Author Topic: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]  (Read 37979 times)

0 Members and 1 Guest are viewing this topic.

OliPicard

  • Guest
Hi Avasters!,

I recently switched ISPs. Before now ive had little or no DoS or port scans but since switching to a new host ive had over 100 attacks, From all over the place.

My ISP when confronted with these logs told me its my equipment causing the problems. These attacks have been brought the modem down since joining this ISP ive switched IPs multiple times around 30-40 times with only a couple of the ips showing a few DoS attacks.


Code: [Select]
173.236.193.163:80 x2 (Dreamhost)
199.59.163.68:80 x30 (this ones been attacking over a couple of days on different IPs)
81.94.200.139:25565 x1
69.171.235.16:443 x20
213.199.179.144:40044 x1
78.141.179.18:12350 x2

Hopefully someone will know why this is happening. I have ran an MBAM recently with no negative results.
If anyone can help me figure this out that would be wonderful!
Thanks
Oliver
« Last Edit: March 11, 2013, 11:16:47 PM by OliPicard »

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help?
« Reply #1 on: March 11, 2013, 10:22:48 PM »
Running some background checks on the IP in Lux seems to show that the range is being misused. (ending in .18)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37597
  • Not a avast user
Re: DoS attack = ISP saying its on my side. Help?
« Reply #2 on: March 11, 2013, 10:23:56 PM »
you can have a malware check ?

follow this guide and attch the logs....not copy and paste.   http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR


when done  the removal experts will be notified and check your logs....


OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #3 on: March 11, 2013, 10:41:18 PM »
Find attached the MBAM log + OTL + MBR


Also can i now uninstall OTL? (i guess its just a running only EXE and only runs when you run the exe.)

In addition MBR left a file called MBR.dat (can i delete this now that the scan is over.)
« Last Edit: March 13, 2013, 07:51:20 PM by OliPicard »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37597
  • Not a avast user
Re: DoS attack = ISP saying its on my side. Help?
« Reply #4 on: March 11, 2013, 11:16:48 PM »
not yet, if the removal expert see anything that need to be removed he will use OTL
hewill remove all tools when done...

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #5 on: March 11, 2013, 11:19:09 PM »
Will they need remote access to the machine or can it be done userside?

Thanks

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37597
  • Not a avast user
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #6 on: March 11, 2013, 11:24:22 PM »
Will they need remote access to the machine or can it be done userside?

Thanks
nope....he just give you some instructions
usually he create a fix based on the OTL log, when the fix is run in OTL it instruct OTL to do some comands
if you search some of the topics in this section you can see how Essexboy does it
OBS and he is a trained and certified malware remover....and teacher over at geeks to go forum

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #7 on: March 11, 2013, 11:26:57 PM »
Quote
nope....he just give you some instructions
usually he create a fix based on the OTL log, when the fix is run in OTL it instruct OTL to do some comands
if you search some of the topics in this section you can see how Essexboy does it
OBS and he is a trained and certified malware remover....and teacher over at geeks to go forum

Awesome, Thanks Pondus! I look forward to seeing if anything interesting shows up, Ive had alook myself and ive not seen anything abnormal so hopefully its just this ISP.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37597
  • Not a avast user
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #8 on: March 11, 2013, 11:29:51 PM »
Essexboy is notified, if lucky he is not gone to bed yet,
if he does not show within an hour i guess you have to wait until tomorrow

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #9 on: March 11, 2013, 11:36:44 PM »
Ah Ok (Thanks for notifying Essexboy :D), I look forward to figuring out what the otl logs say, it should be interesting!

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #10 on: March 12, 2013, 11:45:31 AM »
Ive contacted one of the ip's in question whom responded saying

1) They are not causing the problems.
2) If i paid them they would fix the issue.

I must admit it sounds pretty strange from an company which should be taking this seriously. Ive not reached back out to them.

Oliver
« Last Edit: March 12, 2013, 12:06:26 PM by OliPicard »

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #11 on: March 12, 2013, 01:54:30 PM »
Here are some additional IPs which are attacking today.

Code: [Select]
109.201.133.65 x1
67.227.200.203 x1

both attacks on port 80

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #12 on: March 12, 2013, 03:21:28 PM »
Are you on a static IP ?  Or does it change every time you log on ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
@Alternate Data Stream - 994 bytes -> C:\Users\Oliver\AppData\Local\Temp:X02gGPI7EmhUVHobjK4u6XhMubHP

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #13 on: March 12, 2013, 03:42:02 PM »
Hi Essexboy,

Yeah we are on a dynamic IP.

Here are some more recent attacks
Code: [Select]
178.217.186.109:7777 x3
111.221.77.143:40015 x2


Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #14 on: March 12, 2013, 03:47:25 PM »
There should be an OTL extras text file with the standard OTL one, could you attach that as it will show me your ports