Newporto.cn site blocked by Network shield

[Asyn]

1. I still havent run Mbam because in the last 24hours,Avast hasnt been blocking newporto.cn?
So if I installed Mbam,I would be thinking it was because of it.So,I will wait until Avast blocks it again.
Could it be that Avast has sorted the problem for us?

2. Maybe user here ,Markusbin,who reported no more infections since he installed Mbam,is now also unsure if it was the program or the fact that Avast hasnt blocked anymore since yesterday ...

1. I strongly advice you to run Mbam..!
2. The user removed 2 threats with Mbam, as he stated in his reply.
asyn

[powers1]

Had only one threat this morning.

After this, I installed MBam version 4237(latest) and performed the recommended quick scan and it found no threats.

[Asyn]

Had only one threat this morning.

So, did you get rid of it...??
asyn

[powers1]

If it didnt detect any threats from the scan,so I dont know!
All I can say is that since the scan ,I havent received any threats..but I will have to wait because I had only received 1 threat since yesterday afternoon...

Will wait until tomorrow and I will report back to update

[Asyn]

Will wait until tomorrow and I will report back to update

Ok, awaiting your reply...
asyn

[CharleyO]

***

Powers1,

Be sure to update MBAM before you run it again.


***

[powers1]

Update.
I have always the latest 4237 version on MBam.
In the last 5 hours ,Avast blocked 2 threats,so in my case ,MBam doesnt seem to be doing anything

[Asyn]

Update.
I have always the latest 4237 version on MBam.
In the last 5 hours ,Avast blocked 2 threats,so in my case ,MBam doesnt seem to be doing anything

If you're on a 32bit system, run a boot time scan with avast...!
asyn

[powers1]

Ok Thanks again,Asyn ,I will run the 32 bit boot time scan with Avast.

I performed a FULL scan with MbAM and still didnt detect anything.?

One thing I am sure of now is that everytime Avast blocks the newoporto.cn site ,I am not able to download anything files with IE!
Everytime,I have to go to security settings and alter to allow file downloads!I had noticed that I had problems downloading files and I even performed a System Restore but I never associated this with the newoporto threat,now I am sure!
Asynmif you remember the first download link you gave me for MBam download,I said my IE was blocking it,so you gave me another link!But I had already altered the security settings,so the last link you gave me ,I was able to download!

Is this happening to anyone else?

[Asyn]

Ok Thanks again,Asyn ,I will run the 32 bit boot time scan with Avast.

You're welcome..!
Please report back...
asyn

[powers1]

Yesterday.I ran Avast boot time scan on my Vista 32 bit OS...and  3 hours later report shows that I had 3 virus infections and an error.All were successfully moved to CHEST.

The Error was on Mbam set 1.46 file (unknown packer version)
The virus were:
1.WIN32:Malob-BL
2.          Trojan-Gen
3.          Rootkit-Gen

I was surprised that Avast didnt pick them up on a normal scan ...

Also,so far this morning ,no more newoporto threats

[Asyn]

Thanks for the feedback..!
asyn

[powers1]

Latest 29th June.

All day yesterday Avast Network Shield only blocked 1 Newporto.cn threat..,so I was quite happy

However,today ,I am being bombarded again....4 times... ...
Ran Mbam and not catching anything...

Anyone else have any feedback or experience?

Thanks guys

[Asyn]

Well, it seems there is still something wrong on your system..!!
I'll PM essexboy about his thread, he can surely help you to fix this.
asyn

[essexboy]

There does appear to be something amiss

GMER Rootkit Scanner - Download - Homepage

• Download GMER
• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.

• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
  
  Click the image to enlarge it
  

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt" 
  
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select Scan all users
  
• Under the Custom Scan box paste this in

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach all logs please