Jump to content

xSkylight

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Everything posted by xSkylight

  1. xSkylight
    Okay...
  2. xSkylight
    I woke up this afternoon to find that my little brother took advantage of an overnight game download I had going on and decided to do things of his own on my computer. I know my infection is not from the game, 'cause I've downloaded that very game multiple times before, A.V.A from ijji's Web site is SAFE. So that's not it... whatever my little brother did has killed my system. I have WAY too much on this PC to wipe it clean. I'm a paying user [i have e-mail with receipt if you need], and I update the databases at least once or twice a day. At the time of this post, I am working with database version 4470. When I boot my PC, I see a quick flash of a command prompt type thing that I've never seen before when booting, followed by another one... which I am betting money are the malware. They execute BEFORE Malwarebytes' can boot, and even with a full scan and removal [7 times], they keep popping up. I keep getting these hits on the full scans: 09:01:12 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M ALLOW 09:08:16 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\msconfig.exe Trojan.PWS QUARANTINE 12:08:33 IssenGoesW7 DETECTION C:\Users\ISSENGOESW7\AppData\Roaming\WINBOOTERR\svchost.exe Backdoor.SpyNet.M QUARANTINE Removing them does NOTHING, as they just seem to replicate. ***NOTE THE "ALLOW" on the first one*** Now, I have 9 files in quarantine, instead of 3. 2 identical registery keys: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Current Version\Run\hkcu (Data: C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe) 2 identical folders: C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr 5 files, 4 of which are identical: C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe (four of these) C:\Users\ISSENGOESW7\AppData\Roaming\WINBOOTERR\svchost.exe Only difference I see is the capitals, but whatever. Also, here is the protection log for yesterday: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 00:36:15 IssenGoesW7 MESSAGE Protection started successfully 00:36:19 IssenGoesW7 MESSAGE IP Protection started successfully 04:51:59 IssenGoesW7 MESSAGE Protection started successfully 04:52:03 IssenGoesW7 MESSAGE IP Protection started successfully 05:18:20 IssenGoesW7 IP-BLOCK 93.190.140.147 05:23:32 IssenGoesW7 IP-BLOCK 64.120.141.98 05:24:06 IssenGoesW7 MESSAGE IP Protection stopped 05:24:58 IssenGoesW7 MESSAGE Database updated successfully 15:52:21 IssenGoesW7 MESSAGE Protection started successfully 15:52:24 IssenGoesW7 MESSAGE IP Protection started successfully 16:04:36 IssenGoesW7 IP-BLOCK 94.96.111.39 16:07:40 IssenGoesW7 IP-BLOCK 121.11.255.13 16:07:56 IssenGoesW7 IP-BLOCK 94.96.93.14 16:08:36 IssenGoesW7 IP-BLOCK 89.28.81.135 16:17:26 IssenGoesW7 IP-BLOCK 121.10.120.182 16:22:22 IssenGoesW7 IP-BLOCK 89.28.52.42 16:22:22 IssenGoesW7 IP-BLOCK 60.172.213.238 16:43:07 IssenGoesW7 IP-BLOCK 188.65.50.87 16:53:25 IssenGoesW7 IP-BLOCK 89.28.69.116 16:54:05 IssenGoesW7 IP-BLOCK 121.13.72.70 16:54:21 IssenGoesW7 IP-BLOCK 188.130.177.3 18:53:23 IssenGoesW7 MESSAGE Protection started successfully 18:53:26 IssenGoesW7 MESSAGE IP Protection started successfully 18:54:54 IssenGoesW7 IP-BLOCK 94.96.25.192 18:56:22 IssenGoesW7 IP-BLOCK 89.28.6.89 19:08:33 IssenGoesW7 IP-BLOCK 94.96.129.200 19:08:57 IssenGoesW7 IP-BLOCK 58.241.100.225 21:45:47 IssenGoesW7 MESSAGE Protection started successfully 21:45:51 IssenGoesW7 MESSAGE IP Protection started successfully 21:51:36 IssenGoesW7 IP-BLOCK 209.62.9.34 21:51:36 IssenGoesW7 IP-BLOCK 209.62.9.34 21:51:36 IssenGoesW7 IP-BLOCK 209.62.9.34 21:52:00 IssenGoesW7 IP-BLOCK 209.62.9.34 21:52:00 IssenGoesW7 IP-BLOCK 209.62.9.34 21:52:41 IssenGoesW7 IP-BLOCK 213.174.136.83 21:52:49 IssenGoesW7 IP-BLOCK 213.174.136.83 21:52:49 IssenGoesW7 IP-BLOCK 213.174.136.83 23:08:47 IssenGoesW7 IP-BLOCK 58.240.246.13 23:22:41 IssenGoesW7 IP-BLOCK 58.240.246.1 23:22:57 IssenGoesW7 IP-BLOCK 58.240.246.1 23:26:11 IssenGoesW7 IP-BLOCK 89.28.8.132 23:26:19 IssenGoesW7 IP-BLOCK 122.224.5.157 23:38:32 IssenGoesW7 IP-BLOCK 95.211.10.3 23:39:44 IssenGoesW7 IP-BLOCK 222.70.147.26 23:40:17 IssenGoesW7 IP-BLOCK 58.240.246.5 23:40:41 IssenGoesW7 IP-BLOCK 83.128.101.204 23:40:41 IssenGoesW7 IP-BLOCK 94.96.158.238 23:45:29 IssenGoesW7 IP-BLOCK 58.240.246.1 23:45:37 IssenGoesW7 IP-BLOCK 58.240.246.