captarheel

being attacked by 208.73.210.29; MBAB blocking outbound access every 5-10 minutes

100 posts in this topic

Download and unzip silentrunners to a folder:

http://www.silentrun...t%20Runners.zip

Right click on Silent Runners.vbs and chose Run as Administrator, if that's not available just double click on it to run.

When asked about the supplementary scan....leave the default setting (we don't want to run it)

Post back the report.

-----------------------------------

Don't do it yet, but I would to try MVPS HOSTS

Lets try this.....Install MVPS HOSTS >> both of those sites are listed:

Softlayer Technologies

Oversee.net

http://winhelp2002.m...g/hostswin7.htm <---W7

http://winhelp2002.mvps.org/hosts.htm <--home page

MrC

Share this post


Link to post
Share on other sites

I ran SilentRunner and have attached the results.

I did not fully understand the second part of your last post. Is there something more you would like me to install/run relating to MVPS Host?

Share this post


Link to post
Share on other sites
I did not fully understand the second part of your last post. Is there something more you would like me to install/run relating to MVPS Host?

No don't do anything with it, I'm still looking over the log and thinking about what to do next....MrC

Share this post


Link to post
Share on other sites

Well . . . I screwed up, then. I re-read your post and thought at the end your instructions were to run the MVPS change. I just did that before I saw your post.

Is there a way to undo that?

Share this post


Link to post
Share on other sites

That's OK...there's no harm done and yes we can restore the original host file.

Let me know if you still get the pop-up warnings.

The log from SilentRunner was OK......MrC

Share this post


Link to post
Share on other sites

Sorry again.

Based on yesterday's experience (I did not get the pop ups at all during the day), it may be tomorrow morning before I see anything again. I will go radio silent unless I hear from you until tomorrow morning. I will let you know what happens after 6:09.

Thanks again for hanging in there with me.

Share this post


Link to post
Share on other sites

Hey MrC,

A friend asked if I knew the name of the virus I got infected with. Does this thing have a name?

Share this post


Link to post
Share on other sites

Let's call it "The really, really hard to get rid of" thing. :)

Share this post


Link to post
Share on other sites

does the malware, virus, whatever have a purpose?

Share this post


Link to post
Share on other sites
does the malware, virus, whatever have a purpose?

It certain does, most likely malicious.

Oversee.net <---------has a real bad reputation

http://oversee.net/privacy-policy <---privacy policy

http://hosts-file.net/?s=oversee.net <---review of the site

Softlayer Technologies <---seems OK but is still blocked by MVPS HOSTS

http://www.softlayer.com/ <---site

http://www.hostrevie...er-technologies <---review of site

MVPS HOSTS file:

http://winhelp2002.mvps.org/hosts.txt <-----what the MVPS host file blocks

MrC

Share this post


Link to post
Share on other sites

a little skittish here -- I assume the links you gave above are informational but not to the bad guys themselves?

Share this post


Link to post
Share on other sites

They're all OK, I went back and edited what they are.

Have you ever cleared out all your cookies??

MrC

Share this post


Link to post
Share on other sites

I suspect they all got cleared out from FF when I uninstalled it. I don't know that I have ever otherwise emptied them all.

Share this post


Link to post
Share on other sites

The best one to use would be ATF:

Double-click ATF Cleaner.exe to open it

http://www.atribune..../click.php?id=1

Under Main choose:

Windows Temp

Current User Temp

All Users Temp

Cookies

Temporary Internet Files

Prefetch

Java Cache

*The other boxes are optional*

Then click the Empty Selected button.

If you use Firefox:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

MrC

Share this post


Link to post
Share on other sites

OK, see how it is, MVPS HOSTS is basically going to do the same thing MB does, blocks the site and ip.

MrC

Share this post


Link to post
Share on other sites

will I get a notification from MVPS, or will it be silent, in the background? Should I expect any negative impact from MVPS -- anything to be on the lookout for?

Share this post


Link to post
Share on other sites

Click on this link > it's being blocked by MVPS HOSTS > you can't get to it.

http://www.adtrader.com

Should I expect any negative impact from MVPS -- anything to be on the lookout for?

No, this is a good program to have on the system, it won't allow you to go to a bad site.

Read all about it on this page:

http://winhelp2002.mvps.org/hosts.htm

We can always return to the original host file....it's still on the system.

MrC

Share this post


Link to post
Share on other sites

awesome -- thanks.

So I assume it's safe to put on all computers used by the kids?

Share this post


Link to post
Share on other sites

Yes, it will prevent them from going to malicious sites.

You have to update it once in a while though.

MrC

Share this post


Link to post
Share on other sites

How are we doing??

Do you still need help or can I close this post, MrC

Share this post


Link to post
Share on other sites

I was traveling yesterday and did not use the computer. However, I did not seen any pop-ups on Tues or Wed after we changed the hosts file, and have not seen any today. I have also checked the MBAM logs and don't see any blocked IP addresses since the Tues morning incident, again, before we changed the hosts file.

Thank you very much for your help.

Can you give me a suggestion for Paypal?

Share this post


Link to post
Share on other sites
I did not seen any pop-ups on Tues or Wed after we changed the hosts file, and have not seen any today. I have also checked the MBAM logs and don't see any blocked IP addresses since the Tues morning incident, again, before we changed the hosts file.

OK, that's good news

Can you give me a suggestion for Paypal?

That's up to you

---------------------------------------

I see your a Honorary Members now!!

-----------------------------------------------------

Some clean up to do............

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.