Jump to content

Malicious Website Protection, Domain, 23.55.155.27


Recommended Posts

Hi,

Please can you check my log file for me. I attach it and you will see on there that yesterday I followed a link for Ashington Centre and it was a malicious website I assume being www.list.co.uk because malwarebytes kept on coming up with an outbound block. I cleared all the cache/history/everything in Firefox and run a scan and nothing was found and it has not done it again since on any website links from firefox so I assume it is ok but I am sending you this file because there are many entries that the domain listed in the log at that time for Malicious Website Protection, Domain, 23.55.155.27.

Thank you and I look forward to hearing from  you.

Kind regards,

Sam

anti-malware-home-premium-log.txt

Link to post
Share on other sites

Hi,

A little more detail. I notice that now my computer ip address is on 4 blacklists and this was clean when I last checked a week ago. Would this have something to do with the attacks yesterday?

here is the details: http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a86.178.147.184&run=toolpage

Thank you and I look forward to hearing from you.

Kind regards,

Sam

Link to post
Share on other sites

  • Root Admin

Hello @SamGill and :welcome:

Well, being on a blacklist for mail is a bit odd as your domain does not show as having an MX record which makes it pretty difficult to run mail directly from that domain so probably doesn't really matter that it is on a blacklist.

Quote

No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s). The program can't continue in a case like this, so we are assuming you don't receive mail on this domain.

We'll go ahead though and check your computer for any further malicious content. Let me have you run the following for me so that we can check your logs to see what's going on.

Please read the following and post back the 3 requested logs as an attachment.
 
Diagnostic Logs
 
Thanks

Link to post
Share on other sites

Hi Ron,

thank you very much for getting back to me. Yes it is strange that my computer IP address is blacklisted because you are correct I have no email MX records on this IP.

i most certainly will run those and send back the logs to you. I am not back at work with that PC until on Tuesday so I will run them Tuesday morning and get back to you.

thank you very much for your help.

kind regards

sam

Link to post
Share on other sites

  • Root Admin

Hi Sam, good news. A bit late for the both of us, but this turns out to have been a false positive. One of our rules was inadvertently detecting this as a bad IP. That rule has been removed and this should no longer be showing in your logs.

 

You do have an old entry that should no longer be running on your system. Please run the item below and it will remove that for us.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Link to post
Share on other sites

Hi Ron,

Thank you very much for your help. I have run the FRST64 and I attach the fixlog.txt.

I see that on MXToolBox that it is still showing as blacklisted with 4 providers. Do you know how I can get this lifted now hopefully the problem is solved? here it is: http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a86.178.147.184&run=toolpage

Also I have the same problem with my computer at home which runs the same malwarebytes programme. I am only using one computer at a time whether it be home or at my work computer but it would be great to solve the home computer too. Would I run through the same process as we have done here and do you mind helping me with that too please?

Thank you and I look forward to hearing from you.

Kind regards,

Sam

Fixlog.txt

Link to post
Share on other sites

  • Root Admin

Normally you have to contact each of the companies on that blacklist to submit to have your address removed. Again, though without a mail server there really is no need to worry about it.

Yes, you can run FRST on your home computer and attach both those logs and I'll review them.

Thanks again Sam,

Ron

 

 

Link to post
Share on other sites

Hi Ron,

That's great thank you. I will log into my home computer tonight and run the tests and send them to you.

Interestingly I noticed that my ip address changed today! It's a learning curve all this!! and I managed to work out that if the BT broadband router gets rebooted then each time I get given a new IP address. Well this is very interesing and on the new ip address I have been given from my router it still has the same blacklisted accounts showing. Very odd. I wonder if it is stored in the router the blacklists?

Anyways I better get some work done now :) Thank you and I will post here when I get back home tonight and run the tests on my home computer.

Many thanks,

Kind regards,

Sam

Link to post
Share on other sites

  • Root Admin

Your ISP has a certain range of IP addresses that it gives out to it's customers. More than likely it has nothing to do with you and some other customer is the one that has the blacklist on them. Just ignore it.