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Here's the protection log for today: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 00:09:59 IssenGoesW7 MESSAGE Protection started successfully 00:10:02 IssenGoesW7 MESSAGE IP Protection started successfully 00:10:10 IssenGoesW7 IP-BLOCK 218.8.40.177 03:09:03 IssenGoesW7 MESSAGE Protection started successfully 03:09:07 IssenGoesW7 MESSAGE IP Protection started successfully 03:10:17 IssenGoesW7 MESSAGE IP Protection stopped 03:10:19 IssenGoesW7 MESSAGE Database updated successfully 03:10:20 IssenGoesW7 MESSAGE IP Protection started successfully 06:51:21 IssenGoesW7 IP-BLOCK 66.235.126.51 06:51:21 IssenGoesW7 IP-BLOCK 66.235.126.51 06:51:21 IssenGoesW7 IP-BLOCK 66.235.126.51 06:51:21 IssenGoesW7 IP-BLOCK 66.235.126.51 07:30:47 IssenGoesW7 IP-BLOCK 62.213.100.140 07:51:45 IssenGoesW7 IP-BLOCK 95.211.10.225 07:51:53 IssenGoesW7 IP-BLOCK 95.211.10.225 07:52:09 IssenGoesW7 IP-BLOCK 66.150.14.67 08:13:35 IssenGoesW7 IP-BLOCK 66.7.179.198 08:41:13 IssenGoesW7 MESSAGE Protection started successfully 08:41:17 IssenGoesW7 MESSAGE IP Protection started successfully 09:01:11 IssenGoesW7 IP-BLOCK 89.28.74.174 09:01:12 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M ALLOW 09:01:20 IssenGoesW7 IP-BLOCK 62.45.251.25 09:02:49 IssenGoesW7 IP-BLOCK 77.78.240.154 09:02:49 IssenGoesW7 IP-BLOCK 77.78.240.154 09:02:49 IssenGoesW7 IP-BLOCK 77.78.240.154 09:02:49 IssenGoesW7 IP-BLOCK 77.78.240.154 09:02:49 IssenGoesW7 IP-BLOCK 208.111.34.38 09:08:16 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\msconfig.exe Trojan.PWS QUARANTINE 09:08:16 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\msconfig.exe Trojan.PWS DENY 09:10:48 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Local\Temp\Rar$EX13.123\Hide My Ip.EXE Trojan.VBInject QUARANTINE 09:12:47 IssenGoesW7 IP-BLOCK 94.96.100.159 09:45:52 IssenGoesW7 IP-BLOCK 89.28.62.85 09:47:04 IssenGoesW7 IP-BLOCK 62.45.120.204 10:14:27 IssenGoesW7 IP-BLOCK 222.65.134.62 10:14:35 IssenGoesW7 IP-BLOCK 121.11.50.104 10:55:07 IssenGoesW7 IP-BLOCK 64.111.217.35 11:15:04 IssenGoesW7 ERROR IsValidLicenseKey failed with error code 13 11:15:04 IssenGoesW7 MESSAGE Protection stopped 11:20:40 IssenGoesW7 MESSAGE Protection started successfully 11:20:44 IssenGoesW7 MESSAGE IP Protection started successfully 11:26:21 IssenGoesW7 MESSAGE Protection started successfully 11:26:24 IssenGoesW7 MESSAGE IP Protection started successfully 11:33:45 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M QUARANTINE 11:41:01 IssenGoesW7 IP-BLOCK 208.91.207.10 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:44:23 IssenGoesW7 IP-BLOCK 209.62.9.34 11:44:23 IssenGoesW7 IP-BLOCK 209.62.9.34 11:44:31 IssenGoesW7 IP-BLOCK 209.62.9.34 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.228 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.228 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.226 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.226 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.227 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.229 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.227 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.225 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.225 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.233 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.228 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.230 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.226 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.234 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.227 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.225 11:52:35 IssenGoesW7 IP-BLOCK 88.208.33.94 11:52:35 IssenGoesW7 IP-BLOCK 88.208.33.94 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.226 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.225 12:03:16 IssenGoesW7 MESSAGE Protection started successfully 12:03:19 IssenGoesW7 MESSAGE IP Protection started successfully 12:08:33 IssenGoesW7 