Crazy things happening with me

Hi everybody, I’m getting scared from these things:
FireFox blocks redirections on the following sites:

chiponline [dot] hu
pcguru [dot] hu
faviccek [dot] hu
brusheezy [dot] com

NoScript whitelist contained unknown sites and 1 malware site (rated by wot)
One of them is orbitcycle [ dot ] com - the malicious

I ran MBAM and Avast!, both says CLEAN.
Everything started when I visited msn.com - I randomly clicked on “The MSN’s Homepage” when it’s menu didn’t appeared.
I PM-ed essexboy about this.

Please help me ???

As you already contacted essexboy, there’s not much left to do…!! :wink:
asyn

Nevertheless…

Report 2010-06-26 20:25:47 (GMT 1)
Website chiponline.hu
Domain Hash 6ecbc443b47b13f1c73c082ead664aa1
IP Address 193.28.86.140 [SCAN]
IP Hostname 3.bleed.hu
IP Country HU (Hungary)
AS Number 47381
AS Name EASYGO-AS EasyGO Kft.
Detections 0 / 19 (0 %)
Status CLEAN

Report 2010-06-26 20:27:48 (GMT 1)
Website pcguru.hu
Domain Hash 45929b188d96310c907a9a292cd0baaf
IP Address 193.28.86.140 [SCAN]
IP Hostname 3.bleed.hu
IP Country HU (Hungary)
AS Number 47381
AS Name EASYGO-AS EasyGO Kft.
Detections 2 / 19 (11 %)
Status SUSPICIOUS

Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan DETECTED
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee TrustedSource CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb SUSPICIOUS
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard CLEAN
Scanning site with: ZeuS Tracker CLEAN

Report 2010-06-26 20:29:13 (GMT 1)
Website faviccek.hu
Domain Hash 627053620bdbbf28ab97b4a92a6fd0c8
IP Address 85.25.77.86 [SCAN]
IP Hostname server3-customer.iworx-host.com
IP Country DE (Germany)
AS Number 8972
AS Name PLUSSERVER-AS PlusServer AG, Germany
Detections 0 / 19 (0 %)
Status CLEAN

Report 2010-06-26 20:30:41 (GMT 1)
Website brusheezy.com
Domain Hash c9afdeeddab08edf01996aaae099a1c0
IP Address 174.36.237.116 [SCAN]
IP Hostname dale.eezyinc.com
IP Country US (United States)
AS Number 36351
AS Name SOFTLAYER - SoftLayer Technologies Inc.
Detections 0 / 19 (0 %)
Status CLEAN

Report 2010-06-26 20:32:12 (GMT 1)
Website orbitcycle.com
Domain Hash 6449e67a3e4aff54d797b807c405e3ea
IP Address 216.234.246.157 [SCAN]
IP Hostname 9d.f6.ead8.static.theplanet.com
IP Country US (United States)
AS Number 21844
AS Name THEPLANET-AS - ThePlanet.com Internet Service…
Detections 3 / 19 (16 %)
Status DANGEROUS

Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender UNRATED
Scanning site with: Finjan CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts DETECTED
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee TrustedSource CLEAN
Scanning site with: MyWOT DETECTED
Scanning site with: Norton SafeWeb UNRATED
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard DETECTED
Scanning site with: ZeuS Tracker CLEAN

Avast! Network shield also scans the following: twitter.com/steive23isking
A hour ago, avast! checked a rapidshare connection with a stupid and long filename ended with rar.htm

I hope I get answer for my problems

Be patient…! :wink:
essexboy will drop in, sooner or later…
asyn

PM sent didn’t realise you started a thread

Post the details here please ;D

Hi Sartigan,

Could go there, faviccek.hu, with flock browser with NS and RP activated, no flag whatsoever. Scan reports clean.
See attached gif. So I think our qualified eliminator essexboy should come into action once again,

polonus

As you said essexboy, I did the scan with combofix

Here is the log

Nothing apparent there - what are the exact problems you are experiencing

Hi essexboy,

Did he try to ping the various sites’ IPs from the command prompt, and what were the results, did he try to check to see if the sites were only off-limit to him, was the IP-range from his provider being blocked higher upstream because someone in that range did something “devious”, questions, questions,

polonus

Now let’s try one - does it tries to redirect?

Faviccek.hu = DOESN’T TRIES REDIRECT

I saw combofix deleted something ending with PE.tmp

Ok let’s try another - chiponline.hu…
Tries to redirect :frowning:

Brusheezy: No redirect

PCGuru and Chiponline are big partners

I haven’t got any other problems

And this only happens in Firefox ?

I will try it with IE, but I don’t trust it
I didn’t started Internet Explorer since a year. I don’t have any ad / script blocking addons for Internet Explorer, that’s why I don’t use it

If you have IE8 that is quite secure - leastwise I do not use anything else apart from Simple Adblock

Hi Sartigan,

You could also make a new profile with Fx, re: http://kb.mozillazine.org/Creating_a_new_Firefox_profile_on_Windows

polonus

It’s a bit strange, because I lost all my opened tabs, all my addons and I needed to reinstall them, set the settings, I just hope it will help :-\

Didn’t helped me, FireFox blocks a redirection on chiponline.hu - in the new profile :S

Hi sartigan,

Did you try to go to these sites using a website proxy of some sort like Hidemyass or similar, were you allowed to go there then, then it has something to do with a situation outside your machine, try that,

polonus

I didn’t tried it

New profile thing doesn’t works - FireFox blocks a redirection at Chiponline :S

Maybe you set FF up to do so…??
There’s an option for it, but sorry can’t lead you there, as I use the german version.
English users would know better, where to find it… Please jump in…!
asyn

AWWW… I installed internet explorer 8 and asked me to restart, I restarted my system and freezed with a window: Adding personal settings

I rebooted more than 4 times and now Online Armor asked about 2 files from IE8 but Windows Started normally and everything is loaded.
I need back IE7 :S

Now I’m going to restore a backup :S