocked 198.134.112.243 (outbound) - I hadn't launched a connection to that site. I am alerted at regular intervals of this site being blocked. -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Unspecified Domain: IP Address: 198.134.112.243 Port: [0] Type: Outbound File: Loaded scanurl.net in Firefox - https crossed out, and the url input box did not display. Loaded scanurl.net in Chrome - https displayed - the url input boxes appeared momentarily, then disappeared, and were inaccessible. Checked the site in google transparency and phishtank - result : clean I noticed that the mouse was now functioning correctly!!! ------------ What to do? Is it possible that malware can be switched on and off? Does anybody recognise this strange mouse behaviour? Might the mouse be working correctly because 198.134.112.243 is now being blocked? Could this be simple suppression - general time-wasting aspect of a varied package of measures?
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.