Jump to content

Recommended Posts

Starting today, I keep getting a Malicious Website blocked from ayool1.no-ip.org. I have scanned, looked for start up entries, just about every troubleshooting technique. This is a Win 8 box with 16gb ram, Intel i5-2400. I remove viruses almost daily from machines, however, this one has me stumped. By the way, a search for ayool1.no-ip.org does indicate is is a bad  site.

Link to post
Share on other sites

Starting today, I keep getting a Malicious Website blocked from ayool1.no-ip.org. I have scanned, looked for start up entries, just about every troubleshooting technique. This is a Win 8 box with 16gb ram, Intel i5-2400. I remove viruses almost daily from machines, however, this one has me stumped. By the way, a search for ayool1.no-ip.org does indicate is is a bad  site.

I forgot to explain the Malicious Website box keeps opening and closing, after scan, after reboot, it consistently shows.

Link to post
Share on other sites

IP has a blacklist report from 2012 at apews.org

 

Oooops 204.95.99.109 is currently listed in APEWS :-(

Entry matching your Query: E-605523 
204.95.0.0/16CASE: C-14
Spambots, zombies, contaminated CIDR, bad reputation providerHistory:
Entry created 2012-09-30

 

 

URL and files found on that IP info

https://www.virustotal.com/en/ip-address/204.95.99.109/information/

Link to post
Share on other sites

Hello pfalck1:

Your previous post's information may require additional clarity.

Please post the computer's MBAM2 Daily Protection Log showing the Malicious Website Blocks you're reporting:

Reference: Malwarebytes Anti-Malware Users Guide - Daily Protection Log

  • Please open the Malwarebytes Anti-Malware 2.x (MBAM2) Graphical User Interface (GUI).
  • Single left-click History.
  • Single left-click Application Logs.
  • Left double-click the Protection Log concerning the date when the Malicious Website Protection notice(s) were received.
  • Single left-click Export button, and single left-click Text file (*.txt) choice from the pull-down menu.
  • Type Malicious in the File name: box, then single left-click Desktop, and single left-click the Save button.
  • The MBAM2 GUI may now be closed.
  • Please Attach the Malicious.txt file, from the Desktop, to your next reply in this thread.
Thank you for your patience and understanding.
Link to post
Share on other sites

So I checked the file path to agpmgr.exe in the Users directory. Then I checked the startup and an entry for agpmgr.exe was listed. I removed the entry and rebooted. The messages stopped. I scanned the dir but Malwarebytes said it was ok. The file agpmgr.exe is found in the AGP Manger subdirectory. Attached is a photo of that dir under the roaming dir

post-124283-0-32770900-1408219990_thumb.

Link to post
Share on other sites

Hello pfalck1:

The logs indicate the computer might be infected and malware removal actions are not permitted in this sub-forum.

I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also Copy and Paste both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic.

Thank you. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.