Author Topic: Potential Virus/Malware...can't find info on it anywhere  (Read 8542 times)

0 Members and 1 Guest are viewing this topic.

mariner

  • Guest
Potential Virus/Malware...can't find info on it anywhere
« on: December 31, 2008, 03:58:18 AM »
I'm getting Network Sheild Alarms about every 4 minutes when my Internet Explorer window is open with the following message:

30.12.2008  21:35:55  Network Shield: blocked access to malicious site 78.110.175.21/cp/x/?u=0A1&i=0+260000493041722f03218a562928f5a693b2e5MILLAR-1++++++++Mozilla/5.0%20(Windows;%20U;%20Windows%20NT%205.1;%20en-US;%20rv:1.8.0.7)%20Gecko/20060909%20Firefox/1.5.0.7 [ C:\Program Files\Internet Explorer\iexplore.exe ]

Same thing over and over again.  I've seen some posts talking about 78.110.175.21 and it not being a nice place, but I'm not sure where this is coming from.

Anti-virus isn't detecting anything and I've installed Ad-Aware and Spybot Search & Destroy and they don't see anything either.

Two other points that may help shed some info too...

First, when I do a google search, the first page of results have bogus URL's inserted in them...typically www.monstermarketplace.com or www.justclickdeals.com, freescan.antivirus.com, etc, etc...the Title of the page and the two-line description are accurate, but the URL that I'm sent to has nothing to do with the search result...this doesn't seem to occur when I do searches with yahoo.com or other non-google engines.

Lastly, I was doing some searches trying to figure out why this was happening and there was a post about a pop-up that would occur that looked like a normal flash-update message, but really wasn't...I can't find that page specifically to post the URL (unfortunately).

Any ideas/help would be appreciated.

Thanks

Jtaylor83

  • Guest
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #1 on: December 31, 2008, 05:36:48 AM »
I suggest SuperAntiSpyware Free or MalwareByte's AntiMalware.

Download HiJackThis and post a log here.

mariner

  • Guest
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #2 on: December 31, 2008, 06:08:17 AM »
Hi, I installed the Malware application but it didn't find anything on a full scan.

Also, I forgot to mention this before, but Microsoft Update won't work either...it presents a page saying that its only for the latest version of IE and presents a link to download and install the latest rev...I do that, but it still doesn't think I have the latest rev of the browser...I'm assuming something has hijacked the browser but not sure how to get rid of it...

Attached is the output from the HiJackThis log...thanks for the help


Deaki

  • Guest
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #3 on: December 31, 2008, 06:33:08 AM »
I have exactly the same issue.

Avast alert at the bottom of the screen saying it blocked.... 78.110.175.21 and I can't download the new Microsoft Security updates, as it goes to a website and I can't then do the usual Windows Update thingy... I also get Google searches that aren't related to what I'm looking for but are searchclick.com or the like!

Anyway that can help ???

Miss L.

Jtaylor83

  • Guest
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #4 on: December 31, 2008, 06:59:52 AM »
Looks like it maybe a new variant of Win32:Zlob. 78.110.175.21 is a Russian IP address.

I suggest an online scan through
Dr. Web CureIt
Kaspersky Online Scanner
Trend Micro Housecall

« Last Edit: December 31, 2008, 07:25:22 AM by Jtaylor83 »

CharleyO

  • Guest
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #5 on: December 31, 2008, 07:54:07 AM »
***

Welcome to the forums, mariner.   :)

The IP address 78.110.175.21 is assigned to LIMIT SureHost located in Moscow, Russia.

From your HJT log :

The below entry is related to Windows Live Messenger.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

This next one does not look necessary to me but I hope someone will confirm this for me.

O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&lan guage=en&product=SymNRT&version=2008.0.2.17&build=Symantec&a=00000082.00000001.0 0000001&b=00000082.0000000f.0000001b&c=00000082.0000001e.0000004a&d=00000082.000 00020.0000004c&e=00000082.00000049.000000b9

To be fixed if the entry '' is unknown. Do you know of or use ByteScout? If yes, then they are ok.

