Skype intrusion attemps. Plesk?

[Slift]

Alright here we go again, I've made threads on Norton forums and Skype forums. Skype wont talk to me at all but norton forums told me that its most likely an ad on skype doing this to me. It all started 7/13/13 when I updated skype to 6.6 but i uninstalled skype and reinstalled 6.5 and it's still happening. Skype is the only thing i installed on this day and the attack originates from programfiles(x86)/skype/phone/skype.exe. I posted on bleepingcomputers aswell and was told to download and do an ESET Online Scan, I don't have a problem with following any instructions from someone trusted but something just makes me nervous about following instructions and sending my log to someone who registered a day ago and has no posts. Is it safe to share the log in provides at the end?

At first I was getting a popup in a windows error box saying ActiveX had been disabled and therefore some features could not be displayed and I hit okay and it brought up a survery site: ar.voicefive.com which i closed as soon as I noticed it. Then everytime it popped up I would hit the X instead of hitting okay since there was no cancel option and it never opened my firefox again but Norton would still pop up informing me there was an intrusion attempt from cdn.adnxs.com. Paniced I went to adblockplus and put in a custom filter for adnxs.com and I dont know if that stopped it or it just switched but after that it changed to Web Attack: Plesk Command Injection. Norton pops up warning me of attacks about 3 times a day now. Attacking computer 173.192.9.2, 44399. Ill include a screenshot of the message norton gives me. I'm going to block out my IP.

Please tell me how I can fix this, I'm going to be moving in a week and switching ISPs which means I'll lose my free Norton and I'll be temporarily unprotected and don't want to have this infection while that is going on.

I've ran scans with both Norton Security Suite and Malwarebytes, Norton coming up with tracking cookies it removes and MB detecting nothing.

update: Last night my internet dropped about every hour for 2-3 minutes each time. Could this be related to the infections?

Still having this problem, can anyone help?

[AdvancedSetup]

Sorry for the delay. Do you still need help with this?

[Slift]

yes please, i have turned off my skype to stop it from popping up nonstop but i would like to use skype again to talk to friends.

[AdvancedSetup]

Okay then let's have you run the following scans to see what's going on.

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

• If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
• Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
• If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.
  

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
  

STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

• RogueKiller 32-bit | RogueKiller 64-bit
• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.
  

STEP 03
Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus
  

STEP 05
Please download AdwCleaner by Xplode to your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• If prompted by the User Account Control click Yes to allow it to run.
• Under Actions click on the Delete button.
• Click OK on all prompts.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the entire contents of that logfile to your next reply.
• You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
  

STEP 06


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
    

  [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
  

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
  

 

[AdvancedSetup]

Are you still with us?

[Slift]

Are you still with us?

sorry i was in the process of moving for a few days just got internet back on today. i havent had any problems with skype or intrusion since the move, maybe it wasnt on my computer but instead they had my ip and they were sending these things to it and now that i have a new one its fine? should i still do all these steps or should i wait and see if theres any new intrusion attempts first?

[AdvancedSetup]

No, if you're not having any issue and nothing like before then you should be okay.

 

Make sure your antivirus is up to date and scan with it to make sure it finds nothing and let me know.

[Slift]

No, if you're not having any issue and nothing like before then you should be okay.

 

Make sure your antivirus is up to date and scan with it to make sure it finds nothing and let me know.

updated and did full scan which only resulted in 14 tracking cookies being removed. still no intrusion attempts so i think were good. thanks for your help AdvancedSetup. ill return if it were to restart.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!