Jump to content

being attacked by 208.73.210.29; MBAB blocking outbound access every 5-10 minutes


Recommended Posts

  • Replies 99
  • Created
  • Last Reply

Top Posters In This Topic

OK, I'm working off my backup machine cause my main computer died!

Like I said before, I saw someone say a week or so ago that this infection was caused by a bookmark or RSS feed in Firefox, I was reading another post on this forum this morning and it looks like that's exactly what the problem was.

So take a look at your bookmarks in FF and delete any strange ones.

Here's the link to the post I was referring to:

http://forums.malwarebytes.org/index.php?showtopic=109150&view=findpost&p=547206

=============================

For OTL.....

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2011/11/22 06:43:04 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\BaammH66sW
    [2011/11/22 06:42:54 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\nSSS11ivD
    [2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\O6dWW77fL9gXjYe
    [2011/11/22 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OfEELL9gTZqjC
    [2011/11/22 06:43:03 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OPPP0uucS1ib3oG
    [2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\oxA00vv2ibFpGaQ
    [2011/11/22 06:42:53 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\wNttxxA0ucS2b
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Reboot and let me know, MrC

Link to post
Share on other sites

Thanks. I have completely uninstalled FF and all personal settings. There is no application to open or bookmarks to check.

I opened OTL and pasted the fix you asked me to run. Here are the results:

OTL by OldTimer - Version 3.2.42.1 log created on 04292012_134702

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Looks like you didn't enter the code correctly:

Here it is:

:OTL

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

[2011/11/22 06:43:04 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\BaammH66sW

[2011/11/22 06:42:54 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\nSSS11ivD

[2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\O6dWW77fL9gXjYe

[2011/11/22 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OfEELL9gTZqjC

[2011/11/22 06:43:03 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OPPP0uucS1ib3oG

[2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\oxA00vv2ibFpGaQ

[2011/11/22 06:42:53 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\wNttxxA0ucS2b

:Commands

[EMPTYJAVA]

[emptytemp]

MrC

Link to post
Share on other sites

oops. Ok. Re-ran. Here is the log:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

File PTYJAVA] not found.

File ptytemp] not found.

OTL by OldTimer - Version 3.2.42.1 log created on 04292012_135937

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.