Jump to content

Outbound on only one specific website

Sreyness

By Sreyness
in Resolved Malware Removal Logs

 Share

Recommended Posts

kevinf80

kevinf80

Posted
Posted

All of the information gathered seems to suggest the website is at fault, can you contact their customer service and ask if there website uses the following:

IP Information for 81.171.123.200

buffer.pgif?r=1717018352
IP Location Netherlands Netherlands Alkmaar Eweka Internet Services B.v.
ASN Netherlands AS199156 EWEKA , NL (registered Aug 27, 2012)
Whois Server whois.ripe.net
IP Address 81.171.123.200
Reverse IP 4 websites use this address.
% Abuse contact for '81.171.123.0 - 81.171.123.255' is 'email.pgif?md5=4fbb06855d316a6feee05053885a3809&face=arial&size=9&color=000000&bgcolor=FFFFFF&face=arial&size=9&color=0000FF&bgcolor=FFFFFF&format[]=transparent&format[]=transparent'

inetnum:        81.171.123.0 - 81.171.123.255
netname:        NL-EWEKA-AM4-CUST
descr:          AM4 Customer
country:        NL
admin-c:        EISB1-RIPE
tech-c:         EISB1-RIPE
status:         ASSIGNED PA
mnt-by:         EWEKA-MNT
created:        2015-04-17T09:41:19Z
last-modified:  2015-04-17T09:41:19Z
source:         RIPE

role:           Eweka Internet Services BV
address:        Staten Bolwerk 1
address:        2011MK Haarlem
address:        The Netherlands
phone:          +31728500740
e-mail:         email.pgif?md5=d5777b01d5b8d540fa7bd51bb9d16e38&face=arial&size=9&color=000000&bgcolor=FFFFFF&face=arial&size=9&color=0000FF&bgcolor=FFFFFF&format[]=transparent&format[]=transparent
abuse-mailbox:  email.pgif?md5=4fbb06855d316a6feee05053885a3809&face=arial&size=9&color=000000&bgcolor=FFFFFF&face=arial&size=9&color=0000FF&bgcolor=FFFFFF&format[]=transparent&format[]=transparent
admin-c:        PB6260-RIPE
admin-c:        PS12989-RIPE
tech-c:         PB6260-RIPE
tech-c:         PS12989-RIPE
nic-hdl:        EISB1-RIPE
mnt-by:         EWEKA-MNT
created:        2003-05-13T22:56:30Z
last-modified:  2015-05-21T09:01:19Z
source:         RIPE

route:          81.171.96.0/19
descr:          Eweka Internet Services Route
origin:         AS12989
mnt-by:         eweka-mnt
created:        2005-01-24T10:53:01Z
last-modified:  2005-06-10T12:35:08Z
source:         RIPE
Tools
 
 
 
 
 
 
 
   
   
   
   
   
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I just wondered why you suffer the blocks when you try to connect and yet I do not. Probably the paid for connection differs. Can you contact customer support, if the IP address etc is legitimate then Malwarebytes will need informing... As a short fix when the block happens you can add as an exclusion.....

Link to post
Share on other sites
Sreyness

Sreyness

Posted
  • Author
Posted

Hey Kevin, I know that this is very strange but I tested something.
I cleared my cache and cookies and when I go to uploaded.net I get instantly 4 tracking cookies as you can see in the Hitman log.

Yeah I know the "trick" with the exclusion but I don't want myself get infected if there is really a problem with uploaded.
But now I'm in touch with the support so lets see what they will say.

And today I got another block but this time it was from a "Viagra" Spam Mail in my Outlook.

I'm so glad that mbam is running all the time, because these days you have so many infected advertisings and stuff.
I've read some other threads here and was shocked how many infections some other users have.

HitmanPro_20170102_1208.log

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I cannot open the link at all, when you want to add a link to your replies copy the url, select the chain link icon above the opened reply box (6th icon from the left) paste the url copy to url line..... select insert into post...

Did you contact uploaded.net customer service, any progress...?

Regarding cookies, my default browser is Firefox. I accept all cookies when browsing but dump when Firefox closes out...

cookie.JPG

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hiya Sreyness,

Finally got your hitman link opened, I see the cookies, but the following entry is more interesting:
 

Quote

 

Suspicious files ____________________________________________________________

   C:\Users\Harald\Downloads\Dell 1135n Multifunction Mono Laser Printer_Windows_Application_A04\Application\ScanManager\setup.exe
      Size . . . . . . . : 455.600 bytes
      Age  . . . . . . . : 3.0 days (2016-12-30 11:18:00)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : E994156FFD15EEFF95F11CF6DB4B2AE6B8286514A8328656248853F468291FFD
      Needs elevation  . : Yes
      Product  . . . . . : InstallShield
      Publisher  . . . . : Macrovision Corporation
      Description  . . . : Setup.exe
      Version  . . . . . : 12.0.58849
      Copyright  . . . . : Copyright (C) 2006 Macrovision Corporation
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.

 

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Users\Harald\Downloads\Dell 1135n Multifunction Mono Laser Printer_Windows_Application_A04\Application\ScanManager\setup.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hiya Sreyness,

The website in question uploaded.net is deemed infected, until the owners get that issue cleared in is recommended that you stop trying to connect/use that site... I guess we can now clean up tools etc...

Uninstall Sophos AV via Programs and Features...

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.