DETECTION C:\Users\ISSENGOESW7\AppData\Roaming\WINBOOTERR\svchost.exe Backdoor.SpyNet.M QUARANTINE 12:08:40 IssenGoesW7 DETECTION C:\Users\ISSENGOESW7\AppData\Roaming\WINBOOTERR\svchost.exe Backdoor.SpyNet.M DENY 12:32:04 IssenGoesW7 MESSAGE Protection started successfully 12:32:07 IssenGoesW7 MESSAGE IP Protection started successfully 12:40:06 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M QUARANTINE 12:40:11 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:17 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:22 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:27 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:32 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:37 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:42 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:47 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:52 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:57 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:41:02 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:41:08 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:41:13 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:44:14 IssenGoesW7 MESSAGE Protection started successfully 12:44:18 IssenGoesW7 MESSAGE IP Protection started successfully 12:45:03 IssenGoesW7 MESSAGE IP Protection stopped 12:45:06 IssenGoesW7 MESSAGE Database updated successfully 12:45:07 IssenGoesW7 MESSAGE IP Protection started successfully 13:00:25 IssenGoesW7 MESSAGE IP Protection stopped 13:00:25 IssenGoesW7 MESSAGE IP Protection started successfully ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you notice at 11:15:04, my module protection was magically disabled and I scrambled frantically to my e-mail and re-entered the key, and it was fine from there... but how can it DISABLE Malwarebytes?! Another thing that scares me is that they seem to be either attached to or trying to mimic svchost.exe and msconfig... I don't know much about this stuff, but that CAN'T be good. Please help me... [sorry for previously posting this in the wrong section... I think?]
  3. xSkylight
    I woke up this afternoon to find that my little brother took advantage of an overnight game download I had going on and decided to do things of his own on my computer. I know my infection is not from the game, 'cause I've downloaded that very game multiple times before, A.V.A from ijji's Web site is SAFE. So that's not it... whatever my little brother did has killed my system. I have WAY too much on this PC to wipe it clean. I'm a paying user [i have e-mail with receipt if you need], and I update the databases at least once or twice a day. At the time of this post, I am working with database version 4470. When I boot my PC, I see a quick flash of a command prompt type thing that I've never seen before when booting, followed by another one... which I am betting money are the malware. They execute BEFORE Malwarebytes' can boot, and even with a full scan and removal [7 times], they keep popping up. I keep getting these hits on the full scans: 09:01:12 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M ALLOW 09:08:16 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\msconfig.exe Trojan.PWS QUARANTINE 12:08:33 IssenGoesW7 DETECTION C:\Users\ISSENGOESW7\AppData\Roaming\WINBOOTERR\svchost.exe Backdoor.SpyNet.M QUARANTINE Removing them does NOTHING, as they just seem to replicate. ***NOTE THE "ALLOW" on the first one*** Now, I have 9 files in quarantine, instead of 3. 2 identical registery keys: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Current Version\Run\hkcu (Data: C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe) 2 identical folders: C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr 5 files, 4 of which are identical: C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe (four of these) C:\Users\ISSENGOESW7\AppData\Roaming\WINBOOTERR\svchost.exe Only difference I see is the capitals, but whatever. Also, here is the protection log for yesterday: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 00:36:15 IssenGoesW7 MESSAGE Protection started successfully 00:36:19 IssenGoesW7 MESSAGE IP Protection started successfully 04:51:59 IssenGoesW7 MESSAGE Protection