multiple intrusions

Viruses and worms
1

I want to know where are these “attempts” are comming from.
24.05.2009 08:24:55 Network Shield: blocked access to malicious site 82.98.193.102 [ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe ( 1084 ) ]
26.05.2009 12:58:33 Network Shield: blocked access to malicious site 82.98.193.102 [ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe ( 1028 ) ]
27.05.2009 06:37:29 Network Shield: blocked access to malicious site 82.98.193.102 [ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe ( 1020 ) ]
28.05.2009 07:53:23 Network Shield: blocked access to malicious site platinumtvonline.com/?pubid=epztont&type=ca [ C:\Program Files\Internet Explorer\iexplore.exe ( 592 ) ]
28.05.2009 08:03:38 Network Shield: blocked access to malicious site platinumtvonline.com/?pubid=epztont&type=ca [ C:\Program Files\Internet Explorer\iexplore.exe ( 592 ) ]
28.05.2009 08:09:38 Network Shield: blocked access to malicious site platinumtvonline.com/?pubid=epztont&type=ca [ C:\Program Files\Internet Explorer\iexplore.exe ( 592 ) ]
29.05.2009 07:09:00 Network Shield: blocked access to malicious site 82.98.193.102/tds3/in.cgi?4&s=s7&camp=mg_keyword&url=http%3A%2F%2Furl.urtbk.com%2Fcpv.jsp%3Fp%3D111211%26ronMin%3D0.003%26partnerMin%3D0.003%26ip%3D70.255.173.202%26aid%3D4170%26url%3Dhttp%253A%252F%252Fad.doubleclick.net%252Fadi%252Famzn.us.cr.music%252F_default%253Bsz%253D300x250%253Bu%253De3960befd2e940bfada0987b6df693a9%253Bord%253D15D8Q1XD1EAB9B7W0377%253Bs%253D51%253Bs%253D172%253Bs%253D56%253Bs%253D232%253Bs%253D32%253Bs%253D49%253Bs%253D67%253Bs%253D23%253Bs%253D38%253Bs%253Dm4%253Bs%253Dm1%253Bz%253D1489%253Btile%253D1%253F%26excludeCodes%3D%26default%3Dhttp%253A%252F%252Fselectusers.com%252Ftds3%252Fin.cgi%253F4%2526r%253D1%2526s%253Ds7%2526cid%253D843B4BC9FEBFA254FB3F4E1386B377E4013F12F65AAF0965%2526aid%253D4170%2526version%253D1.4.3%2526camp%253Dmg_keyword%26selectedKeyword%3Dron%26selectedListingId%3D7445545&bid=0.0032&cid=843B4BC9FEBFA254FB3F4E1386B377E4013F12F65AAF0965&aid=4170&version=1.4.3 [ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe ( 1132 ) ]

2

Results for the malicious site 82.98.193.102:

https://safeweb.norton.com/report/show?name=82.98.193.102

Hope this helps^^

-AnimeLover^^

3

Hi roadhawk1,

Malicious software includes 567 trojan(s), 22 scripting exploit(s).

This site was hosted on 2 network(s) including AS34562 (PROIP), AS6461 (MFNX).

The site hosted malware. This malicious software infected 7 domains: e.g.: blogcatalog.com/, shoeblog.com/, zimbio.com/, 14 scripting exploits found by heuristics,

polonus

4

Is it a hacker or a band of hackers doing this or what. Its keeps occuring for a number of days.

5

Maybe a malware is causing this intrusions and then sends some information to a certain someone but fortunately, the attack was blocked and ur safe for now^^

Maybe a backdoor or a Trojan downloader^^Do a fullscan^^that might help^^

-AnimeLover^^

6

Hi cinchez,

The bloodhound exploit that is flagged could be a valid scripting exploit flagged by heuristical scanning, in some cases it was also found to be a false positive, if it is found in temporary files downloaded from these websites,

polonus

7

Thanks^^

-AnimeLover^^