Network Shield: blocked access to malicious site dns://

system · December 16, 2008, 3:46pm

Hi;

A few days ago when I surf at the internet I think our pc infected from a bad site. After that I scan our pc with so many programs. (Avast, Spyboot-Search&Destroy, SuperAntispyware, Malwarebytes Anti-Malware, Ad-Watch, Advanced SystemCare, HijackThis, etc) Each program finds many malicious code after that scan and cleans it. Now, each program does not find any malicious code.

But Avast network shield still gives alert. (I now may be close this alert message, but I think our pc my be still infected.)

Avast Network shield Last attack list:

16.12.2008 09:46:53 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 09:57:08 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 10:07:23 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 10:17:38 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 10:25:04 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 10:35:53 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 10:56:20 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 11:06:35 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 11:16:48 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 11:27:02 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]

Please help me to solve this problem.

system · December 16, 2008, 4:21pm

Before Scanning

*Turn off System Restore (can turn on after cleared all infections)

*Restart computer in Safe mode F8 Key.

*shows hidden files and folders

*Un-tick hide protection operating system files

*Un-tick hide extension for known file types

*One scan at a time

**If doesn’t found any infections :

Then post a HijackThis Log at here,and soon people will help.
(i can’t because i don’t know anything about logs,sorry)

system · December 16, 2008, 4:45pm

Hi;
The attached file is our HijackThis Log that is created today. (I also boot time scanned before and the result was clean.)
Thankyou for your help.

DavidR · December 16, 2008, 5:57pm

Something on yuour system is trying to reach that url which has been found to have malware on it, a fake security program and that is why it is being blocked.

http://www.spywaredetector.net/spyware_encyclopedia/Fake%20Anti%20Spyware.WinDefender%202009.htm

What has to be found is the application trying to get there, are you getting any security alerts pop-ups ?

Did you run this software, in safe mode this should be more effective, report the findings (it should product a log file).

Maxx_original · December 16, 2008, 10:23pm

WinDefender is detected as Win32:Trojan-gen afaik… some remaining traces could be there and the HiJackThisLog would help in this case…

system · December 19, 2008, 9:45am

Hi All;

The my problem did not solve with known spyware, ad-aware and virus programs unfortunately. I think this one my be new spyware.
Finally, I back to the my ghost image which is the done one month ago and this problem permanently disappear.

Thank you for your relationship.

system · December 20, 2008, 9:17am

Welcome to the forums, kilicmb.

I am sorry that i did not get a chance to look at your HJT log before you used your ghost image.

There were a couple of questionable entries in the first log. If you could, I would like to see a HJT log since you used the ghost image for a comparison with the first HJT log you posted.

system · December 22, 2008, 4:30pm

Hi ChjarleyO;

Thank you for your pay attention.

The attached file is new HJT log. Could you compere this to old one?

Bye.

system · December 22, 2008, 8:11pm

There is only a little difference in the 2 HJT logs. In the second log are Tunebite.exe and SabahRSS.exe which were not in the earlier log.

O4 - HKCU..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray

http://www.bleepingcomputer.com/startups/tunebite.exe-7583.html

O4 - HKCU..\Run: [SabahKirmiziAlarm] "C:\Program Files\Sabah Alarm\SabahRSS.exe

http://sabah-k-rm-z-alarm.software.informer.com/

I do not know why, or how, either of these programs could have helped your problem. Maybe someone else can shed some light on it.

Network Shield: blocked access to malicious site dns://

Announcements