Jump to content

Recommended Posts

First time user of this forum

Beginning yesterday I am getting a stream of IP Addresses blocked. TCPView tells me they are all PINGS to various Internet Network and Communications companies around the world. It's happening if I am on IE or not. The only other PINGS I see ongoing are related to my Broadband ISP, Comcast. I'm wondering if these are being blocked due to their locations: Russia, Germany, Hong Kong etc. and relate to my ISP. If you think it's a valid problem, please let me know.

I did have a valid Trojan Horse on 12/10, and today I'm experiencing the Trojan.Dropper.BCM false positive.

Attached are files DSS.txt, Attach.zip, Protection logs for 12/12 and 12/10.

dds.txt

attach.zip

protection-log-2011-12-10.txt

protection-log-2011-12-12.txt

Link to post
Share on other sites

  • Staff

I dont think that these are f/p's

09:53:40 Susan Edson DETECTION C:\DOCUMENTS AND SETTINGS\SUSAN EDSON\LOCAL SETTINGS\APPLICATION DATA\OLV.EXE Trojan.ExeShell.Gen DENY

09:53:41 Susan Edson DETECTION C:\DOCUMENTS AND SETTINGS\SUSAN EDSON\LOCAL SETTINGS\APPLICATION DATA\DJT.EXE Trojan.ExeShell.Gen DENY

Plus a few of those ips go back to servers for fake antiviruses. I would recommend getting checked out the malware removal forum.

example:

http://www.robtex.com/ip/63.223.106.17.html

I would also run a quick scan with mbam.

Link to post
Share on other sites

Thanks for replying. Have ran numerous MBAM scans. It was MBAM PRO that found and removed the Trojan you commented on. That was on 12/10 and IP Address blocking started today 12/12.

The IP address you mentioned 63.223.106.17 looks to me like it belongs to Sentris Networks, a satellite provider. What fake antivirus is the IP associated with?

Any other ideas?

Link to post
Share on other sites

  • Staff

If you look at the link i provided. notice all the random domains? Who owns is not necessarily important but what the ip contains.

for example:

3khtdg6fwjtvwq.com

Is a random non legit domain.

This is a pretty good sign something fakeav is still on your computer and communicating there.

Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here.

One of the expert helpers there will give you one on one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

If you prefer to be assisted via email you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

Link to post
Share on other sites

Thank you for another reply. Yes, I had already followed the steps in the DIRECTIONS HERE link and posted the logs with my first entry.

I'm thinking now that you are exactly right. Been getting hit with malware ever since, which was caught and removed by Malwarebytes Pro.

I already took your advise yesterday and posted on the malware removal forum.

Thanks again. I'll wait for a reply over there.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.