Jump to content

blocked access to a potentially malicious website


Recommended Posts

Getting the message:

 

Successfully blocked access to a potentially malicious website: 162.210.192.26

OR

Successfully blocked access to a potentially malicious website: 162.210.192.22

 

 

This is the most recent log:

 

2014/03/05 16:43:02 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 51378, Process: chrome.exe)
2014/03/05 16:43:02 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 51379, Process: chrome.exe)
2014/03/05 17:19:58 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 51562, Process: chrome.exe)
2014/03/05 17:19:58 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 51563, Process: chrome.exe)
2014/03/05 17:20:06 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 51615, Process: chrome.exe)
2014/03/05 17:20:06 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 51616, Process: chrome.exe)
2014/03/05 17:20:14 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 51701, Process: chrome.exe)
2014/03/05 17:20:14 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 51702, Process: chrome.exe)
2014/03/05 18:12:31 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 51931, Process: chrome.exe)
2014/03/05 18:12:32 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 51932, Process: chrome.exe)
2014/03/05 20:02:34 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 52429, Process: chrome.exe)
2014/03/05 20:02:34 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 52430, Process: chrome.exe)
2014/03/05 20:05:22 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 52682, Process: chrome.exe)
2014/03/05 20:05:22 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 52683, Process: chrome.exe)
2014/03/05 20:05:38 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 52929, Process: chrome.exe)
2014/03/05 20:05:38 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 52930, Process: chrome.exe)
2014/03/05 20:06:02 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 52986, Process: chrome.exe)
2014/03/05 20:06:02 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 52987, Process: chrome.exe)
2014/03/05 20:07:30 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 53018, Process: chrome.exe)
2014/03/05 20:07:30 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 53019, Process: chrome.exe)
2014/03/05 20:07:30 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 53022, Process: chrome.exe)
2014/03/05 20:07:30 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 53023, Process: chrome.exe)
2014/03/05 20:07:30 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 53037, Process: chrome.exe)
2014/03/05 20:07:30 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 53038, Process: chrome.exe)
2014/03/05 20:22:10 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 53237, Process: chrome.exe)
2014/03/05 20:22:10 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 53238, Process: chrome.exe)
2014/03/05 20:22:10 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 53239, Process: chrome.exe)
2014/03/05 20:22:10 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 53240, Process: chrome.exe)
2014/03/05 20:22:10 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 53241, Process: chrome.exe)
2014/03/05 20:22:10 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 53242, Process: chrome.exe)
2014/03/05 20:22:10 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.26 (Type: outgoing, Port: 53276, Process: chrome.exe)
2014/03/05 20:22:10 -0700 AKATSUKI _akatsuki_ IP-BLOCK 162.210.192.22 (Type: outgoing, Port: 53277, Process: chrome.exe)
 
 
I've read over a few different posts with similar problems and I noticed they downloaded the RougeKiller and performed a scan so I decided to try and get a head start.  Here is what was in the text file:
 
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][sUSP PATH] Digital Sites.job : C:\Users\_AKATS~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V1][sUSP PATH] MySearchDial.job : C:\Users\_AKATS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][sUSP PATH] Digital Sites : C:\Users\_AKATS~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][sUSP PATH] MySearchDial : C:\Users\_AKATS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Samsung SSD 840 EVO 120GB +++++
--- User ---
[MBR] 7fd9806f679cf9ea90ff2d1f68ba9182
[bSP] e19dc43b6389e1b337b454120cf8831d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD10EZEX-00KUWA0 +++++
--- User ---
[MBR] 9b705669c4584b5bb9c9c6a36f1bf772
[bSP] ef6e223abc040cc02c25f7afa842510c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_03052014_201934.txt >>
 
 
 

 

Link to post
Share on other sites

clicked delete after RK scan and the clicked report and this is the text file:

 

[V2][sUSP PATH] Digital Sites : C:\Users\_AKATS~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
[V2][sUSP PATH] MySearchDial : C:\Users\_AKATS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Samsung SSD 840 EVO 120GB +++++
--- User ---
[MBR] 7fd9806f679cf9ea90ff2d1f68ba9182
[bSP] e19dc43b6389e1b337b454120cf8831d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD10EZEX-00KUWA0 +++++
--- User ---
[MBR] 9b705669c4584b5bb9c9c6a36f1bf772
[bSP] ef6e223abc040cc02c25f7afa842510c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_03052014_204142.txt >>
RKreport[0]_S_03052014_201934.txt
Link to post
Share on other sites

forgot to include the Security Check.  Here it is:

 

 Results of screen317's Security Check version 0.99.80  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Reader XI  
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.