Jump to content

might be infected


Recommended Posts

When browsing and sometimes when the connections being used for updates/ other downloads. I receive a lot of IP protection warnings one I traced back to IST half way around the world from me. but Malwarebytes shows clean. since today is christmas I don't expect help today maybe over the weekend, people do have families (My two little ones are still sleeping)

Malwarebytes' Anti-Malware 1.42

Database version: 3426

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18865

12/25/2009 7:48:02 AM

mbam-log-2009-12-25 (07-48-02).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 964524

Time elapsed: 4 hour(s), 34 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

attach.zip

DDS.txt

Link to post
Share on other sites

Hi,

The IP Protection bubbles mean that you're being shielded from a bad IP. If you think one is being blocked in error, post it to our False Positive forum.

-screen317

That's the thing I don't think they are false positives, it even dose it when I'm browsing, I just had 3 different Trojans and 1 Trojan downloader (win32/mabjits.a) that AVG didn't see or stop. I installed Malwarebyes and I used Microsoft security essentials to remove them. After removal I now get these IP blocks at weird times like this

00:12:17 family IP-BLOCK 212.117.175.99

00:12:17 family IP-BLOCK 212.117.175.99

00:12:27 family IP-BLOCK 212.117.175.99

00:12:37 family IP-BLOCK 212.117.175.99

00:13:08 family IP-BLOCK 212.117.175.99

00:13:18 family IP-BLOCK 213.174.157.2

00:13:18 family IP-BLOCK 213.174.157.2

00:13:28 family IP-BLOCK 213.174.157.2

00:13:48 family IP-BLOCK 213.174.157.2

00:13:48 family IP-BLOCK 213.174.157.2

00:13:58 family IP-BLOCK 213.174.157.2

00:14:08 family IP-BLOCK 213.174.157.2

00:14:28 family IP-BLOCK 213.174.157.2

00:14:48 family IP-BLOCK 213.174.157.2

00:14:48 family IP-BLOCK 213.174.157.2

00:15:09 family IP-BLOCK 213.174.157.2

00:15:19 family IP-BLOCK 213.174.157.2

00:15:19 family IP-BLOCK 89.149.254.128

00:15:29 family IP-BLOCK 213.174.157.2

00:16:09 family IP-BLOCK 89.149.254.128

00:16:09 family IP-BLOCK 213.174.157.2

00:16:09 family IP-BLOCK 213.174.157.2

00:16:19 family IP-BLOCK 213.174.157.2

00:16:29 family IP-BLOCK 213.174.157.2

00:16:59 family IP-BLOCK 94.96.207.105

00:16:59 family IP-BLOCK 94.96.14.244

00:17:20 family IP-BLOCK 212.117.175.99

00:17:20 family IP-BLOCK 212.117.175.99

00:17:20 family IP-BLOCK 212.117.175.99

00:17:30 family IP-BLOCK 212.117.175.99

00:17:30 family IP-BLOCK 213.174.157.2

No one in my house was awake at 12 am last night but computer is always on

mike

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.42

Database version: 3436

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18865

12/26/2009 8:26:05 PM

mbam-log-2009-12-26 (20-26-05).txt

Scan type: Quick Scan

Objects scanned: 97690

Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

The backdoor - came from my neighbors thumb drive he has dial up and want me to test a program that needed a large update before it would be able to work

the rest of the Trojans came shortly after that (No IP protection at the time) they are Trojan:JS/Agent.FA and they came from

C:\users\family\Appdata\local\Microsoft\Temporary Internet Files\Content.IE5\TISQELDS\popup[1].php

on Microsoft Security Essentials I see no way to get a log or even copy text.

mike

Link to post
Share on other sites

  • Staff

Please go to VirusTotal, and upload the following file for analysis:

c:\program files (x86)\fiddler2\Fiddler.exe

Post the results in your reply.

Next, please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your Desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your Desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

Link to post
Share on other sites

Okay thanks for letting me know.

virustotal on fiddler

File has already been analysed:

MD5: efad62603e55eb59217811eecaefbed7

First received: 2009.11.10 15:09:58 UTC

Date: 2009.11.10 15:09:58 UTC [>50D]

Results: 0/41

Permalink: analisis/d589a1c8eac425441a7b62272ee61077b8c8b1c38892619c17548569eae5336f-1257865798

File FA43CC68706F2F6043C2097DAA3AD600694B7A3F.exe received on 2009.11.10 15:09:58 (UTC)

Current status: finished

Result: 0/41 (0.00%)

eset came up clean after 32.5 hrs of scanning

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.