I keep getting a warning regarding funnymonkeysshow.com, really can’t see where it is coming from. When it happens i’m not usually doing anything - may even not be on the pc. I tried a malwarebytes scan and can’t see anything. Did an avast scan - left it all day and when I came back it had closed so I assume it went ok?
http://i609.photobucket.com/albums/tt177/talsworthy/funnymoneksyshow.png
Scratching my head a little on this one
funnymonkeysshow.com has a redirect it send you here channel-reward-central.com/?sov=61567001
and this is a possible Mac scam
click the picture in urlQuery to see
urlQuery - Suspicious
http://urlquery.net/report.php?id=25278
VirusTotal URL scan
https://www.virustotal.com/url/821961b4bf15655783ba6aec523456ff744b71e1f3c99d4f3528ee595ab771d2/analysis/1330259850/
VirusTotal HTML scan
https://www.virustotal.com/file/eafbaba4b87a135cd70af92da2ab1ee3d681fa711d4bf48e94da4fc35c0fd28e/analysis/1330259893/
Wepawet
http://wepawet.iseclab.org/view.php?hash=45905248e3e554e555b112866ef9c381&t=1330259955&type=js
funnymonkeyshow … ;D
I keep getting a warning regarding funnymonkeysshow.com, really can't see where it is coming from.that could mean you have some bug in your machine.......was malwarebytes updated when you did the scan ?
follow the guide here and attach the logs from MBAM / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0
then one of the trained malware removers will help you
Two things from the OPs image:
So as has been suggested, this needs further investigation.
Just doing the requested actions and will then report back. Quick scan done from malwarebytes with no faults - full scan will take a few hours I think, then will do the otl and will post the results.
Many thanks for the assistance.
one think you may also do…
c:\windows\system32\mshta.exe
upload that to www.virustotal.com and test with 40+ malware scanners
when you have the result, copy the URL in your addressbar and post it here for us to see ( if already scanned click the rescan button )
OBS: quick scan with MBAM is fine…no need to full scan
I suspect that it will come up clean as it is more likely something else would be misusing that to connect.
Agree. The location that it’s in and the name of it states that it’s supposed to run htmla files.
Thank you re the quick scan, just doing OTL.
However! I have had a thought, I use xfire and i’m wondering if it’s an ad from xfire that is getting blocked. When I next see it warn i’ll see if the xfire ad window is blank. Might be off base but the message is so random it could fit and i’m fairly sure xfire uses that process.
Well first the redirect goes to htxp://secredir.com/?sov=funnymonkeysshow.com and then redirects to > hxtp://channel-reward-central.com/?sov=61567001
See here: htxp://jsunpack.jeek.org/?report=e0effc0587b748fbc2061198ae1d3813889f02ae (Only visit last mentioned link when security savvy, with ample script protection and in a VM) - also see: http://urlquery.net/report.php?id=25295 Site is being blocked in Malzilla as it tries at once to download malcode,
There is another instance of this malcode from that domain still up, but maybe not responsive:
hxtp://secredir.com/?sov=146368&id=aDS-cALL-geducation!!!U2FsdGVkX19hZGw3N0lha7wF1KBk5N1w01MgG4fYu_k (a Phish),
see: Up(nil): unknown_html_RFI ARIN BS abuse at securehost dot com 208.87.33.232 to 208.87.33.232 secredir dot com htxp://secredir.com/?sov=146368&id=aDS-cALL-geducation!!!U2FsdGVkX19hZGw3N0lha7wF1KBk5N1w01MgG4fYu_k could have been closed now , so what is mentioned here could be a newer Phish. So good avast flags this,
polonus
Agreed, though if it does turn out to be something like an ad it would be useful if you could add an action like noted - continue blocking without warning or similar as it just seems so random to get it blocked but not see anything else about it.
OK log from mbam and extras. OTL will post in next reply as too big for 3 attachments
OTL, will post aswMBR as soon as it has finished, many thanks
On completion of this run can you recheck for the alerts
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O3 - HKU\S-1-5-21-2052111302-1085031214-725345543-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O33 - MountPoints2\{9fa04e38-d098-11df-81a4-002719b20ce8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\start.bat:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\At*.job:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Many thanks for your assistance, I got another message yesterday before I ran your fix and checking xfire showed it hadn’t come from that
You had some Vundo jobs running which may have caused this
Any further alerts ?
Just monitoring now, will advise if I get any - non so far but it can be quite random i.e can take a few hours before I know
OK I will wait a day or so before removing the tools and tidying up
Hi many thanks for your assistance, since I did the changes have not had any further notifications. Really appreciate the time you gave to assist on this.