Author Topic: Network Shield: blocked access to malicious site dns:// (Read 7910 times)

kilicmb · « **on:** December 16, 2008, 04:46:34 PM »

Hi;

A few days ago when I surf at the internet I think our pc infected from a bad site. After that I scan our pc with so many programs. (Avast, Spyboot-Search&Destroy, SuperAntispyware, Malwarebytes Anti-Malware, Ad-Watch, Advanced SystemCare, HijackThis, etc) Each program finds many malicious code after that scan and cleans it. Now, each program does not find any malicious code.

But Avast network shield still gives alert. (I now may be close this alert message, but I think our pc my be still infected.)

Avast Network shield Last attack list:

16.12.2008 09:46:53 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 09:57:08 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 10:07:23 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 10:17:38 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 10:25:04 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 10:35:53 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 10:56:20 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 11:06:35 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 11:16:48 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]
16.12.2008 11:27:02 Network Shield: blocked access to malicious site dns://megauplinkbindinstaller.com [ C:\WINDOWS\system32\svchost.exe ]

Please help me to solve this problem.

newbie7 · « **Reply #1 on:** December 16, 2008, 05:21:34 PM »

Before Scanning

*Turn off System Restore (can turn on after cleared all infections)

*Restart computer in Safe mode F8 Key.

*shows hidden files and folders

*Un-tick hide protection operating system files

*Un-tick hide extension for known file types

*One scan at a time

**If doesn't found any infections :

Then post a HijackThis Log at here,and soon people will help.
(i can't because i don't know anything about logs,sorry)

kilicmb · « **Reply #2 on:** December 16, 2008, 05:45:57 PM »

Hi;
The attached file is our HijackThis Log that is created today. (I also boot time scanned before and the result was clean.)
Thankyou for your help.

DavidR · « **Reply #3 on:** December 16, 2008, 06:57:22 PM »

Something on yuour system is trying to reach that url which has been found to have malware on it, a fake security program and that is why it is being blocked.

http://www.spywaredetector.net/spyware_encyclopedia/Fake%20Anti%20Spyware.WinDefender%202009.htm

What has to be found is the application trying to get there, are you getting any security alerts pop-ups ?

Did you run this software, in safe mode this should be more effective, report the findings (it should product a log file).

Maxx_original · « **Reply #4 on:** December 16, 2008, 11:23:28 PM »

WinDefender is detected as Win32:Trojan-gen afaik... some remaining traces could be there and the HiJackThisLog would help in this case..

kilicmb · « **Reply #5 on:** December 19, 2008, 10:45:34 AM »

Hi All;

The my problem did not solve with known spyware, ad-aware and virus programs unfortunately. I think this one my be new spyware.
Finally, I back to the my ghost image which is the done one month ago and this problem permanently disappear.

Thank you for your relationship.

CharleyO · « **Reply #6 on:** December 20, 2008, 10:17:52 AM »

***

Welcome to the forums, kilicmb.

I am sorry that i did not get a chance to look at your HJT log before you used your ghost image.

There were a couple of questionable entries in the first log. If you could, I would like to see a HJT log since you used the ghost image for a comparison with the first HJT log you posted.

***

kilicmb · « **Reply #7 on:** December 22, 2008, 05:30:15 PM »

Hi ChjarleyO;

Thank you for your pay attention.

The attached file is new HJT log. Could you compere this to old one?

Bye.

CharleyO · « **Reply #8 on:** December 22, 2008, 09:11:32 PM »

***

There is only a little difference in the 2 HJT logs. In the second log are Tunebite.exe and SabahRSS.exe which were not in the earlier log.

O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray

http://www.bleepingcomputer.com/startups/tunebite.exe-7583.html

O4 - HKCU\..\Run: [SabahKirmiziAlarm] "C:\Program Files\Sabah Alarm\SabahRSS.exe

http://sabah-k-rm-z-alarm.software.informer.com/

I do not know why, or how, either of these programs could have helped your problem. Maybe someone else can shed some light on it.

***

Author Topic: Network Shield: blocked access to malicious site dns:// (Read 7910 times)

kilicmb

Network Shield: blocked access to malicious site dns://

newbie7

Re: Network Shield: blocked access to malicious site dns://

kilicmb

Re: Network Shield: blocked access to malicious site dns://

DavidR

Re: Network Shield: blocked access to malicious site dns://

Maxx_original

Re: Network Shield: blocked access to malicious site dns://

kilicmb

Re: Network Shield: blocked access to malicious site dns://

CharleyO

Re: Network Shield: blocked access to malicious site dns://

kilicmb

Re: Network Shield: blocked access to malicious site dns://

CharleyO

Re: Network Shield: blocked access to malicious site dns://