Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Network Shield: blocked access to malicious site
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Network Shield: blocked access to malicious site (Read 3964 times)
0 Members and 1 Guest are viewing this topic.
almudevar
Guest
Network Shield: blocked access to malicious site
«
on:
September 30, 2009, 07:04:17 PM »
Hi guys, I hope you can help.
I get a meesage saying Network Shield blocked access to malicious site up002.cn/cgi-bin/jl/jloader.pl?u=u/updates_.cb. Then Windows Explorer shuts down. It happens dozens of times a day. Also, when I start up, I get a warning message that Windows has closed Windows Explorer in order to protect the system.
While it's great that Avast has foiled the attack, I don't know how to eliminate the bug. I have run the boot-time scan, the normal scan, I have scanned with other anti-viruses.
Any ideas greatly appreciated.
Darius-
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33913
malware fighter
Re: Network Shield: blocked access to malicious site
«
Reply #1 on:
September 30, 2009, 08:55:40 PM »
Hi almudevar,
It is in this list:
http://www.malwaredomainlist.com/mdl.php?inactive=&sort=IP&search=cgi&colsearch=All&ascordesc=ASC&quantity=100&page=2
Do not click any there....
The last time suspicious code was found on mentioned site was on 2009-07-10.
Malicious software includes 2 trojans.
The malware there is AKBOT:
http://threatinfo.trendmicro.com/vinfo/it/virusencyclo/default5.asp?VName=BKDR_QAKBOT.AF&VSect=T
and
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=154840&ctst=1
This site was hosted on 1 network(s) including AS11798 (BLUEHOST).
This site has hosted malcode and the software has infected 2 domains, e.g. ekoses.com/, digalon.com/.
At the moment the main site seems OK,
Checking: hxtp://www.bhdefaultparking.com/?a=up002.cn
File size: 12.50 KB
File MD5: 896086f5eb80faff88278805baa9cb07
hxtp://www.bhdefaultparking.com/?a=up002.cn - archive HTML
>hxtp://www.bhdefaultparking.com/?a=up002.cn/Script.0 - Ok
>hxtp://www.bhdefaultparking.com/?a=up002.cn/javascript.1 - Ok
hxtp://www.bhdefaultparking.com/?a=up002.cn - Ok
Checking: hxtp://up002.cn
Engine version: 5.0.0.12182
Total virus-finding records: 651682
File size: 3433 bytes
File MD5: d8e80f775182c4afb0bb783f2a55c886
hxtp://up002.cn - archive HTML
>hxtp://up002.cn/Script.0 - Ok
>hxtp://up002.cn/Script.1 - Ok
hxtp://up002.cn - Ok
See additonally:
http://wepawet.cs.ucsb.edu/view.php?hash=d9d6a75b785302243071c8af2bd45f02&t=1254336903&type=js
polonus
«
Last Edit: September 30, 2009, 08:59:39 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Network Shield: blocked access to malicious site
