Author Topic: URL:MAL 67.159.200.132  (Read 7677 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
URL:MAL 67.159.200.132
« on: December 23, 2014, 06:51:16 PM »
Geeks to Go was helping me with URL:MAL warnings I've been getting. They've concluded that this issue should be handled here by Avast.

Here's the link to the thread.

http://www.geekstogo.com/forum/topic/345619-how-to-get-rid-of-urlmal/

Thanks!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: URL:MAL 67.159.200.132
« Reply #1 on: December 23, 2014, 07:11:01 PM »

REDACTED

  • Guest
Re: URL:MAL 67.159.200.132
« Reply #2 on: December 23, 2014, 10:20:32 PM »
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/23/2014
Scan Time: 10:54:42 AM
Logfile: MBAMlog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.23.07
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nakamoto

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369028
Time Elapsed: 13 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


REDACTED

  • Guest
Re: URL:MAL 67.159.200.132
« Reply #3 on: December 23, 2014, 10:23:10 PM »

FRST log

REDACTED

  • Guest
Re: URL:MAL 67.159.200.132
« Reply #4 on: December 23, 2014, 10:24:38 PM »
Addition log

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: URL:MAL 67.159.200.132
« Reply #5 on: December 23, 2014, 10:36:51 PM »
Additional info on IP 67.159.200.132- listed at DNS-BH / malwaredomains.com malicious with a severity 2
5 alerts for a PUP detection here: http://urlquery.net/report.php?id=1419167148929
Server vulnerable: System Details:
Running on: Apache/2.2.15
Powered by: PHP/5.3.3
Outdated Web Server Apache Found: Apache/2.2.15 - IDS alerts for "ET MALWARE PUP Win32.SoftPulse Retrieving data"
What is gonna be found is probably this: http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/SoftPulse/detailed-analysis.aspx

This all apart from the malware cleansing routine here which I am not intruding and leave alone, just want to report on these aspects to the IP mentioned just to set your mind a bit at ease towards the severity of malcode detected eventually.

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: December 23, 2014, 10:41:48 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: URL:MAL 67.159.200.132
« Reply #6 on: December 23, 2014, 10:54:25 PM »
After reading the topic over at Geeks to Go it seems evrything is tried.
And from the conclusion in last post it seem you need to open a support ticket.....

Avast support   https://support.avast.com


REDACTED

  • Guest
Re: URL:MAL 67.159.200.132
« Reply #7 on: December 23, 2014, 11:30:29 PM »
aswMBR file

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: URL:MAL 67.159.200.132
« Reply #8 on: December 23, 2014, 11:32:56 PM »
Let's see:
Quote
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
Take your pick about what av you want to use. Do not use multiple at the same time.
Quote
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-12-08] (Simply Super Software)
It is not free and research shows that it far worse then e.g. MBAM.
Quote
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Spybot used to be good, but it isn't anymore for a long time.

Intuit sync manager? Are you using quickbooks?
Quote
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
Another security software that can cause conflicts/problems when running multiple.

And I see more problems.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: URL:MAL 67.159.200.132
« Reply #9 on: December 24, 2014, 12:00:15 AM »
Hi Eddy,

Are you saying that victim has two or more resident av solutions running at the same time, that is cause of a lot of false cross-detection  :o  Only one resident av solution should run on an operational system.
Just like two dogs on the porch before the house that start to fight amongst each other in stead of protecting their Boss from attacks.

polonus
« Last Edit: December 24, 2014, 12:03:46 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: URL:MAL 67.159.200.132
« Reply #10 on: December 24, 2014, 12:48:33 AM »
Not just two av's are running in real time, but some other security software as well.

REDACTED

  • Guest
Re: URL:MAL 67.159.200.132
« Reply #11 on: December 24, 2014, 01:18:08 AM »
I normally only use Avast. I downloaded the other stuff to try to fix the URL:MAL myself.

I turned off Windows Defender, uninstalled Spybot, Trojan Remover, and Kaspersky and rebooted my computer. We'll see if I still get warnings.

I do use Quickbooks.

REDACTED

  • Guest
Re: URL:MAL 67.159.200.132
« Reply #12 on: December 24, 2014, 05:17:41 AM »
Still getting warnings.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: URL:MAL 67.159.200.132
« Reply #13 on: December 24, 2014, 12:42:40 PM »
Hi HiHelen,

Post the logs attached like described here: https://forum.avast.com/index.php?topic=53253.0
and wait for a qualified remover to arrive.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: URL:MAL 67.159.200.132
« Reply #14 on: December 24, 2014, 05:58:02 PM »
Uninstall Spybot - Search and Destroy, SUPERAntiSpyware, Trojan Remover 6.9.1.2932, Web Companion, Kaspersky Security Scan, and Wise Registry Cleaner 8.26.
Are you connected to the internet via router? Provide myself a fresh FRST scan log after uninstalling the aforementioned programs.