Author Topic: network shield logs  (Read 10035 times)

0 Members and 1 Guest are viewing this topic.

theinvulnerable

  • Guest
network shield logs
« on: June 08, 2010, 01:43:26 PM »
What should I do to stop this? I always get this everyday in this week. Others says i have virus in my system already so that this is the cause of attacks. But I've already scanned my system with malwarebytes, spybot search and destroy, and avast free scheduled in boot time scan and nothing was detected. I already tried this in regedit Hkey local machine software microsoft ole DCOM Y value replace by N because they say it can stop this attacks logging in network shield but until now I still get this:

08.06.2010  03:56:00  Network Shield: blocked access to malicious site 88.80.7.152/cgi/dtiyodt.php?otc=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 856 ) ]
08.06.2010  07:41:52  Network Shield: blocked access to malicious site media9s.com/cgi/ncmm.php?mm=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 212 ) ]
08.06.2010  07:41:52  Network Shield: blocked access to malicious site nopagency.com/cgi/ajj.php?jjj=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 212 ) ]
08.06.2010  07:41:53  Network Shield: blocked access to malicious site 88.80.7.152/cgi/peeuujjz.php?peukz=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 212 ) ]
08.06.2010  15:22:22  Network Shield: blocked access to malicious site media9s.com/cgi/zen.php?tiy=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 3868 ) ]
08.06.2010  15:22:23  Network Shield: blocked access to malicious site nopagency.com/cgi/gw.php?bqg=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 3868 ) ]
08.06.2010  15:22:23  Network Shield: blocked access to malicious site 88.80.7.152/cgi/kzpeuk.php?puzjj=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 3868 ) ]
08.06.2010  18:39:21  Network Shield: blocked access to malicious site media9s.com/cgi/iiii.php?ii=67340145x044452x<x5x4x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 3344 ) ]
08.06.2010  18:39:22  Network Shield: blocked access to malicious site nopagency.com/cgi/qfva.php?zzpp=67340145x044452x<x5x4x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 3344 ) ]
08.06.2010  18:39:22  Network Shield: blocked access to malicious site 88.80.7.152/cgi/yhhhhhhh.php?hhhhh=67340145x044452x<x5x4x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 3344 ) ]

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: network shield logs
« Reply #1 on: June 08, 2010, 04:17:59 PM »
I don't know if I'm right, but it looks like this is just the log of everything that Avast has stopped when you were browsing.

The only thing you can do to stop it is to stop browsing the sites that have malicious code on them.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

theinvulnerable

  • Guest
Re: network shield logs
« Reply #2 on: June 08, 2010, 05:06:29 PM »
I don't know if I'm right, but it looks like this is just the log of everything that Avast has stopped when you were browsing.

The only thing you can do to stop it is to stop browsing the sites that have malicious code on them.

No even if I did not open a browser it stills pop out and  besides i'm always clearing my browser cache using ccleaner, clearing windows temp, and prefetch. I am confused right now. Any Idea?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89210
  • No support PMs thanks
Re: network shield logs
« Reply #3 on: June 08, 2010, 07:23:30 PM »
Then you appear to have something either hidden or undetected trying to access that site.

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Also available a portable version of SAS, http://www.superantispyware.com/portablescanner.html, no installation required.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

miscreant

  • Guest
Re: network shield logs
« Reply #4 on: June 09, 2010, 07:54:36 PM »
Also might be worth checking IE settings tools>internet options>security>trusted sites.If there are any entries that you haven't entered there, remove them.You may also want to check your hosts file and recreate if necessary
 http://support.microsoft.com/kb/972034

« Last Edit: June 09, 2010, 08:02:52 PM by miscreant »

theinvulnerable

  • Guest
Re: network shield logs
« Reply #5 on: June 09, 2010, 08:27:08 PM »
As I stated before I don't find any after scanning malwarebytes, avast, and Spybot Search and Destroy. And I did not find anything also in Trusted zone. But I gave you a hint about it for you to have an Idea how you can help me. Whenever the avast scanner message the attacks their is IEXPLORE.EXE popout in my task manager and when I tried to scan it with avast by right clicking the blue ball icon in system tray the avast can perform memory checking but suddenly it was lost in my sight and the avast simple user interface won't open. But if I endtask the IEXPLORE.EXE  I can see the avast simple user interface again. The IEXPLORE.EXE is running under my computer user account, for example my user account used is Admiral.
« Last Edit: June 09, 2010, 08:32:16 PM by theinvulnerable »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: network shield logs
« Reply #6 on: June 09, 2010, 08:35:17 PM »
Search and check your HOSTS file..! Which entries do you see?
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

miscreant

  • Guest
Re: network shield logs
« Reply #7 on: June 09, 2010, 08:46:45 PM »
As I stated before I don't find any after scanning malwarebytes, avast, and Spybot Search and Destroy. And I did not find anything also in Trusted zone. But I gave you a hint about it for you to have an Idea how you can help me. Whenever the avast scanner message the attacks their is IEXPLORE.EXE popout in my task manager and when I tried to scan it with avast by right clicking the blue ball icon in system tray the avast can perform memory checking but suddenly it was lost in my sight and the avast simple user interface won't open. But if I endtask the IEXPLORE.EXE  I can see the avast simple user interface again. The IEXPLORE.EXE is running under my computer user account, for example my user account used is Admiral.

