Author Topic: 199.80.55.19 (Read 6689 times)

baz_201 · « **on:** February 24, 2011, 06:52:35 PM »

I keep getting a message saying Avast has blocked a malicious site in my svchost file but when I run a scan and also run my Malware program (Malawarebytes) it isn;t bieng picked up though I am sure there is something sat in there hiding
any ideas how to remove it?
thanks
Mike

Pondus · « **Reply #1 on:** February 24, 2011, 06:56:31 PM »

can you post a screen shot of the avast pop-up..
you may right click the avast ball and "show last pop-up"....

Eddy · « **Reply #2 on:** February 24, 2011, 07:02:00 PM »

It is a website that has been blocked.
If it says that it is in your svchost file, it is incorrect.
svchost is generic host process used to run dll's.
Are you sure it didn't say host file?

If avast says a site is blocked, it means you can't visited it.
That also means no temporary file(s) from that site are on your system.
Which means, there is nothing to remove.

baz_201 · « **Reply #3 on:** February 24, 2011, 07:09:36 PM »

it wont copy but it says
199/80.55.19/go.php?uid=40282&suid=u6t0y&date=8rmeNSnFroTK(
Infection: URL:Mal
Action: Blocked
Process: c:\WINDOWS\System32\svchost.exe

baz_201 · « **Reply #4 on:** February 24, 2011, 07:10:47 PM »

but I keep getting this error message every half hour or so and can't find a way to remove what is causing it
there is definitely something trying to access this website

essexboy · « **Reply #5 on:** February 24, 2011, 07:25:48 PM »

Hi there this sounds like a proxy problem

First

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer

And for Firefox there are instructions on this page and you want the setting to be no proxy

Then

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs

polonus · « **Reply #6 on:** February 24, 2011, 09:19:20 PM »

Description of the malware here: http://www.threatexpert.com/report.aspx?md5=203add17ccb6f3ecfd5e6c33a64e55af

polonus

BoggyD · « **Reply #7 on:** March 07, 2011, 09:52:53 PM »

Polonus-

Thanks for the link. That is perhaps the most detailed report of this malware I have seen yet. It also has some very similar characteristics to what I have been experiencing. Where do you find a fix? Do you agree with the solution posted by essexboy below?

essexboy · « **Reply #8 on:** March 07, 2011, 10:05:55 PM »

There are probably the jobs still to remove - unless you have removed them yourself

Parad_the_Dead · « **Reply #9 on:** March 10, 2011, 03:39:11 AM »

I often get the same notification and was wondering if the solution posted by essexboy would be the best way to go about it...

essexboy · « **Reply #10 on:** March 10, 2011, 12:39:53 PM »

It is always worth doing a check as automated removal tools may not get it all

Author Topic: 199.80.55.19 (Read 6689 times)

baz_201

199.80.55.19

Pondus

Re: 199.80.55.19

Eddy

Re: 199.80.55.19

baz_201

Re: 199.80.55.19

baz_201

Re: 199.80.55.19

essexboy

Re: 199.80.55.19

polonus

Re: 199.80.55.19

BoggyD

Re: 199.80.55.19

essexboy

Re: 199.80.55.19

Parad_the_Dead

Re: 199.80.55.19

essexboy

Re: 199.80.55.19