Jump to content

Possible web attack


Recommended Posts

ok i opened my many tabs today as usually 

only to get a message that 

75.126.200.179

has been blocked 

so i google the ip and malwaredomain list says its a domain for 

http://en.wikipedia.org/wiki/Blackhole_exploit_kit

good thing i had my HIPS on , though avast and malwarebytes seem to have blocked it 

im sure its triggered from an advert in one of my many pages

Edit: i have since closed the page and disabled javascript (when will chrome haave a legit non script blocker?)

also used TFC

any thing i should check?

Link to post
Share on other sites

  • Root Admin

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Link to post
Share on other sites

static.reverse.softlayer.com seems to be the culprit based on ipt lookup

i happened again, and the only sites that had ads (i use adblocker but sometimes you gotta refresh) on interfacefilt and leehayward blog 

 

# AdwCleaner v3.006 - Report created 04/10/2013 at 17:11:25

# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : PatricK - PATRICK-PC
# Running from : C:\Users\PatricK\Desktop\Marvin Gaye\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\PatricK\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\PatricK\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [857 octets] - [04/10/2013 17:11:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [916 octets] ##########
 
Edit: i dont have firefox 
 
This happened when i opened chrome with the websites i mentioned above today 
2013/10/04 16:34:30 -0500 PATRICK-PC PatricK IP-BLOCK 75.126.200.178 (Type: outgoing, Port: 61340, Process: avastsvc.exe)
2013/10/04 16:34:30 -0500 PATRICK-PC PatricK IP-BLOCK 75.126.200.178 (Type: outgoing, Port: 61341, Process: avastsvc.exe)
Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.05.06

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16686

PatricK :: PATRICK-PC [administrator]

 

Protection: Enabled

 

10/5/2013 3:37:38 PM

mbam-log-2013-10-05 (15-37-38).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 269728

Time elapsed: 12 minute(s), 56 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

emisoft emergency kit &

eset came back clean

i bet its the ads triggered by interfacelift and the other 2 site as since closing them no more triggers 
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.