Jump to content


Photo
- - - - -

being attacked by 208.73.210.29; MBAB blocking outbound access every 5-10 minutes

malicious site

  • This topic is locked This topic is locked
99 replies to this topic

#21 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 07:10 AM

Good morning.

I have been using Firefox.

I started OTL from my desktop and clicked the Scan All Users box. The scan was humming along and then just seemed to crash when it got to 'scanning Chrome settings'.

I got an error message that did not stay on screen long but sadi something like "File List out of bounds"

Now the scan seems to just be stuck.

#22 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 07:13 AM

I stopped OTL and re-ran. The same message appeared:

LIst index out of bounds 433

#23 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 07:21 AM

OK, OTL doesn't like your system, here's what seems to fix the ip blocking problem.

Uninstall Firefox and any related file/folders and reinstall.

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#24 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 09:59 AM

will try right now.

#25 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 10:11 AM

I have removed both Firefox and Chrome from the Control Panel - Remove a Program, and run OTL from the desktop, but still get the same Linst Index Out of Bounds - 433 message when it gets to 'scanning Chrome settings'

#26 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 10:15 AM

OK, I didn't mean that it would fix the OTL problem, rather it would fix your original problem of:

being attacked by 208.73.210.29


Reinstall Chrome and /or FF and see what happens.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#27 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 10:17 AM

I removed FF yesterday and reinstalled and the problem remains. Would you like me to reinstall again?

I did not remove all of my FF personal settings and bookmarks when I uninstalled.

#28 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 10:24 AM

I did not remove all of my FF personal settings and bookmarks when I uninstalled.


That's where the problem may be, old bookmarks and RSS feeds.

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#29 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 10:25 AM

so reinstall FF, then remove all?

#30 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 10:35 AM

Ok. Reinstalled FF, then did a complete uninstall. Problem remains.

also, tried to re-run OTL, and it still got stuck at scanning Chrome settings and gave the List index out of bounds messge.

#31 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 10:47 AM

I reinstalled Chrome then uninstalled it again. After the second uninstall, i ran OTL and was able to get a full scan. Txt file attached

#32 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 10:59 AM

also realized you might want the Extras report from OTL as well. Attached:

#33 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 12:59 PM

OK, I'm working off my backup machine cause my main computer died!

Like I said before, I saw someone say a week or so ago that this infection was caused by a bookmark or RSS feed in Firefox, I was reading another post on this forum this morning and it looks like that's exactly what the problem was.
So take a look at your bookmarks in FF and delete any strange ones.

Here's the link to the post I was referring to:

http://forums.malwar...ndpost&p=547206

=============================

For OTL.....

Please do this:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2011/11/22 06:43:04 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\BaammH66sW
    [2011/11/22 06:42:54 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\nSSS11ivD
    [2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\O6dWW77fL9gXjYe
    [2011/11/22 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OfEELL9gTZqjC
    [2011/11/22 06:43:03 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OPPP0uucS1ib3oG
    [2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\oxA00vv2ibFpGaQ
    [2011/11/22 06:42:53 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\wNttxxA0ucS2b
    :Commands
    [EMPTYJAVA]
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Reboot and let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#34 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 01:53 PM

Thanks. I have completely uninstalled FF and all personal settings. There is no application to open or bookmarks to check.

I opened OTL and pasted the fix you asked me to run. Here are the results:



OTL by OldTimer - Version 3.2.42.1 log created on 04292012_134702
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

#35 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 01:55 PM

I was asked to reboot and did so.

The MBAM pop up box is still occasionally appearing saying MBAM blocked access to a potentially malicious site with the same IP address -- 208.73.210.29

Sorry to hear about your main machine -- hopefully it can be resurrected!

#36 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 01:57 PM

Looks like you didn't enter the code correctly:

Here it is:

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2011/11/22 06:43:04 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\BaammH66sW
[2011/11/22 06:42:54 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\nSSS11ivD
[2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\O6dWW77fL9gXjYe
[2011/11/22 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OfEELL9gTZqjC
[2011/11/22 06:43:03 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OPPP0uucS1ib3oG
[2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\oxA00vv2ibFpGaQ
[2011/11/22 06:42:53 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\wNttxxA0ucS2b
:Commands
[EMPTYJAVA]
[emptytemp]


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#37 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 02:02 PM

oops. Ok. Re-ran. Here is the log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

File PTYJAVA] not found.
File ptytemp] not found.

OTL by OldTimer - Version 3.2.42.1 log created on 04292012_135937
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

#38 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 02:18 PM

MBAM pop up box still appearing -- man, you weren't kidding when you said this was hard to get rid of!

#39 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 02:51 PM

Did you look at the FF bookmarks as I asked??

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#40 captarheel

captarheel

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts

Posted 29 April 2012 - 02:55 PM

I just reinstalled Firefox, but there are absolutely no bookmarks or anything else left after I uninstalled everything yesterday.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users