Avast WEBforum

Other => Viruses and worms => Topic started by: Cr8Znbnny on October 09, 2009, 07:36:54 PM

Title: Outbound Queries to Malicious sites after 7 antimalware scans?
Post by: Cr8Znbnny on October 09, 2009, 07:36:54 PM

When I turn on my computer I unplug my AT&T 2wire gateway from the internet and LAN connection.I have the gateway configured to block many inbound stuff and pass shields up! tests; but When I look at the Avast! network shield module I see it scans wierd ip address that change. dns://10.235.55.74.in-addr.arpa, 74.55.235.10.in-addr.arpa, 209.62.112.100.in-addr.arpa ,100.112.62.209.in-addr.arpa.

I dont seem to see any malicious processes running, I don't have rootkit either... can anyone tell me what is this? Avast! network shield module scans these addresses, I am not sure why something is quering so many ever changing addresses. I have scanned with Malware bytes Anti Malware, Super AntiSpyware, Ad-Aware, Spybot S&D, Avast! Home, GMER, Kaspersky Online, Panda online, McAfee, Symantec online, Eset, but one day avast! memory resident module found a file that I had an explorer
window open on to the root directory where the thumb drive was installed and saw a folder named Found.000 with a whole mess of .chk files, but cound not see any program there, as all I used the thumb drive for was for podcasts but right in front of my eyes I see a weird program named qcwpung.exe and another one with a .com extension that I manualy deleted. Avast! flagged qcwpung.exe as Win32:Agent-SIM [Trj].I searched the internet for information on this but can not find any files that other AV companies say this malware installs. HELP!?!

Title: Re: Outbound Queries to Malicious sites after 7 antimalware scans?
Post by: Cr8Znbnny on October 09, 2009, 08:00:37 PM

Are these dns things coming from the ISP... I apoligize, maybe it is only when the gateway is connected to LAN and internet link is when it happens.I see Avast! network shield usually reads xxx.xxx.xxx.xxx.in-addr.arpa am I on some network on the ISP or something? I have AT&T dsl and old 2wire gateway.

Title: 7 different online antimalwares scans and ?
Post by: Cr8Znbnny on April 10, 2012, 01:47:52 AM

Who knows maybe this was a pentest some viruses are packed then further obfuscated by changine the PE header info.Furthermore viruses can mutate or be encrypted.

Title: Re: Outbound Queries to Malicious sites after 7 antimalware scans?
Post by: polonus on April 10, 2012, 01:57:02 AM

Those addresses are not weird, one is a private address (so the "postman knows where to  go"), the others are avast addresses. so these are connections your computer make, nothing to worry about,

polonus