Author Topic: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]  (Read 37965 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #30 on: March 12, 2013, 06:29:59 PM »
I can see no indication of that at the moment .. So I will now search for hidden drivers/files

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #31 on: March 12, 2013, 06:30:59 PM »
No bot it is all coming from this server. Do you see any connection here? http://myip.ms/info/whois/67.227.200.203/k/2854431429/website/www.thebuddyforum.com

polonus
« Last Edit: March 12, 2013, 06:34:12 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #32 on: March 12, 2013, 06:34:59 PM »
Would that tie in with steam somehow ?

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #33 on: March 12, 2013, 06:37:37 PM »
Hi Essexboy, From steam's side nope, they run there own servers on valve.net and also CDN is done by limelight. I am alittle worried running combofix as ive seen it can cause peoples machines to go alittle odd and has been pulled from bleepingcomputer due to being infected.

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #34 on: March 12, 2013, 06:42:15 PM »
Just had a new DoS attack

Code: [Select]
62.75.178.11:5202 https://stat.ripe.net/62.75.178.11#tabId=at-a-glance

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #35 on: March 12, 2013, 06:43:02 PM »
It was pulled about three weeks ago and the bad copy deleted.  The current version is OK

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #36 on: March 12, 2013, 06:46:57 PM »
That is unrelated to the traffic you experience. And essexboy certainly knows what he is doing. He is the best qualified remover we have here and he is instructor at G2G as well. You cannot get better removal assistance on the Interwebs, believe me!
I am just into website code and IP analysis, and seen loads and loads of issues. That is my specialty. So I think out aloud  on an experience basis. Essexboy must drag that baddie out. Trust us, we get to it, we'd find the little b*gger!

pol

PS Just initiate the test you find here: https://www.grc.com/dns/dns.htm (because av and firewall do not protect)
Give me the results of your DNS Nameserver Spoofability Test

D
« Last Edit: March 12, 2013, 06:54:55 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #37 on: March 12, 2013, 07:00:03 PM »
Find the combofix log attached. :)
« Last Edit: March 13, 2013, 09:51:12 PM by OliPicard »

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #38 on: March 12, 2013, 07:06:30 PM »
Also  Polonus, Did that DNS test came back with
Anti-Spoofing Safety: Excellent

Also did the sheildUP test too, THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #39 on: March 12, 2013, 07:13:14 PM »
Ive also PM'd Polonus the results from sheildsup. Seems to look good from here. As for combofix, the log above provides details, I was wondering after we remove whatevers causing this can we uninstall combofix?

Thanks :)

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #40 on: March 12, 2013, 07:23:15 PM »
Should also attach the quarantined-files txt (below.)
« Last Edit: March 13, 2013, 09:54:19 PM by OliPicard »

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #41 on: March 12, 2013, 07:31:33 PM »
In addition my connection has been attacked again by

Code: [Select]
62.75.178.11:5202 (Port Scan UDP) same as previous however has commited a UDP Port scan.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #42 on: March 12, 2013, 07:34:30 PM »
Aye once you are happy all tools will be removed

OK so far I have seen no signs of malware, webshield is not reporting any outgoing - can you confirm that

What effect is this having on your system, as I am wondering whether they may just be probing attacks

Could you confirm it is just Commodo reporting this ?

Then download wireshark and see if there are any unknown outgoings http://www.wireshark.org/download.html

OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #43 on: March 12, 2013, 07:55:33 PM »
Hi Essexboy,

Code: [Select]
The only suspious connections are coming from in and out are 23.62.53.50:80 & 173.194.67.94:443 & 173.194.34.151:443 & 173.194.66.106:443 & 173.194.34.111:443 &  173.194.78.95:443 & 196.0.6.150:443 & 173.194.42.15:443 & 173.194.66.95:443 & 173.194.34.130
Code: [Select]
Blocked items 224.0.0.252 IGMP>browser


OliPicard

  • Guest
Re: DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]
« Reply #44 on: March 12, 2013, 08:04:00 PM »
Running wireshark as we speak.