Iexplore.exe is internet explorers executable ,and in this case probably not the problem.Its internet explorer trying to connect to the site thats the problem.Again as asked check your hosts file.Also what firewall and operating system are you using?
« Last Edit: June 09, 2010, 08:48:32 PM by miscreant »

theinvulnerable

  • Guest
Re: network shield logs
« Reply #8 on: June 09, 2010, 09:00:56 PM »
Ok here is my host file...

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy

note: I uninstall spybot yesterday because even though  I scanned my system with it and active as resident it does not find anyting about this. I've just let the avast and net studio USB Firewall do the resident scanning job.

I'm still using winxpsp2 and just using the windows firewall with checked the Don't allow exception.

BTW, I'm not so often used the internet explorer because I have mozilla firefox. But still the internet explorer is the default browser in the settings.
« Last Edit: June 09, 2010, 09:08:39 PM by theinvulnerable »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: network shield logs
« Reply #9 on: June 09, 2010, 09:19:25 PM »
...because I have mozilla firefox. But still the internet explorer is the default browser in the settings.

You should update your XP to SP3 after you got your system clean. (There are also new browser options in SP3 with the latest updates.) Btw, your HOSTS file is ok..!
You can try free EAM to rescan your system and see what it finds.
http://www.emsisoft.com/en/software/free/
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

theinvulnerable

  • Guest
Re: network shield logs
« Reply #10 on: June 09, 2010, 09:44:44 PM »
The free version is not a free trial? The free version of this software is only an On Demand Scanner or it has resident scanner also? Because if it has resident scanner that means the avast will be uninstalled or the resident of that software can configured it not to run his resident scanner when installing that? :o
« Last Edit: June 09, 2010, 09:49:04 PM by theinvulnerable »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89210
  • No support PMs thanks
Re: network shield logs
« Reply #11 on: June 09, 2010, 10:29:25 PM »
I'm not really sure which software you are referring to, presumably emisoft, which Asyn seems to have a thing about, whilst the rest of us believe it has a high rate of false positives. EAM - Previously a-squared Anti-Malware, which incorporates a-squared AV, the one we think has a lot of FPs. Personally I wouldn't touch it, but that's just me ;D

avast is a resident on-access scanner (all versions) and so far that resident protection has been saving your ass by blocking outbound connections to malicious sites.

So I wouldn't install EAM if I had to get rid of avast.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

miscreant

  • Guest
Re: network shield logs
« Reply #12 on: June 09, 2010, 10:40:18 PM »
The free version is not a free trial? The free version of this software is only an On Demand Scanner or it has resident scanner also? Because if it has resident scanner that means the avast will be uninstalled or the resident of that software can configured it not to run his resident scanner when installing that? :o

Personally id try something like prevx 3.0 free.Its just an on demand scanner ,and has pretty good detection results.I don't believe the free version will clean everything though ,just detect but at least if it finds something you can plan from there.You've already used mbam which didn't detect anything,and that's one of the best,so fingers crossed.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: network shield logs
« Reply #13 on: June 10, 2010, 09:54:47 AM »
The free version is not a free trial? The free version of this software is only an On Demand Scanner or it has resident scanner also? Because if it has resident scanner that means the avast will be uninstalled or the resident of that software can configured it not to run his resident scanner when installing that? :o

Direct link to the free version. (No resident scanner, just on demand..!)
It can be run together with avast (it does here) without problems, like Mbam...
Be sure to update before scanning (there's no autoupdate in this free version).
http://download.cnet.com/A-squared-Free/3000-8022_4-10262215.html?part=dl-6251182&subj=dl&tag=button
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: network shield logs
« Reply #14 on: June 10, 2010, 10:10:17 AM »
...presumably emisoft, which Asyn seems to have a thing about, whilst the rest of us believe it has a high rate of false positives.

I know you don't like it, but if avast and mbam can't dedect/remove the threat it's a 3rd possibility to get rid of malware, as it still has one of the highest dedection rates. But sure you always have to be careful about FPs..! Another reason is the online forum, which offers free professional support in removing malware, even for unexperienced user. (http://support.emsisoft.com/forum/6-malware-removal-help/)
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0