You have a very old version of Java installed. That can easily lead to getting an infection. If at all possible I'd recommend uninstalling Java and if you don't really need it don't reinstall it. If you do have to have it then make sure you have the latest version installed at all times. You have Java 8 build 31 installed right now.

Programs like this that are on your computer are not needed and in many cases cause more damage than they claim to fix. WiseFixer - if it were my computer I'd uninstall it.

Overall the computer does not look to be infected. I've included a fixlist file to remove some junk and we'll have you scan it, otherwise it seems ok for the most part.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Once that's done post back the log and we'll run a couple other scans and see how the computer's doing.

Thanks, Ron

 

Link to post
Share on other sites

Hi Ron,

Thank you very much for doing that for me. Good point about Java and Wisefixer I will uninstall them and I have just uninstalled Wisefixer on my work computer too.

When I get home tonight I will run the fixlist.txt on my computer there. Many thanks again,

Kind regards,

Sam

Link to post
Share on other sites

Hi Ron,

Thank you I attach the fixlog.txt from my home computer. Before I ran it I uninstalled the Java, Google Earch, OneDrive and the WiseFixer programmes.

I am just running a malwarebytes scan now and I will report back as soon as it has been done.

Do you have a donations paypal link or paypal email address where I can donate to you for helping me please?

thank you and I look forward to hearing from you.

Kind regards,

Sam

Fixlog.txt

Link to post
Share on other sites

Hi Ron,

It is running great thank you and after the reboot and it had made its fixlog.txt I did a restart on it and I am pretty sure it started quicker as it was always a little slow before. Thank you very much, greatly appreciated. I can see no signs of infection and it seems pretty responsive.

I am hoping you have a PayPal donation page so could you let me know your PayPal donation page or Paypal email address please?

many thanks again Ron,

kind regards

sam

 

 

 

Link to post
Share on other sites

  • Root Admin

Thanks for the offer Sam, but we're all good. No need for any donation. If you really feel the need please go ahead and give to any one of the many more deserving charitable organizations out there.

Take care, and stay safe out there. Hope you and yours have a great Holiday Season, and Merry Christmas.

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

Hi Ron,

I have just run the Delfix on my work computer and it uninstalled all ok and then I manually deleted the mbam-check-2.3.2.0 manually. I have deleted old System Restore Points and created a new system restore point afterwards. I do not have Java on my work or home computer now so all ok there :) and I updated my adobe flashplayer and quicktime on firefox.

I will do the same on my home computer tonight.

Thank you again,

Kind regards,

Sam

 

 

Link to post
Share on other sites

Hi Ron,

I hope you are well. After uninstalling everything on my work computer this morning unfortunately I think I need it all back again. I have started getting the malwarebytes blocking firefox.exe and dropbox.exe again. I attach the log and two screen prints of when I accessed your website and logged in and also SmartHosting website. I have contacted smart hosting and they think it is a false positive (as they have had no one else report it to them) which sounds about right but could you possibly check the files for me please. I did uninstall firefox.exe and the firefox saved files and then reinstalled firefox again but it made no difference and the message of malicious website blocked came up again for your website and for Smarthosting website.

Sorry about this and I really appreciate your help.

Kind regards,

Sam

malwarebytes_report_101216.txt

malwarebyteswebsite_malware_no2.jpg

 

Edited by AdvancedSetup
removed image with email address in it
Link to post
Share on other sites

Hi Ron,

Another update. I have just removed the tools on my home computer and all looks good and I will be using this computer a little on my next two days off so I will let you know how it goes. I don't think this computer at home is a problem because I have visited malwarebytes website and smart hosting website and it is not coming up with a malicious website notice on this computer as per the images in the above message. I think it is just my work computer misbehaving again as per my message above with images. I am back at my work computer on Tuesday so I will look Tuesday morning for your reply to my message above.

Many thanks again and have a good weekend.

Kind regards,

Sam

Link to post
Share on other sites

  • Root Admin

Go ahead and run the following again on the work computer.

 

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 06
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.