Crazy things happening with me

[Sartigan]

Hi everybody, I'm getting scared from these things:
FireFox blocks redirections on the following sites:

chiponline [dot] hu
pcguru [dot] hu
faviccek [dot] hu
brusheezy [dot] com

NoScript whitelist contained unknown sites and 1 malware site (rated by wot)
One of them is orbitcycle [ dot ] com - the malicious

I ran MBAM and Avast!, both says CLEAN.
Everything started when I visited msn.com - I randomly clicked on "The MSN's Homepage" when it's menu didn't appeared.
I PM-ed essexboy about this.

Please help me 

[Asyn]

I PM-ed essexboy about this.
Please help me 

As you already contacted essexboy, there's not much left to do...!!
asyn

[Asyn]

Nevertheless...

Report    2010-06-26 20:25:47 (GMT 1)
Website    chiponline.hu
Domain Hash    6ecbc443b47b13f1c73c082ead664aa1
IP Address    193.28.86.140 [SCAN]
IP Hostname    3.bleed.hu
IP Country    HU (Hungary)
AS Number    47381
AS Name    EASYGO-AS EasyGO Kft.
Detections    0 / 19 (0 %)
Status    CLEAN


Report    2010-06-26 20:27:48 (GMT 1)
Website    pcguru.hu
Domain Hash    45929b188d96310c907a9a292cd0baaf
IP Address    193.28.86.140 [SCAN]
IP Hostname    3.bleed.hu
IP Country    HU (Hungary)
AS Number    47381
AS Name    EASYGO-AS EasyGO Kft.
Detections    2 / 19 (11 %)
Status    SUSPICIOUS
      
Scanning site with:    AMaDa    CLEAN
Scanning site with:    BrowserDefender    CLEAN
Scanning site with:    Finjan    DETECTED
Scanning site with:    Google Diagnostic    CLEAN
Scanning site with:    hpHosts    CLEAN
Scanning site with:    Malware Patrol    CLEAN
Scanning site with:    MalwareDomainList    CLEAN
Scanning site with:    McAfee SiteAdvisor    CLEAN
Scanning site with:    McAfee TrustedSource    CLEAN
Scanning site with:    MyWOT    CLEAN
Scanning site with:    Norton SafeWeb    SUSPICIOUS
Scanning site with:    ParetoLogic URL Clearing House    CLEAN
Scanning site with:    PhishTank    CLEAN
Scanning site with:    SURBL    CLEAN
Scanning site with:    Threat Log    CLEAN
Scanning site with:    TrendMicro Web Reputation    CLEAN
Scanning site with:    URIBL    CLEAN
Scanning site with:    Web Security Guard    CLEAN
Scanning site with:    ZeuS Tracker    CLEAN


Report    2010-06-26 20:29:13 (GMT 1)
Website    faviccek.hu
Domain Hash    627053620bdbbf28ab97b4a92a6fd0c8
IP Address    85.25.77.86 [SCAN]
IP Hostname    server3-customer.iworx-host.com
IP Country    DE (Germany)
AS Number    8972
AS Name    PLUSSERVER-AS PlusServer AG, Germany
Detections    0 / 19 (0 %)
Status    CLEAN


Report    2010-06-26 20:30:41 (GMT 1)
Website    brusheezy.com
Domain Hash    c9afdeeddab08edf01996aaae099a1c0
IP Address    174.36.237.116 [SCAN]
IP Hostname    dale.eezyinc.com
IP Country    US (United States)
AS Number    36351
AS Name    SOFTLAYER - SoftLayer Technologies Inc.
Detections    0 / 19 (0 %)
Status    CLEAN


Report    2010-06-26 20:32:12 (GMT 1)
Website    orbitcycle.com
Domain Hash    6449e67a3e4aff54d797b807c405e3ea
IP Address    216.234.246.157 [SCAN]
IP Hostname    9d.f6.ead8.static.theplanet.com
IP Country    US (United States)
AS Number    21844
AS Name    THEPLANET-AS - ThePlanet.com Internet Service...
Detections    3 / 19 (16 %)
Status    DANGEROUS
      
Scanning site with:    AMaDa    CLEAN
Scanning site with:    BrowserDefender    UNRATED
Scanning site with:    Finjan    CLEAN
Scanning site with:    Google Diagnostic    CLEAN
Scanning site with:    hpHosts    DETECTED
Scanning site with:    Malware Patrol    CLEAN
Scanning site with:    MalwareDomainList    CLEAN
Scanning site with:    McAfee SiteAdvisor    CLEAN
Scanning site with:    McAfee TrustedSource    CLEAN
Scanning site with:    MyWOT    DETECTED
Scanning site with:    Norton SafeWeb    UNRATED
Scanning site with:    ParetoLogic URL Clearing House    CLEAN
Scanning site with:    PhishTank    CLEAN
Scanning site with:    SURBL    CLEAN
Scanning site with:    Threat Log    CLEAN
Scanning site with:    TrendMicro Web Reputation    CLEAN
Scanning site with:    URIBL    CLEAN
Scanning site with:    Web Security Guard    DETECTED
Scanning site with:    ZeuS Tracker    CLEAN

[Sartigan]

Avast! Network shield also scans the following: twitter.com/steive23isking
A hour ago, avast! checked a rapidshare connection with a stupid and long filename ended with rar.htm

I hope I get answer for my problems

[Asyn]

I hope I get answer for my problems

Be patient..!
essexboy will drop in, sooner or later...
asyn

[essexboy]

PM sent didn't realise you started a thread

Post the details here please 

[polonus]

Hi Sartigan,

Could go there, faviccek.hu, with flock browser with NS and RP activated, no flag whatsoever. Scan reports clean.
See attached gif. So I think our qualified eliminator essexboy should come into action once again,

polonus

[Sartigan]

As you said essexboy, I did the scan with combofix

Here is the log

[essexboy]

Nothing apparent there - what are the exact problems you are experiencing

[polonus]

Hi essexboy,

Did he try to ping the various sites' IPs from the command prompt, and what were the results, did he try to check to see if the sites were only off-limit to him, was the IP-range from his provider being blocked higher upstream because someone in that range did something "devious", questions, questions,

polonus

[Sartigan]

Now let's try one - does it tries to redirect?

Faviccek.hu = DOESN'T TRIES REDIRECT

I saw combofix deleted something ending with PE.tmp

Ok let's try another - chiponline.hu.......
Tries to redirect

Brusheezy: No redirect

PCGuru and Chiponline are big partners

I haven't got any other problems

[essexboy]

And this only happens in Firefox ?

[Sartigan]

I will try it with IE, but I don't trust it
I didn't started Internet Explorer since a year. I don't have any ad / script blocking addons for Internet Explorer, that's why I don't use it

[essexboy]

If you have IE8 that is quite secure - leastwise I do not use anything else apart from Simple Adblock

[polonus]

Hi Sartigan,

You could also make a new profile with Fx, re: http://kb.mozillazine.org/Creating_a_new_Firefox_profile_on_Windows

polonus