O9 - Extra button: (no name) - {51B035FC-5ABA-471F-A34E-7499E951FF7A} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html         

O9 - Extra 'Tools' menuitem: Extract Flash Video with Bytescout... - {51B035FC-5ABA-471F-A34E-7499E951FF7A} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html         

O9 - Extra button: Extract Flash Video with Bytescout... - {DE4FDA6F-7571-4455-A09F-D205E4DC9C46} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html

The below may be related to either Virtumonde or Smitfraud and I hope someone else can confirm this for me.

O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD}

Do you or have you uploaded photos to CVS Pharmacy, Costco, WalMart, or other such Online Photo Center services? The the below is related to such services through primedia.com

O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD}

Those are the only ones I see in your HJT log that are either questionable or perhaps not needed.


***

CharleyO

  • Guest
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #6 on: December 31, 2008, 07:55:50 AM »
***

Welcome to the forums, Deaki.   :)

Please start your own thread in order to not confuse the help given in this thread. Use the "New Topic" button near the top right of this section of the forum.


***

EDIT to correct spelling error.
« Last Edit: December 31, 2008, 07:58:48 AM by CharleyO »

C4Monk

  • Guest
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #7 on: December 31, 2008, 07:22:27 PM »
I just started getting this msg this morning, have no idea what it means or where I picked it up. I ran a full scan with avast an found nothing.

31.12.2008  12:14:28  Network Shield: blocked access to malicious site 78.110.175.21/cp/x/?u=0A1&i=0+e10000494a9707443781920b4b412693924db8BOOK-I9BOMLIG6Q+Mozilla/4.0%20(compatible;%20MSIE%207.0;%20Windows%20NT%205.2;%20.NET%20CLR%201.1.4322;%20.NET%20CLR%202.0.50727;%20.NET%20CLR%203.0.04506.30;%20.NET%20CLR%203.0.04506.648) [ C:\Program Files\Mozilla Firefox\firefox.exe ]

It comes up about every 4 min. Do I have something to worry about?

C4Monk

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #8 on: December 31, 2008, 07:43:35 PM »
You could monitor this topic and run the suggested software. But it would be better to start your own new topic so as not to complicate this one.

Please start a New Topic of your own as it will just confuse the topic and we will try to help. 
- Go to this link, http://forum.avast.com/index.php, scroll down to the Viruses and Worms forum and click it, click the New Topic button at the top of the list and post there.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #9 on: December 31, 2008, 10:36:52 PM »
31.12.2008  12:14:28  Network Shield: blocked access to malicious site 78.110.175.21
This site (78.110.175.21) is infected.
The best things in life are free.

mariner

  • Guest
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #10 on: January 02, 2009, 03:56:58 AM »
Hi,
I did a number of those scans and pulled some of the recommended items from the HiJack list...anyway, I stumbled across what I think is the solution in topic #41423.0

http://forum.avast.com/index.php?topic=41423.0

I deleted the file in question and the avast blocking messages have stopped, the google searches are accurate again and I can run Microsoft Update...

Thanks to all those who put the time in to help

CharleyO

  • Guest
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #11 on: January 02, 2009, 06:01:23 AM »
***

You are welcome, mariner, and it is good to know you now have your problem corrected.   :)


***

zone12

  • Guest
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #12 on: January 02, 2009, 11:25:34 PM »
There could be many things thats causing this it could be a cookie ADware PUt up a Hijackthis log up and then we should know whats happening

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #13 on: January 02, 2009, 11:55:21 PM »
Hi mariner,

Update your java version, because that could get you infected, but it might be the right version, check. A good way to keep an eye on the latest versions and patches is via this free download: http://secunia.com/PSISetup.exe
If you have to cleanse something in SafeMode, disable Teatimer for the time you are at that, enable later again..
Then you apparently haven't got a firewall running there, what is making you vulnerable on the Internet.

