« previous next »
Pages: [1]   Go Down

Author Topic: wpad.domain.name and dreesfootler.uno  (Read 1664 times)

0 Members and 1 Guest are viewing this topic.

Offline Trifoilum

  • Newbie
  • *
  • Posts: 2
wpad.domain.name and dreesfootler.uno
« on: August 17, 2023, 10:13:59 AM »
Hello,

For the last couple of weeks, suddenly my Avast keeps ringing and telling me that

"We've safely aborted connection on wpad.domain.name because it was infected with URL:Blacklist.
Threat name: URL:Blacklist
URL: http://wpad.domain.name/wpad.dat
Process: C:\Windows\System32\svchost.exe
Detected by: Web Shield
Status: Connection aborted

2b3e04620fd7/2023-08-17T08:04:27.424Z"

Then for the last week, another one appeared:

"We've safely aborted connection on dreesfootler.uno because it was infected with URL:Blacklist.
Threat name: URL:Blacklist
URL: http://dreesfootler.uno/rf/48172
Process: C:\Program Files\Google\Chrome\Application\chrome.exe
Detected by: Web Shield
Status: Connection aborted

5977bd9ba801/2023-08-17T08:05:13.287Z"

And yet scanning my computer with both Avast and Malwarebytes give nothing.
What is happening with my computer? Or is it a problem with my wireless network?

Thank you for the assistance.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33923
  • malware fighter
Re: wpad.domain.name and dreesfootler.uno
« Reply #1 on: August 17, 2023, 02:43:38 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Trifoilum

  • Newbie
  • *
  • Posts: 2
Re: wpad.domain.name and dreesfootler.uno
« Reply #2 on: August 18, 2023, 04:28:15 AM »
Quote from: polonus on August 17, 2023, 02:43:38 PM
4 solutions to flag this: https://www.virustotal.com/gui/url/3265a50b86ac80c18cf47fd16694a4ef3cf1ce12aaadd017c99c4a0663ffd615?nocache=1  See: https://www.shodan.io/host/23.109.170.48

Flagged for PHISHING

polonus

I see that at least dreesfootler.uno is a phishing link, thank you!
What about wpad.domain.name?
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33923
  • malware fighter
Re: wpad.domain.name and dreesfootler.uno
« Reply #3 on: August 18, 2023, 11:11:17 AM »
Hi Trifoilum,

Considering your last question, see: https://www.virustotal.com/gui/url/9eda52ddddb7243835f9f3cecbf1b160d22ac4143dd7258042374a5ce1caeca7/details

Detection could be given because of an old  or compromised version of Java is being used.
To not be troubled anymore turn off the "Automatically detect proxy settings" feature in Internet Options.

Could be the original infection was using svchost.exe in order to download and configure a WPAD file on the system,
and then at some point, Chrome tried to use the same WPAD file. A likely scenario.

Contact MBAM forum to have this fixed for ye,
as we recently do not have officially qualified malware removers on the here avast forums,

Various vulnerabilities - https://www.shodan.io/host/185.38.111.1 (Neroso - Belgrade).
-> Server: DirectAdmin Daemon v1.53.0 Registered to Gransy s.r.o.

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)


Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »