zappe
-
Posts
57 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by zappe
-
-
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.22.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
zappe :: ZPP [administrator]
Protection: Enabled
2013-03-22 07:49:34
MBAM-log-2013-03-22 (08-29-07).txt
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 225499
Time elapsed: 1 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Program Files (x86)\GIGABYTE\Gamer HUD\GVDisplayLib.dll (Trojan.Passwords.LD) -> No action taken.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\GIGABYTE\GAMER HUD\GVDISPLAYLIB.DLL (Trojan.Passwords.LD) -> Data: 1 -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files (x86)\GIGABYTE\Gamer HUD\GVDisplayLib.dll (Trojan.Passwords.LD) -> No action taken.
(end)
-
Any news?
-
2012/06/07 21:07:13 +0200 ZPP zappe IP-BLOCK 91.201.60.30 (Type: outgoing, Port: 51139, Process: chrome.exe)
2012/06/07 21:07:21 +0200 ZPP zappe IP-BLOCK 91.201.60.30 (Type: outgoing, Port: 51152, Process: chrome.exe)
2012/06/07 21:07:21 +0200 ZPP zappe IP-BLOCK 91.201.60.30 (Type: outgoing, Port: 51153, Process: chrome.exe)
2012/06/07 21:07:21 +0200 ZPP zappe IP-BLOCK 91.201.60.30 (Type: outgoing, Port: 51154, Process: chrome.exe)
-
Any news?
-
2012/05/04 16:24:21 +0200 ZPP zappe IP-BLOCK 212.97.134.16 (Type: outgoing, Port: 64830, Process: chrome.exe)
-
Why is this blocked?
2012/05/02 07:43:06 +0200 ZPP zappe IP-BLOCK 195.234.4.62 (Type: outgoing, Port: 54690, Process: chrome.exe)
-
Anything on this?
-
2012/01/26 19:53:29 +0100 ZPP zappe IP-BLOCK 200.122.168.169 (Type: outgoing, Port: 57477, Process: chrome.exe)
www.trendycasino.com
-
2012/01/23 15:05:03 +0100 ZPP zappe IP-BLOCK 91.206.200.30 (Type: outgoing, Port: 61942, Process: chrome.exe)
2012/01/23 15:05:19 +0100 ZPP zappe IP-BLOCK 91.206.200.30 (Type: outgoing, Port: 61946, Process: chrome.exe)
2012/01/23 15:05:19 +0100 ZPP zappe IP-BLOCK 91.206.200.30 (Type: outgoing, Port: 61947, Process: chrome.exe)
www.hamalia.ua
-
I'm only blocking those used by the bots, to limit affects on the legit users they've got.
So if bots are gone they will be removed?
-
This isn't an F/P.
Their servers are being used by IRC bots et al, and as far as they're concerned - it's not their problem - which makes it my problem.
Why isn't all blocked then?
-
A few of the ips of irc.undernet.org is blocked.
Name: irc.undernet.org
Addresses: 66.252.29.2
70.33.251.254
94.125.182.255
95.141.29.22
130.237.188.216
194.109.20.90
208.83.20.130
64.18.128.86
66.198.80.67
19:17:01 zappe IP-BLOCK 94.125.182.255 (Type: outgoing, Port: 52699, Process: mirc.exe)
19:03:40 zappe IP-BLOCK 66.252.29.2 (Type: outgoing, Port: 51077, Process: mirc.exe)
19:03:08 zappe IP-BLOCK 208.83.20.130 (Type: outgoing, Port: 50984, Process: mirc.exe)
19:02:36 zappe IP-BLOCK 130.237.188.216 (Type: outgoing, Port: 50936, Process: mirc.exe)
19:02:12 zappe IP-BLOCK 194.109.20.90 (Type: outgoing, Port: 50878, Process: mirc.exe)
19:01:40 zappe IP-BLOCK 64.18.128.86 (Type: outgoing, Port: 50827, Process: mirc.exe)
Can this be solved?
-
Isn't this a false positive?
I got it will playng on Expekt.com Casino.
File is attached.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8351
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
2011-12-11 19:15:43
mbam-log-2011-12-11 (19-15-38).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 810862
Time elapsed: 1 hour(s), 52 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\expekt (PUP.Casino.Gen) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\microgaming\Casino\Expekt\install.exe (PUP.Casino.Gen) -> No action taken.
-
I'm looking into this, thank you.
Any news?
-
-
22:42:42 zappe IP-BLOCK 78.129.142.67 (Type: outgoing, Port: 55001, Process: chrome.exe)
22:42:42 zappe IP-BLOCK 78.129.142.67 (Type: outgoing, Port: 55002, Process: chrome.exe)
22:42:42 zappe IP-BLOCK 78.129.142.67 (Type: outgoing, Port: 55005, Process: chrome.exe)
daemon-tools.cc
20:06:18 zappe IP-BLOCK 77.247.179.66 (Type: outgoing, Port: 52900, Process: chrome.exe)
20:06:18 zappe IP-BLOCK 77.247.179.66 (Type: outgoing, Port: 52901, Process: chrome.exe)
20:06:18 zappe IP-BLOCK 77.247.179.83 (Type: outgoing, Port: 52902, Process: chrome.exe)
20:06:18 zappe IP-BLOCK 77.247.179.83 (Type: outgoing, Port: 52903, Process: chrome.exe)
20:06:18 zappe IP-BLOCK 77.247.179.66 (Type: outgoing, Port: 52904, Process: chrome.exe)
20:06:18 zappe IP-BLOCK 77.247.179.66 (Type: outgoing, Port: 52905, Process: chrome.exe)
20:06:18 zappe IP-BLOCK 77.247.179.83 (Type: outgoing, Port: 52906, Process: chrome.exe)
20:06:18 zappe IP-BLOCK 77.247.179.83 (Type: outgoing, Port: 52907, Process: chrome.exe)
20:06:18 zappe IP-BLOCK 77.247.179.66 (Type: outgoing, Port: 52908, Process: chrome.exe)
20:06:18 zappe IP-BLOCK 77.247.179.83 (Type: outgoing, Port: 52909, Process: chrome.exe)
wiziwig.tv
-
And the file.
-
When updating uTorrent I got this detection..
07:27:04 zappe DETECTION C:\Users\zappe\AppData\Local\Temp\utt949.tmp.exe Trojan.Pakes ALLOW
Attaching the file
-
Absolute rubbish, it's their network, and their responsibility. The issues have been reported to them not only by myself, several times (and in the case of Portlane, reports have been sent hundreds of times over the years, with no action and no response, hence my applying the "Criminal friendly" tag to them), with no action and no response.
You're free to add it to the ignore list, yes. You can't add an ignore for a range block however, you'll need to do each IP individually.
Until they start responding to abuse reports, the malware is removed, and the criminal activity ceases, the block won't be removed.
I see your point, I just said that since they don't keeps logs they can't suspend users. They prefer anonymity like TOR or I2P.
As long as they are not obligated by law to keep logs I don't think they will start responding.
I guess I have to add it to ignore list.
-
Not a chance. Both PrivatVPN and Portlane (their upstream) are completely unresponsive to abuse reports, and are housing known criminals.
Well, since they don't log they can't do anything.
Anyway, can I add a ip addess or range manually to ignore list?
-
80.67.13.* is a ip-range belonging to VPN provider www.privatvpn.se.
This is the ip you get when using their service.
Can you please white list them?
-
19:20:29 zappe IP-BLOCK 95.143.206.13 (Type: outgoing, Port: 57476, Process: avp.exe)
Name: www.slitz.se
Address: 95.143.206.13
-
I'll get an exception made for this IP (unfortunately, the range has been a continuous source of malicious content, across various IPs since at least 2009, which is why it is blocked)
Thanks, interesting that a security company uses range like that.
-
Any news?
GVDISPLAYLIB.DLL
in File Detections
Posted
Seems fine, thanks