Jump to content

infection warning


Recommended Posts

Thanks for help. I downloaded Avast free trial version and it slowed down the PC quite noticeably. A "normal" scan with it did not find any virus.

Yes, the little "IP blocking feature" was what I initially saw. It shows randomly 4-5 times in an hour if I am not active on the web. I use Firefox, b.t.w. I don't mind if it shows, but I would very much like to know if my PC tries to connect to some evil out there.

Hi,

Malwarebytes version 1.40 now includes IP blocking which I suspect is what you are seeing. You can see a screenshot and read more about it: http://malwarebytes.besttechie.net/2009/08...re-ip-blocking/

It seems you don't have an anti-virus installed from looking at your HijackThis log. I suggest you download only one of the following free for personal use Antivirus software and install it to your computer:

http://www.free-av.com/

http://www.avast.com/eng/download-avast-home.html

Only ever have 1 antivirus installed at any time. When you have done so please post a new HijackThis log and let me know if the IP blocking feature was what you were initially referring to.

Link to post
Share on other sites

While inevitably an antivirus will impact slightly on a system, it shouldn't be too drastic depending on your computers specs. Some AV's are better than others in this regard, NOD32 has a good reputation for being relatively light on resources. There is a good guide here that may help speed your computer up somewhat: http://www.malwareremoval.com/tutorials/runningslowly.php

Your log shows you have BitTorrent running, quite apart from the legal or moral issue of file sharing, it is one biggest sources for malware infestations. It may have been related to that and removing it might stop the random warnings. I highly suggest you uninstall BitTorrent, but if you want to keep it you should fix the following line in HijackThis to stop it running from startup:

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program\DNA\btdna.exe"

From what you have said and with the scan results coming back clean, I believe your computer is clean but if you want me to take a further look I will, just let me know.

BTW if you have paid for Malwarebytes you can use their help desk for support: http://helpdesk.malwarebytes.org/login

The forums are free for anybody to post to and sometimes people can get left behind with the volume looking for help.

Link to post
Share on other sites

Thanks again, especially for your info on BitTorrent! I used it once and didn't know that it started at PC start up!

It is now removed. Yes, I have paid for Malwarebytes, but prefer to come here again if needed.

Is there any way that I can disable Avast while off-line, if I find it slow down too much?

While inevitably an antivirus will impact slightly on a system, it shouldn't be too drastic depending on your computers specs. Some AV's are better than others in this regard, NOD32 has a good reputation for being relatively light on resources. There is a good guide here that may help speed your computer up somewhat: http://www.malwareremoval.com/tutorials/runningslowly.php

Your log shows you have BitTorrent running, quite apart from the legal or moral issue of file sharing, it is one biggest sources for malware infestations. It may have been related to that and removing it might stop the random warnings. I highly suggest you uninstall BitTorrent, but if you want to keep it you should fix the following line in HijackThis to stop it running from startup:

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program\DNA\btdna.exe"

From what you have said and with the scan results coming back clean, I believe your computer is clean but if you want me to take a further look I will, just let me know.

BTW if you have paid for Malwarebytes you can use their help desk for support: http://helpdesk.malwarebytes.org/login

The forums are free for anybody to post to and sometimes people can get left behind with the volume looking for help.

Link to post
Share on other sites

I really don't recommend temporarily turning off avasts realtime protection, however since you managed to appear to be malware free to this point without it, you can do the following:

Right click on the avast! icon in system tray (looks like this: avast.jpg) and choose (Stop On-Access Protection)

Be certain to turn it back on.

Miekiemoes a researcher here at Malwarebytes has an excellent article on prevention tips, it's well worth a read: http://users.telenet.be/bluepatchy/miekiem...prevention.html

Link to post
Share on other sites

I DO! appreciate your being cautious.

I am still getting the IP warnings, just when writing this, I got three....

But Norton slows down, as Panda, as Avast.

My internet provider has a firewall and in a year I have only got one trojan infection which was easily fixed by MalwareBytes.

It's my decision, I think I take the risk of switching Avast "off" and rely on scanning and fixing only. Thanks again for your help.

I really don't recommend temporarily turning off avasts realtime protection, however since you managed to appear to be malware free to this point without it, you can do the following:

Right click on the avast! icon in system tray (looks like this: avast.jpg) and choose (Stop On-Access Protection)

Be certain to turn it back on.

