Author Topic: Outbound Queries to Malicious sites after 7 antimalware scans?  (Read 1927 times)

0 Members and 1 Guest are viewing this topic.

Offline Cr8Znbnny

  • Newbie
  • *
  • Posts: 5
Outbound Queries to Malicious sites after 7 antimalware scans?
« on: October 09, 2009, 07:36:54 PM »
When I turn on my computer I unplug my AT&T 2wire gateway from the internet and LAN connection.I have the gateway configured to block many inbound stuff and pass shields up! tests; but When I look at the Avast! network shield module I see it scans wierd ip address that change. dns://10.235.55.74.in-addr.arpa, 74.55.235.10.in-addr.arpa, 209.62.112.100.in-addr.arpa ,100.112.62.209.in-addr.arpa.

I dont seem to see any malicious processes running, I don't have rootkit either... can anyone tell me what is this? Avast! network shield module scans these addresses, I am not sure why something is quering so many ever changing addresses. I have scanned with Malware bytes Anti Malware, Super AntiSpyware, Ad-Aware, Spybot S&D, Avast! Home, GMER, Kaspersky Online, Panda online, McAfee, Symantec online, Eset, but one day avast! memory resident module found a file that I had an explorer
window open on to the root directory where the thumb drive was installed and saw a folder named Found.000 with a whole mess of .chk files, but cound not see any program there, as all I used the thumb drive for was for podcasts but right in front of my eyes I see a weird program named qcwpung.exe and another one with a .com extension that I manualy deleted. Avast! flagged qcwpung.exe as Win32:Agent-SIM [Trj].I searched the internet for information on this but can not find any files that other AV companies say this malware installs. HELP!?!

Offline Cr8Znbnny

  • Newbie
  • *
  • Posts: 5
Re: Outbound Queries to Malicious sites after 7 antimalware scans?
« Reply #1 on: October 09, 2009, 08:00:37 PM »
Are these dns things coming from the ISP... I apoligize, maybe it is only when the gateway is connected to LAN and internet link is when it happens.I see Avast! network shield usually reads xxx.xxx.xxx.xxx.in-addr.arpa am I on some network on the ISP or something? I have AT&T dsl and old 2wire gateway.

Offline Cr8Znbnny

  • Newbie
  • *
  • Posts: 5
7 different online antimalwares scans and ?
« Reply #2 on: April 10, 2012, 01:47:52 AM »
Who knows maybe this was a pentest some viruses are packed then further obfuscated by changine the PE header info.Furthermore viruses can mutate or be encrypted.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32159
  • malware fighter
Re: Outbound Queries to Malicious sites after 7 antimalware scans?
« Reply #3 on: April 10, 2012, 01:57:02 AM »
Those addresses are not weird, one is a private address (so the "postman knows where to  go"), the others are avast addresses. so these are connections your computer make, nothing to worry about,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!