Jump to content

being attacked by 208.73.210.29; MBAB blocking outbound access every 5-10 minutes


Recommended Posts

Download and unzip silentrunners to a folder:

http://www.silentrun...t%20Runners.zip

Right click on Silent Runners.vbs and chose Run as Administrator, if that's not available just double click on it to run.

When asked about the supplementary scan....leave the default setting (we don't want to run it)

Post back the report.

-----------------------------------

Don't do it yet, but I would to try MVPS HOSTS

Lets try this.....Install MVPS HOSTS >> both of those sites are listed:

Softlayer Technologies

Oversee.net

http://winhelp2002.m...g/hostswin7.htm <---W7

http://winhelp2002.mvps.org/hosts.htm <--home page

MrC

Link to post
Share on other sites

  • Replies 99
  • Created
  • Last Reply

Top Posters In This Topic

I did not fully understand the second part of your last post. Is there something more you would like me to install/run relating to MVPS Host?

No don't do anything with it, I'm still looking over the log and thinking about what to do next....MrC

Link to post
Share on other sites

Sorry again.

Based on yesterday's experience (I did not get the pop ups at all during the day), it may be tomorrow morning before I see anything again. I will go radio silent unless I hear from you until tomorrow morning. I will let you know what happens after 6:09.

Thanks again for hanging in there with me.

Link to post
Share on other sites

does the malware, virus, whatever have a purpose?

It certain does, most likely malicious.

Oversee.net <---------has a real bad reputation

http://oversee.net/privacy-policy <---privacy policy

http://hosts-file.net/?s=oversee.net <---review of the site

Softlayer Technologies <---seems OK but is still blocked by MVPS HOSTS

http://www.softlayer.com/ <---site

http://www.hostrevie...er-technologies <---review of site

MVPS HOSTS file:

http://winhelp2002.mvps.org/hosts.txt <-----what the MVPS host file blocks

MrC

Link to post
Share on other sites

The best one to use would be ATF:

Double-click ATF Cleaner.exe to open it

http://www.atribune..../click.php?id=1

Under Main choose:

Windows Temp

Current User Temp

All Users Temp

Cookies

Temporary Internet Files

Prefetch

Java Cache

*The other boxes are optional*

Then click the Empty Selected button.

If you use Firefox:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

MrC

Link to post
Share on other sites

Click on this link > it's being blocked by MVPS HOSTS > you can't get to it.

http://www.adtrader.com

Should I expect any negative impact from MVPS -- anything to be on the lookout for?

No, this is a good program to have on the system, it won't allow you to go to a bad site.

Read all about it on this page:

http://winhelp2002.mvps.org/hosts.htm

We can always return to the original host file....it's still on the system.

MrC

Link to post
Share on other sites

I was traveling yesterday and did not use the computer. However, I did not seen any pop-ups on Tues or Wed after we changed the hosts file, and have not seen any today. I have also checked the MBAM logs and don't see any blocked IP addresses since the Tues morning incident, again, before we changed the hosts file.

Thank you very much for your help.

Can you give me a suggestion for Paypal?

Link to post
Share on other sites

I did not seen any pop-ups on Tues or Wed after we changed the hosts file, and have not seen any today. I have also checked the MBAM logs and don't see any blocked IP addresses since the Tues morning incident, again, before we changed the hosts file.

OK, that's good news

Can you give me a suggestion for Paypal?

That's up to you

---------------------------------------

I see your a Honorary Members now!!

-----------------------------------------------------

Some clean up to do............

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.