Miekiemoes a researcher here at Malwarebytes has an excellent article on prevention tips, it's well worth a read: http://users.telenet.be/bluepatchy/miekiem...prevention.html

Link to post
Share on other sites

Let me know what the IP's are, you can check the ones blocked in the following folder: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Download at your desktop DDS from one of the links below:

Link 1

Link 2

  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.
Link to post
Share on other sites

Rodav,

I've been getting the same thing. Here are my logs:

8/5/09

07:08:34 Ted MESSAGE Protection started successfully

07:08:34 Ted MESSAGE IP Protection started successfully

07:09:07 Ted IP-BLOCK 219.145.177.32

07:41:53 Nic IP-BLOCK 219.149.46.19

09:59:51 Ted IP-BLOCK 218.1.62.162

16:04:23 Ted IP-BLOCK 219.150.189.203

16:19:46 Ted IP-BLOCK 219.144.173.88

17:21:49 Ted IP-BLOCK 219.150.144.54

17:21:53 Ted IP-BLOCK 218.11.49.17

18:35:12 Ted IP-BLOCK 219.145.13.154

18:50:15 Ted IP-BLOCK 218.13.195.85

18:50:29 Ted IP-BLOCK 218.1.223.2

19:04:47 Ted IP-BLOCK 218.14.3.231

19:20:36 Nic IP-BLOCK 218.8.45.216

19:50:05 Nic IP-BLOCK 218.14.3.231

20:36:13 Nic IP-BLOCK 94.102.93.27

20:50:43 Nic IP-BLOCK 219.146.253.134

20:51:41 Nic IP-BLOCK 218.1.223.2

21:22:45 Nic IP-BLOCK 219.144.177.31

21:23:35 Nic IP-BLOCK 218.13.146.241

21:23:37 Nic IP-BLOCK 219.154.101.132

21:37:31 Nic IP-BLOCK 218.0.4.136

21:52:24 Nic IP-BLOCK 218.8.207.220

22:06:39 Nic IP-BLOCK 218.1.152.113

22:36:13 Nic IP-BLOCK 219.149.189.130

22:36:38 Nic IP-BLOCK 218.13.163.42

22:47:48 Ted MESSAGE IP Protection stopped

22:47:51 Ted MESSAGE IP Protection started successfully

22:51:31 Ted IP-BLOCK 219.147.2.82

22:51:57 Ted IP-BLOCK 218.9.124.111

22:52:32 Ted IP-BLOCK 218.9.189.120

8/6/09

06:51:53 Ted MESSAGE Protection started successfully

06:52:02 Ted MESSAGE IP Protection started successfully

06:53:23 Ted IP-BLOCK 218.4.189.23

06:53:56 Ted IP-BLOCK 218.4.189.23

Link to post
Share on other sites

Thanks, Rodav! I followed your instructions. Somewhat surprised, as info from dds.scr said otherwise, I now paste both files here:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 2007-07-18 15:56:41

System Uptime: 2009-08-09 18:56:50 (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7N8X2.0

Processor: AMD Athlon | Socket A | 1143/100mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 38 GiB total, 14,812 GiB free.

D: is CDROM ()

G: is FIXED (FAT32) - 190 GiB total, 148,593 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP299: 2009-06-12 03:21:22 - Software Distribution Service 3.0

