What should I do to stop this? I always get this everyday in this week. Others says i have virus in my system already so that this is the cause of attacks. But I’ve already scanned my system with malwarebytes, spybot search and destroy, and avast free scheduled in boot time scan and nothing was detected. I already tried this in regedit Hkey local machine software microsoft ole DCOM Y value replace by N because they say it can stop this attacks logging in network shield but until now I still get this:
08.06.2010 03:56:00 Network Shield: blocked access to malicious site 88.80.7.152/cgi/dtiyodt.php?otc=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 856 ) ]
08.06.2010 07:41:52 Network Shield: blocked access to malicious site media9s.com/cgi/ncmm.php?mm=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 212 ) ]
08.06.2010 07:41:52 Network Shield: blocked access to malicious site nopagency.com/cgi/ajj.php?jjj=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 212 ) ]
08.06.2010 07:41:53 Network Shield: blocked access to malicious site 88.80.7.152/cgi/peeuujjz.php?peukz=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 212 ) ]
08.06.2010 15:22:22 Network Shield: blocked access to malicious site media9s.com/cgi/zen.php?tiy=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 3868 ) ]
08.06.2010 15:22:23 Network Shield: blocked access to malicious site nopagency.com/cgi/gw.php?bqg=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 3868 ) ]
08.06.2010 15:22:23 Network Shield: blocked access to malicious site 88.80.7.152/cgi/kzpeuk.php?puzjj=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 3868 ) ]
08.06.2010 18:39:21 Network Shield: blocked access to malicious site media9s.com/cgi/iiii.php?ii=67340145x044452x<x5x4x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 3344 ) ]
08.06.2010 18:39:22 Network Shield: blocked access to malicious site nopagency.com/cgi/qfva.php?zzpp=67340145x044452x<x5x4x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 3344 ) ]
08.06.2010 18:39:22 Network Shield: blocked access to malicious site 88.80.7.152/cgi/yhhhhhhh.php?hhhhh=67340145x044452x<x5x4x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 3344 ) ]
No even if I did not open a browser it stills pop out and besides i’m always clearing my browser cache using ccleaner, clearing windows temp, and prefetch. I am confused right now. Any Idea?
Then you appear to have something either hidden or undetected trying to access that site.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware (SAS). On-Demand only in free version.
Also might be worth checking IE settings tools>internet options>security>trusted sites.If there are any entries that you haven’t entered there, remove them.You may also want to check your hosts file and recreate if necessary http://support.microsoft.com/kb/972034
As I stated before I don’t find any after scanning malwarebytes, avast, and Spybot Search and Destroy. And I did not find anything also in Trusted zone. But I gave you a hint about it for you to have an Idea how you can help me. Whenever the avast scanner message the attacks their is IEXPLORE.EXE popout in my task manager and when I tried to scan it with avast by right clicking the blue ball icon in system tray the avast can perform memory checking but suddenly it was lost in my sight and the avast simple user interface won’t open. But if I endtask the IEXPLORE.EXE I can see the avast simple user interface again. The IEXPLORE.EXE is running under my computer user account, for example my user account used is Admiral.
Iexplore.exe is internet explorers executable ,and in this case probably not the problem.Its internet explorer trying to connect to the site thats the problem.Again as asked check your hosts file.Also what firewall and operating system are you using?
Start of entries inserted by Spybot - Search & Destroy
End of entries inserted by Spybot - Search & Destroy
note: I uninstall spybot yesterday because even though I scanned my system with it and active as resident it does not find anyting about this. I’ve just let the avast and net studio USB Firewall do the resident scanning job.
I’m still using winxpsp2 and just using the windows firewall with checked the Don’t allow exception.
BTW, I’m not so often used the internet explorer because I have mozilla firefox. But still the internet explorer is the default browser in the settings.
You should update your XP to SP3 after you got your system clean. (There are also new browser options in SP3 with the latest updates.) Btw, your HOSTS file is ok…!
You can try free EAM to rescan your system and see what it finds. http://www.emsisoft.com/en/software/free/
asyn
The free version is not a free trial? The free version of this software is only an On Demand Scanner or it has resident scanner also? Because if it has resident scanner that means the avast will be uninstalled or the resident of that software can configured it not to run his resident scanner when installing that? :o
I’m not really sure which software you are referring to, presumably emisoft, which Asyn seems to have a thing about, whilst the rest of us believe it has a high rate of false positives. EAM - Previously a-squared Anti-Malware, which incorporates a-squared AV, the one we think has a lot of FPs. Personally I wouldn’t touch it, but that’s just me ;D
avast is a resident on-access scanner (all versions) and so far that resident protection has been saving your ass by blocking outbound connections to malicious sites.
So I wouldn’t install EAM if I had to get rid of avast.
Personally id try something like prevx 3.0 free.Its just an on demand scanner ,and has pretty good detection results.I don’t believe the free version will clean everything though ,just detect but at least if it finds something you can plan from there.You’ve already used mbam which didn’t detect anything,and that’s one of the best,so fingers crossed.
I know you don’t like it, but if avast and mbam can’t dedect/remove the threat it’s a 3rd possibility to get rid of malware, as it still has one of the highest dedection rates. But sure you always have to be careful about FPs…! Another reason is the online forum, which offers free professional support in removing malware, even for unexperienced user. (http://support.emsisoft.com/forum/6-malware-removal-help/)
asyn
I, as well as others here, use PrevX resident and it is compatible with avast. The resident build give you more protection than the on-demand (free) version, but you can certainly give the free version a try. However, I do regard MBAM on demand very highly. I know you’re looking for other options.
I’m not alone in that regard, it has a high rate of FPs and that has to be clearly stated or the user could take it as gospel and delete a detection without first checking it out fully and that is the point I’m making.
The problem being when the first link you recommending a 3rd party application that incorporates a resident AV then you can’t have two resident AVs installed. Not to mention there is any guarantee that it will either detect or remove it either.
So as has been suggested an on-line scanner can be a better option as it doesn’t have to be installed nor does it have low level drivers.
So you say that their on-line forum offers help removing malware, well so does this forum in case you hadn’t noticed.