Author Topic: "Malicious Site Detected"  (Read 3994 times)

0 Members and 1 Guest are viewing this topic.

Aokin

  • Guest
"Malicious Site Detected"
« on: December 31, 2008, 11:02:32 PM »
As with Mariner's post I have just now started experiencing similar problems. But also, whenever I do a search although the titles found in results list is legitimate the linked pages are not. For example a linked "Bobby Fischer" Wikipedia page will direct to Monstermarket, or teens-something, etc.

 I am not familiar with the usual process of posting hijack logs, so I would hope this generated Hijackthis list is suitable.

 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:46 AM, on 1/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aapt.net.au
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4429 bytes


edit: Sorry, how do I attach a file ?
« Last Edit: December 31, 2008, 11:04:21 PM by Aokin »

spg SCOTT

  • Guest
Re: "Malicious Site Detected"
« Reply #1 on: January 01, 2009, 01:57:43 AM »
To attach a file you have to click on the additional files, which expands the section for attachments, see the image

I don't know about HiJackThis logs but it looks like you are using SP2 (this could be updated when you are clean) and Internet Explorer 6 (this is outdated and IE7 is available, it is necessary to update this as it leaves you more vulnerable, again only once you are clean) 

Aokin

  • Guest
Re: "Malicious Site Detected"
« Reply #2 on: January 01, 2009, 09:02:06 PM »
Great, thanks for the assistance there. Yeah I have not updated anything for a while it would seem, computers tend to fare badly in my hands :)

Okay I have attached my file, and just now read the advice of the thread "Blocked 78.110.175.21 and bogus google links". I will delete the file and restart to see whether the virus can be removed.

Aokin

  • Guest
Re: "Malicious Site Detected"
« Reply #3 on: January 01, 2009, 09:07:06 PM »
So far so good.

Thanks again.

CharleyO

  • Guest
Re: "Malicious Site Detected"
« Reply #4 on: January 01, 2009, 11:53:23 PM »
***

Welcome to the forums, Aokin.   :)

The HJT log you attached looks clean. Two problems exist, though.

A newer version of service pack is available. Service packs increase the safety of your system. You should upgrade to SP3. Visit Microsoft's windowsupdate site to download the newest version of the service pack.

You do not seem to have an active process of a firewall on your system. If you are using only Windows firewall, it only provides inbound protection. Outbound protection is also needed and it is suggested that you install a software firewall that provides outbound protection.


***

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89341
  • No support PMs thanks
Re: "Malicious Site Detected"
« Reply #5 on: January 02, 2009, 12:40:22 AM »
Personally I think there might be something wrong, based only on the small size of your HJT log, it is one of the smallest I have seen (and much smaller than mine), either you run a very tight ship with little in the way of installed programs (gamer set-up perhaps ???), etc. or you may have something hiding from HJT.

Change the hijackthis.exe to say Aokin-HJT.exe and run it again and see if it turns up anything else.

Obviously as CharleyO mentions SP3 is out and once installed also gives access to IE 6 SP3.

Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://java.sun.com/javase/downloads/index.jsp
Or JRE version 6 update 11 http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html

I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/ and there a few on your system.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Re: "Malicious Site Detected"
« Reply #6 on: January 02, 2009, 12:57:56 AM »
Hi Aokin,

A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.
   We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own one.

Survey of active tasks runnin on your OS:
smss.exe   

System task
   

Session Manager Subsystem
winlogon.exe   

System task
   

Microsoft Windows Logon Process
services.exe   

System task
   

Windows Service Controller
lsass.exe   

System task
   

Local Security Authority Service
svchost.exe   

System task
   

Microsoft Service Host Process
svchost.exe   

System task
   

Microsoft Service Host Process
aswUpdSv.exe   

Virusscan
   

Avast Anti-Virus Component
ashServ.exe   

Virusscan
   

Avast
PnkBstrA.exe   

Process background task
   

pnkbstra.exe
ashWebSv.exe   

Virusscan
   

avast! Web Scanner
Explorer.EXE   

System task
   

Microsoft Windows Explorer
ashDisp.exe   

Virusscan
   

Avast AntiVirus
WG111v2.exe   

System task
   

NETGEAR WG111v2 Wireless Assistant
firefox.exe   

Application
   

Mozilla Firefox
HijackThis.exe   

Application
   

Hijackthis

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!