Jump to content

Recommended Posts

MalwareBytes is blocking outgoing attempts. These happen just after midnight, three attempts a couple of seconds apart. I'm trying to figure out the source of the outgoing attempts (to Russian site 91.196.216.64). Scan doesn't seem to see anything unusual.

DDS.txt

Attach.txt

Microsoft Security Essentials, with latest update, found 5 Exploits. The details screen for each is attached. I allowed MSSE to quarantine these files:

post-104743-0-71743600-1325234873.jpg

post-104743-0-45538900-1325234881.jpg

post-104743-0-94278700-1325234887.jpg

post-104743-0-56168100-1325234895.jpg

post-104743-0-99124300-1325234902.jpg

Link to post
Share on other sites

Within the last couple of weeks, I have seen a recurrence of the threatware "Security Center 2012" and the only way I could get rid of it was to replace my entire C: partition. It had been recurring sporadically and I could not determine the circumstances until I decided to turn on Website Blocking via my copy of MalwareBytes.

Sure enough, within a couple of errors, MalwareBytes popped up a message that it had blocked an outgoing attempt to 91.196.216.64 ...something in the Russian Federation. As long as I left the blocking on, the "Security Center 2012" has not returned.

HOWEVER, I noticed that the blocking message comes up whenever I log into ANY of my WordPress installations' admin areas on JustHost. ALL (10) of my sites cause this. I can use either IE8 or FireFox and still get the message. Not only that, but I can log into them from my wife's computer (behind the same home router, of course) and STILL see the problem. I DO NOT see the problem if I log into the admin area of Wordpress installations I have on other hosts.

If I turn off blocking, NOTHING appears to happen, but soon after, the "Security Center 2012" is back.

The support people at JustHost have scanned my account and see nothing wrong. I have downloaded the installed code and scanned it with MalwareBytes plus 4 other antivirus/spyware software, but found nothing. The same for my local computer.

This sure looks like something on JustHost servers that's causing the problem. Any suggestion how to prove this one way or the other and get them off their behinds?

Link to post
Share on other sites

  • 1 month later...

Hello,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

If we do not hear back from you in 3 days, this thread will be closed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.