Survey of Active tasks on your OS
smss.exe   

System task
   

Session Manager Subsystem
winlogon.exe   

System task
   

Microsoft Windows Logon Process
services.exe   

System task
   

Windows Service Controller
lsass.exe   

System task
   

Local Security Authority Service
svchost.exe   

System task
   

Microsoft Service Host Process
svchost.exe   

System task
   

Microsoft Service Host Process
aawservice.exe   

Anti Add/Spyware software
   

Ad-Aware 2007 Service
aswUpdSv.exe   

Virusscan
   

Avast Anti-Virus Component
ashServ.exe   

Virusscan
   

Avast
Explorer.EXE   

System task
   

Microsoft Windows Explorer
SMax4PNP.exe   

Background task
   

SMax4PNP MFC Application
iTunesHelper.exe   

Application
   

Apple Itunes
StatusClient.exe   

Background task
   

Hewlett-Packard Status Client
VM_STI.EXE   

Background task
   

BigDogPath
jusched.exe   

Background task
   

Sun Java Update Scheduler
HOMERunner.exe   

Application
   

Part of TomTom routeplanner software - TML P
ashDisp.exe   

Virusscan
   

Avast AntiVirus
HPWuSchd2.exe   

Background task
   

Hewlett Packard Software Update Scheduler
CTDetect.exe   

Background task
   

Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard.
ctfmon.exe   

System task
   

Alternative User Input Services re: http://www.howtogeek.com/howto/windows-vista/what-are-wmpnscfgexe-and-wmpnetwkexe-and-why-are-they-running/
WMPNSCFG.exe   

Bsckground task
   

Windows Media Player Network Sharing Service Confi
TeaTimer.exe   

Application
   

Spybot S&D Realtime Scanner
spoolsv.exe   

System task
   

Microsoft Printer Spooler Service
reader_sl.exe   

Background task
   

Adobe Reader Speed Launch
boincmgr.exe   

Background task
   

BOINC manager
WinCinemaMgr.exe   

Background task
   

WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo.
ICQ.exe   

Application
   

ICQ
EasyShare.exe   

Background task
   

Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera.
WindowsSearch.exe   

Background task
   

Windows Desktop Search Tray
boinc.exe   

Background task
   

Berkeley Open Infrastructure for Network Computing
javaw.exe   

Application
   

Sun Java

hadsm3_6.07_windows_intelx86.exe
   

Unknown task


Unknown task
Hotsync.exe   

Background task
   

HotSync Manager

hadam3_6.01_windows_intelx86.exe
   

Unknown task
   

Unknown task
IEXPLORE.EXE   

Application
   

Windows internet explorer
CTsvcCDA.EXE   

Background task
   

Creative CD-ROM Services
cvpnd.exe   

Application
   

Cisco VPN Service

hadsm3_um_6.07_windows_intelx86.exe
   

Unknown task = ClimatePrediction.net.uk ??
   

Unknown task
svchost.exe   

System task
   

Microsoft Service Host Process
iaantmon.exe   

Background task
   

Intel Application Accelerator RAID Monitor
nvsvc32.exe   

Application
   

NVIDIA Driver Helper Service
HPZipm12.exe   

Driver
   

HP Taskbar Utility
SMAgent.exe   

Background task
   

Analog Devices magent
svchost.exe   

System task
   

Microsoft Service Host Process
SearchIndexer.exe   

System task
   

Search Indexer
ashMaiSv.exe   

Virusscan
   

Avast Anti-Virus Component
ashWebSv.exe   

Virusscan
   

avast! Web Scanner
iPodService.exe   

Background task
   

Apple iTunes

hadam3_um_6.01_windows_intelx86.exe
   

Onbekende taak
   

Onbekende taak
SearchProtocolHost.exe   

System task
   

SearchProtocolHost
WLLoginProxy.exe   

Application
   

Microsoft? Windows Live Login Helper
wuauclt.exe   

Systeem taak
   

AutoUpdate Client
wuauclt.exe   

System task
   

AutoUpdate Client
HijackThis.exe   

Application
   

Hijackthis,

polonus
« Last Edit: January 03, 2009, 12:05:37 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Potential Virus/Malware...can't find info on it anywhere
« Reply #14 on: January 03, 2009, 12:58:22 AM »
There could be many things thats causing this it could be a cookie ADware PUt up a Hijackthis log up and then we should know whats happening

To whom are you addressing your comment to as there are two posters in this and one has already posted a HJT log and received help on it. So if it is addressed to the other poster, I asked him to start another topic as it would just confuse this one, which he did and his problem has also been resolved.

Also don't ask for a HJT log to be posted unless you are prepared to do the analysis.

I appreciate you are trying to help but you have to read the topic so we are all working from the same page or it just confuses things.
« Last Edit: January 03, 2009, 01:08:30 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security