started successfully 04:52:03 IssenGoesW7 MESSAGE IP Protection started successfully 05:18:20 IssenGoesW7 IP-BLOCK 93.190.140.147 05:23:32 IssenGoesW7 IP-BLOCK 64.120.141.98 05:24:06 IssenGoesW7 MESSAGE IP Protection stopped 05:24:58 IssenGoesW7 MESSAGE Database updated successfully 15:52:21 IssenGoesW7 MESSAGE Protection started successfully 15:52:24 IssenGoesW7 MESSAGE IP Protection started successfully 16:04:36 IssenGoesW7 IP-BLOCK 94.96.111.39 16:07:40 IssenGoesW7 IP-BLOCK 121.11.255.13 16:07:56 IssenGoesW7 IP-BLOCK 94.96.93.14 16:08:36 IssenGoesW7 IP-BLOCK 89.28.81.135 16:17:26 IssenGoesW7 IP-BLOCK 121.10.120.182 16:22:22 IssenGoesW7 IP-BLOCK 89.28.52.42 16:22:22 IssenGoesW7 IP-BLOCK 60.172.213.238 16:43:07 IssenGoesW7 IP-BLOCK 188.65.50.87 16:53:25 IssenGoesW7 IP-BLOCK 89.28.69.116 16:54:05 IssenGoesW7 IP-BLOCK 121.13.72.70 16:54:21 IssenGoesW7 IP-BLOCK 188.130.177.3 18:53:23 IssenGoesW7 MESSAGE Protection started successfully 18:53:26 IssenGoesW7 MESSAGE IP Protection started successfully 18:54:54 IssenGoesW7 IP-BLOCK 94.96.25.192 18:56:22 IssenGoesW7 IP-BLOCK 89.28.6.89 19:08:33 IssenGoesW7 IP-BLOCK 94.96.129.200 19:08:57 IssenGoesW7 IP-BLOCK 58.241.100.225 21:45:47 IssenGoesW7 MESSAGE Protection started successfully 21:45:51 IssenGoesW7 MESSAGE IP Protection started successfully 21:51:36 IssenGoesW7 IP-BLOCK 209.62.9.34 21:51:36 IssenGoesW7 IP-BLOCK 209.62.9.34 21:51:36 IssenGoesW7 IP-BLOCK 209.62.9.34 21:52:00 IssenGoesW7 IP-BLOCK 209.62.9.34 21:52:00 IssenGoesW7 IP-BLOCK 209.62.9.34 21:52:41 IssenGoesW7 IP-BLOCK 213.174.136.83 21:52:49 IssenGoesW7 IP-BLOCK 213.174.136.83 21:52:49 IssenGoesW7 IP-BLOCK 213.174.136.83 23:08:47 IssenGoesW7 IP-BLOCK 58.240.246.13 23:22:41 IssenGoesW7 IP-BLOCK 58.240.246.1 23:22:57 IssenGoesW7 IP-BLOCK 58.240.246.1 23:26:11 IssenGoesW7 IP-BLOCK 89.28.8.132 23:26:19 IssenGoesW7 IP-BLOCK 122.224.5.157 23:38:32 IssenGoesW7 IP-BLOCK 95.211.10.3 23:39:44 IssenGoesW7 IP-BLOCK 222.70.147.26 23:40:17 IssenGoesW7 IP-BLOCK 58.240.246.5 23:40:41 IssenGoesW7 IP-BLOCK 83.128.101.204 23:40:41 IssenGoesW7 IP-BLOCK 94.96.158.238 23:45:29 IssenGoesW7 IP-BLOCK 58.240.246.1 23:45:37 IssenGoesW7 IP-BLOCK 58.240.246.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Here's the protection log for today: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 00:09:59 IssenGoesW7 MESSAGE Protection started successfully 00:10:02 IssenGoesW7 MESSAGE IP Protection started successfully 00:10:10 IssenGoesW7 IP-BLOCK 218.8.40.177 03:09:03 IssenGoesW7 MESSAGE Protection started successfully 03:09:07 IssenGoesW7 MESSAGE IP Protection started successfully 03:10:17 IssenGoesW7 MESSAGE IP Protection stopped 03:10:19 IssenGoesW7 MESSAGE Database updated successfully 03:10:20 IssenGoesW7 MESSAGE IP Protection started successfully 06:51:21 IssenGoesW7 IP-BLOCK 66.235.126.51 06:51:21 IssenGoesW7 IP-BLOCK 66.235.126.51 06:51:21 IssenGoesW7 IP-BLOCK 66.235.126.51 06:51:21 IssenGoesW7 IP-BLOCK 66.235.126.51 07:30:47 IssenGoesW7 IP-BLOCK 62.213.100.140 07:51:45 IssenGoesW7 IP-BLOCK 95.211.10.225 07:51:53 IssenGoesW7 IP-BLOCK 95.211.10.225 07:52:09 IssenGoesW7 IP-BLOCK 66.150.14.67 08:13:35 IssenGoesW7 IP-BLOCK 66.7.179.198 08:41:13 IssenGoesW7 MESSAGE Protection started successfully 08:41:17 IssenGoesW7 MESSAGE IP Protection started successfully 09:01:11 IssenGoesW7 IP-BLOCK 89.28.74.174 09:01:12 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M ALLOW 09:01:20 IssenGoesW7 IP-BLOCK 62.45.251.25 09:02:49 IssenGoesW7 IP-BLOCK 77.78.240.154 09:02:49 IssenGoesW7 IP-BLOCK 77.78.240.154 09:02:49 IssenGoesW7 IP-BLOCK 77.78.240.154 09:02:49 IssenGoesW7 IP-BLOCK 77.78.240.154 09:02:49 IssenGoesW7 IP-BLOCK 208.111.34.38 09:08:16 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\msconfig.exe Trojan.PWS QUARANTINE 09:08:16 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\msconfig.exe Trojan.PWS DENY 09:10:48 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Local\Temp\Rar$EX13.123\Hide My Ip.EXE Trojan.VBInject QUARANTINE 09:12:47 IssenGoesW7 IP-BLOCK 94.96.100.159 09:45:52 IssenGoesW7 IP-BLOCK 89.28.62.85 09:47:04 IssenGoesW7 IP-BLOCK 62.45.120.204 10:14:27 IssenGoesW7 IP-BLOCK 222.65.134.62 10:14:35 IssenGoesW7 IP-BLOCK 121.11.50.104 10:55:07 IssenGoesW7 