Jump to content

solomon7

Honorary Members
  • Posts

    38
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Yes, of course the old logs will be wiped when I wipe the system. I am saying that the new logs, in the new installation of Malwarebytes, are completely empty, except for a '2' in the content of the log file itself. For example, if I highlight the log file named: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-05-04.txt and I click 'Open', the only content of that file is: 2 Other than that, the file is empty, as is every other protection log that has been generated since I reinstalled the system.
  2. I just recently reinstalled my system from scratch and one of the first apps I installed was MBAM. The app is running properly, performing scheduled scans and updates as configured, and the 'mbam-log' files all contain info regarding the specific scan that created them.. However, the 'protection' logs are all empty except for a '2' in the top line.. They contain nothing else... Is this a Windows 7 UAC issue of some kind or is it normal?
  3. It's been a full day now with the RSS links removed and no unwanted outbound connections, so I think this is probably resolved.. Thank you for all your assistance!
  4. Fingers crossed.. I think I've solved it.. There was in fact an RSS folder with very old links in it.. I didn't notice it until I went to Bookmarks \ Show All Bookmarks \ and then filtered the search box with the term 'http' which showed me everything in the bookmarks folder.. then sorted that by date, and saw approx 200 links from bookmarked blog posts showing with today's date, and I knew I hadn't been to them recently... These RSS feeds were updating every 15 minutes or so.. I did the same procedure as yesterday, replaced the default bookmark with my custom one, deleted the RSS folder, and ran firefox for 25 minutes with the RJ45 pulled, and now 30+ minutes with the RJ45 connected, and no connections... So this leads to an interesting question... can a spammer spam a blog with comments that contain links to the 208.73.210.29 site in the title or body of the comment and then anyone who has that blog post linked or bookmarked becomes a "carrier".. their bookmarked RSS feed for that post then connects out to the malware site and spreads the virus.. so popular blog posts can become distribution points for the virus / malware.. Not sure I'm describing it correctly, but you get the idea...
  5. But does it make sense that a simple bookmark in a bookmarks file would be triggering outbound connections? They're not Live Bookmarks, just regular old static bookmarks... so why would a bookmark be connecting out..?
  6. Ok.. I ran Firefox with the default places.sqlite file for over 90 minutes and not a single outbound connection attempt.. I then shut down firefox, renamed the default bookmark file to places.sqlite.ORIG and copied my backup bookmark file into the profile folder.. I started firefox again and went to Bookmarks \ Show All Bookmarks \ Import and Backup \ Export Bookmarks to HTML and saved the file as bookmarks.html I then shut down Firefox, deleted my custom places.sqlite file, and renamed places.sqlite.ORIG back to places.sqlite.. I then restarted firefox and let it run for 25 minutes.. no outbound connection attempts.. again confirming the problem seems to be either the bookmark file itself, or a bookmarked site in the bookmark file.. After the 25 minutes, I went to Bookmarks \ Show All Bookmarks \ Import and Backup \ Import Bookmarks from HTML and imported the html file I saved.. Immediately an outbound connection was blocked by MBAM.. So this now confirms, I think, that the problem is with one of the bookmarked sites / links in the bookmark file, and not the bookmark database file itself... Does this seem logical? So now how do I go about finding which one it is...?
  7. Firefox has now been running over an hour with the default bookmark file and no blocked connection attempts...
  8. On doing some reading, it seems that by default, Live Bookmarks in Firefox update every 60 minutes.. I'm not sure if there's a way to change this, but if there is not, then it wouldn't seem to be any of the preinstalled Live Bookmarks... Firefox has now been running for 25 minutes with the default places.sqlite file instead of my personal bookmark file, and there have been no connections.. so I *think* I've identified the culprit... So now I need to figure out which bookmarked link is causing it, or if it's the bookmark database itself.
  9. Ok, so I wiped the machine today.. reinstalled win7 while disconnected from the network.. then installed MBAM.. then installed Outpost Security Suite.. then installed Firefox.. copied my places.sqlite bookmark file, and 15 minutes later, on a brand new machine, the same connections began again.. I've just shut down firefox, removed my bookmarks, replaced the original/default places.sqlite file, and restarted firefox.. am waiting to see what happens.. So, if this is what happened, how is it that a bookmarked link is trying to connect out? Or could it be the bookmark database file itself that is infected with something.. (I don't have any custom live bookmarks.. only the pre-installed live bookmarks that are installed with Firefox)... So if this proves to be the case, is there a way to figure out which bookmark is causing the problem?
  10. Yes, everything else about the machine is fine. Firefox can access any other website and there are no redirects/hijacks taking place. Also, perhaps I'm misreading your message, but I'm not "accessing" that Oversee site/domain.. Whatever has infected this machine is connecting out to it every 15 minutes even with Firefox sitting idle. At this point I'm beginning to think I need to wipe out the machine and reinstall it. Even if we could find what the issue is, I don't think I would trust this machine on my network again and there's no way to tell what else may have been downloaded onto it and still remains hidden. Whatever it is wouldn't survive a format and reinstall, would it?
  11. There is no Firefox Safe Mode in the apps menu, but I got it into safe mode via Firefox \ Help \ "Restart with Addons Disabled".. Will wait 15min and see what happens. I don't recall any extensions or addons being installed or updated at the time the popups first began. I looked at the protection logs of MBAM and they show the first blocked connections happening on April 21st: 2012/04/21 21:33:31 -0400 MEDIAQUBE Mediacube MESSAGE Database refreshed successfully 2012/04/21 21:33:31 -0400 MEDIAQUBE Mediacube MESSAGE Starting IP protection 2012/04/21 21:33:32 -0400 MEDIAQUBE Mediacube MESSAGE IP Protection started successfully 2012/04/21 23:00:48 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49249, Process: firefox.exe) but there were no MBAM popups reporting the blocked connections until the 24th, which is the same day Firefox was updated to the latest version.
  12. IP Block still showing up after reboot.. 15 minutes after starting firefox
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.