« previous next »
Pages: [1]   Go Down

Author Topic: You know: 'blackled' 'reduled' etc.  (Read 2015 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
You know: 'blackled' 'reduled' etc.
« on: May 08, 2015, 12:55:40 AM »
Avast is doing a great job of blocking unintended access to malicious sites, and notifying me about it, but as expected these aren't sites I am trying to go to:

  _http://blackled.info/... 
  _http://redunet.info/...
  _http://blackfight.info/...
  _http://reddie.net/...
  _http://epictory.com/...

This likely came from some Adware that made it onto my machine a couple weeks ago. Those applications, browser extensions, etc. have been found and removed, whether manually or with tools. But the system trying to access the sites above keeps persisting (seems to usually be when network access is initiated/re-initiated).

I have tried Malwarebytes and a couple of other cleaning tools. Logs are attached.

Would appreciate the community's help. Thanks in advance, Super Analysts!!
« Last Edit: May 08, 2015, 06:21:07 AM by westwas1 »
Logged

REDACTED

  • Guest
Re: You know: 'blackled' 'reduled' etc.
« Reply #1 on: May 08, 2015, 07:46:08 AM »
Helo,



Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on icon and select Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
Code: [Select]
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
bitsadmin /reset /allusers;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
Logged

REDACTED

  • Guest
Re: You know: 'blackled' 'reduled' etc.
« Reply #2 on: May 08, 2015, 05:47:28 PM »
Thanks a great deal for your help, Argus.

The Zoek results are attached.
Logged

REDACTED

  • Guest
Re: You know: 'blackled' 'reduled' etc.
« Reply #3 on: May 08, 2015, 08:59:35 PM »
How is the situation now?
Logged

REDACTED

  • Guest
Re: You know: 'blackled' 'reduled' etc.
« Reply #4 on: May 08, 2015, 10:29:46 PM »
No issues so far. Looking great!
Logged

REDACTED

  • Guest
Re: You know: 'blackled' 'reduled' etc.
« Reply #5 on: May 08, 2015, 10:31:21 PM »
The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Logged

REDACTED

  • Guest
Re: You know: 'blackled' 'reduled' etc.
« Reply #6 on: May 09, 2015, 12:29:32 AM »
Thanks for your help, Argus!
Logged
Pages: [1]   Go Up
« previous next »