IP-BLOCK 64.111.217.35 11:15:04 IssenGoesW7 ERROR IsValidLicenseKey failed with error code 13 11:15:04 IssenGoesW7 MESSAGE Protection stopped 11:20:40 IssenGoesW7 MESSAGE Protection started successfully 11:20:44 IssenGoesW7 MESSAGE IP Protection started successfully 11:26:21 IssenGoesW7 MESSAGE Protection started successfully 11:26:24 IssenGoesW7 MESSAGE IP Protection started successfully 11:33:45 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M QUARANTINE 11:41:01 IssenGoesW7 IP-BLOCK 208.91.207.10 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:41:01 IssenGoesW7 IP-BLOCK 213.174.142.175 11:44:23 IssenGoesW7 IP-BLOCK 209.62.9.34 11:44:23 IssenGoesW7 IP-BLOCK 209.62.9.34 11:44:31 IssenGoesW7 IP-BLOCK 209.62.9.34 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.231 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.228 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.228 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.226 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.226 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.232 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.227 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.229 11:52:34 IssenGoesW7 IP-BLOCK 213.174.149.227 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.225 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.225 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.233 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.228 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.230 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.226 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.234 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.227 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.225 11:52:35 IssenGoesW7 IP-BLOCK 88.208.33.94 11:52:35 IssenGoesW7 IP-BLOCK 88.208.33.94 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.226 11:52:35 IssenGoesW7 IP-BLOCK 213.174.149.225 12:03:16 IssenGoesW7 MESSAGE Protection started successfully 12:03:19 IssenGoesW7 MESSAGE IP Protection started successfully 12:08:33 IssenGoesW7 DETECTION C:\Users\ISSENGOESW7\AppData\Roaming\WINBOOTERR\svchost.exe Backdoor.SpyNet.M QUARANTINE 12:08:40 IssenGoesW7 DETECTION C:\Users\ISSENGOESW7\AppData\Roaming\WINBOOTERR\svchost.exe Backdoor.SpyNet.M DENY 12:32:04 IssenGoesW7 MESSAGE Protection started successfully 12:32:07 IssenGoesW7 MESSAGE IP Protection started successfully 12:40:06 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M QUARANTINE 12:40:11 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:17 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:22 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:27 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:32 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:37 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:42 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:47 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:52 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:40:57 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:41:02 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:41:08 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:41:13 IssenGoesW7 DETECTION C:\Users\IssenGoesW7\AppData\Roaming\Winbooterr\svchost.exe Backdoor.SpyNet.M DENY 12:44:14 IssenGoesW7 MESSAGE Protection started successfully 12:44:18 IssenGoesW7 MESSAGE IP Protection started successfully 12:45:03 IssenGoesW7 MESSAGE IP Protection stopped 12:45:06 IssenGoesW7 MESSAGE Database updated successfully 12:45:07 IssenGoesW7 MESSAGE IP Protection started successfully 13:00:25 IssenGoesW7 MESSAGE IP Protection stopped 13:00:25 IssenGoesW7 MESSAGE IP Protection started successfully ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you notice at 11:15:04, my module protection was magically disabled and I scrambled frantically to my e-mail and re-entered the key, and it was fine from there... but how can it DISABLE Malwarebytes?! Another thing that scares me is that they seem to be either attached to or trying to mimic svchost.exe and msconfig... I don't know much about this stuff, but that CAN'T be good. Please help me...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.