RP300: 2009-06-13 03:32:45 - Systemkontrollpunkt

RP301: 2009-06-14 03:38:15 - Software Distribution Service 3.0

RP302: 2009-06-15 14:46:35 - Systemkontrollpunkt

RP303: 2009-06-16 15:57:14 - Systemkontrollpunkt

RP304: 2009-06-17 22:31:53 - Systemkontrollpunkt

RP305: 2009-06-19 01:31:28 - Systemkontrollpunkt

RP306: 2009-06-20 01:56:06 - Systemkontrollpunkt

RP307: 2009-06-21 13:05:09 - Systemkontrollpunkt

RP308: 2009-06-22 13:26:01 - Systemkontrollpunkt

RP309: 2009-06-23 20:17:46 - Systemkontrollpunkt

RP310: 2009-06-25 20:43:53 - Systemkontrollpunkt

RP311: 2009-06-26 20:58:30 - Systemkontrollpunkt

RP312: 2009-06-27 21:03:55 - Systemkontrollpunkt

RP313: 2009-06-28 21:25:04 - Systemkontrollpunkt

RP314: 2009-06-29 22:06:13 - Systemkontrollpunkt

RP315: 2009-06-30 23:16:16 - Systemkontrollpunkt

RP316: 2009-07-02 01:36:38 - Systemkontrollpunkt

RP317: 2009-07-03 11:22:20 - Systemkontrollpunkt

RP318: 2009-07-04 17:43:03 - Systemkontrollpunkt

RP319: 2009-07-05 18:33:46 - Systemkontrollpunkt

RP320: 2009-07-06 18:51:08 - Systemkontrollpunkt

RP321: 2009-07-07 20:05:06 - Systemkontrollpunkt

RP322: 2009-07-08 20:42:57 - Systemkontrollpunkt

RP323: 2009-07-09 19:51:26 - iTunes installerades

RP324: 2009-07-10 22:13:34 - Systemkontrollpunkt

RP325: 2009-07-12 18:09:42 - Systemkontrollpunkt

RP326: 2009-07-13 18:27:02 - Systemkontrollpunkt

RP327: 2009-07-14 19:38:11 - Systemkontrollpunkt

RP328: 2009-07-15 20:31:12 - Systemkontrollpunkt

RP329: 2009-07-16 00:06:28 - Software Distribution Service 3.0

RP330: 2009-07-16 00:13:10 - Software Distribution Service 3.0

RP331: 2009-07-17 01:36:34 - Systemkontrollpunkt

RP332: 2009-07-18 11:16:32 - Systemkontrollpunkt

RP333: 2009-07-20 00:16:11 - Systemkontrollpunkt

RP334: 2009-07-21 01:08:34 - Systemkontrollpunkt

RP335: 2009-07-22 13:29:49 - Systemkontrollpunkt

RP336: 2009-07-23 14:14:05 - Systemkontrollpunkt

RP337: 2009-07-24 16:18:07 - Systemkontrollpunkt

RP338: 2009-07-25 20:03:54 - Systemkontrollpunkt

RP339: 2009-07-26 23:42:45 - Systemkontrollpunkt

RP340: 2009-07-28 01:32:11 - Systemkontrollpunkt

RP341: 2009-07-29 01:38:31 - Systemkontrollpunkt

RP342: 2009-07-30 01:42:21 - Software Distribution Service 3.0

RP343: 2009-08-02 22:41:06 - Systemkontrollpunkt

RP344: 2009-08-04 10:37:11 - Systemkontrollpunkt

RP345: 2009-08-05 14:23:30 - Systemkontrollpunkt

RP346: 2009-08-06 14:52:44 - Systemkontrollpunkt

RP347: 2009-08-07 15:26:27 - Systemkontrollpunkt

RP348: 2009-08-08 15:59:41 - Systemkontrollpunkt

RP349: 2009-08-09 19:12:53 - Systemkontrollpunkt

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.4 - Svenska

Adobe Shockwave Player 11.5

Apple Mobile Device Support

Apple Software Update

ASAPI Update

AutoUpdate

avast! Antivirus

Bonjour

Canon Camera WIA Driver

Canon EOS Kiss REBEL 300D WIA Driver

CleanUp!

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

DNA

DYMO Label Software

Echo24 PCI

Express Burn

Feedidentifiering (Windows Live Toolbar)

Google Earth

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

iriver Music Manager

iTunes

Java 6 Update 13

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Malwarebytes' Anti-Malware

Microsoft ActiveSync 3.8

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft IntelliPoint 6.1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mozilla Firefox (3.0.13)

NVIDIA Drivers

NvMixer

OneCare Advisor (Windows Live Toolbar)

OpenOffice.org Installer 1.0

Pink Calendar & Day Planner 8.0.5

Popup-blockeraren (Windows Live Toolbar)

QuickTime

RealPlayer

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB969679)

Security Update for Microsoft Office Excel 2007 (KB969682)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office Word 2007 (KB969604)

Security Update for Visio 2007 (KB947590)

Skype

Link to post
Share on other sites

Hi,

I have no reason to believe there is anything malicious on your computer, if you want we can check some other tools to see if anything amiss. You seem to have CleanUp! installed, close your browsers down and run it to clear out your temp folders. Afterwards please post the most recent logs from C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder.

Link to post
Share on other sites

I wish I could, but I cannot find the .Logs you ask for. I have used the search function and found Malwarbytes files and folders, but no "Logs". I opened Malwarebyte's, but couldn't find any

hints there either. I ran CleanUp a few days ago, but it didn't change anything. Is there any other way to find the .Logs folder? Is there a box at MB which needs to be checked or unchecked?

Hi,

I have no reason to believe there is anything malicious on your computer, if you want we can check some other tools to see if anything amiss. You seem to have CleanUp! installed, close your browsers down and run it to clear out your temp folders. Afterwards please post the most recent logs from C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder.

Link to post
Share on other sites

You will need to make sure hidden files/folders are able to be seen: http://www.bleepingcomputer.com/tutorials/...al62.html#winxp

When you have done that right click Start, then Explore and navigate to the following folder which will have the logs in it:

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

If you still can't find it, I can run a fix that can.

Link to post
Share on other sites

This is what I got from Malwarebytes support:

"Any application that accesses the Net can trigger the alert. IM client, P2P software.

So you don't need to do anything. Some sites are being detected as malicious, but this is a bug, we're working on the fix for v1.41.

You will need to make sure hidden files/folders are able to be seen: http://www.bleepingcomputer.com/tutorials/...al62.html#winxp

When you have done that right click Start, then Explore and navigate to the following folder which will have the logs in it:

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

If you still can't find it, I can run a fix that can.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.