Author Topic: Regarding blocking connection  (Read 5390 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Regarding blocking connection
« Reply #15 on: June 24, 2012, 05:19:47 PM »
I am wondering whether it was a False positive that has now been corrected...  Could you monitor for a little longer ?

Max Bhatia

  • Guest
Re: Regarding blocking connection
« Reply #16 on: June 24, 2012, 06:20:31 PM »
Well........i was wrong................ >:(
This problem still exists.........It was only a matter of time that it didn't pop-up.............but i am getting the same problem now again and again........
Please provide a solution.......... :(

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Regarding blocking connection
« Reply #17 on: June 24, 2012, 08:20:55 PM »
Hmm this is one little blighter ...  Does it occur with all browsers ?

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    Do you want to skip supplementary searches?
    click NO
    [/list]
    • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
    • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
    • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
    *NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

    Max Bhatia

    • Guest
    Re: Regarding blocking connection
    « Reply #18 on: June 25, 2012, 08:07:49 PM »
    Here is the attached log file of silent-runner which u asked me to run.............the file contents are way too long i am attaching the file rather than pasting its contents here........
    The only thing i notice now is that..........the frequency of popping-up of "blocking malicious url connection" has considerably decreased now.........
    I also tried to trace the IP where connection is being made (as Avast pop-up shows while blocking).......and it came out to be somewhere in US.........

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: Regarding blocking connection
    « Reply #19 on: June 25, 2012, 08:59:49 PM »
    Yes I backtracked it to the east coast...  Bear with me here I am trying a few different solutions in other threads

    Max Bhatia

    • Guest
    Re: Regarding blocking connection
    « Reply #20 on: June 30, 2012, 08:39:45 AM »
    Has anyone got a solution with the problem (Malicious URL connection) i posted weeks ago.........?????

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: Regarding blocking connection
    « Reply #21 on: June 30, 2012, 12:08:56 PM »
    Ooops sorry I lost you.. I may have a possible solution


    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
    Code: [Select]
    :regfind
    wpad.net.ms
    wpad.dat
    85.214.17.43
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Max Bhatia

    • Guest
    Re: Regarding blocking connection
    « Reply #22 on: June 30, 2012, 04:27:39 PM »
    Here is the log which u asked for..............

    SystemLook 30.07.11 by jpshortstuff
    Log created at 19:51 on 30/06/2012 by hp
    Administrator - Elevation successful
    WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

    ========== regfind ==========

    Searching for "wpad.net.ms"
    No data found.

    Searching for "wpad.dat"
    No data found.

    Searching for "85.214.17.43"
    No data found.

    -= EOF =-


    I don't think it found anything...........i also tried the same thing by replacing the IP address with the one that is popped by Avast.....but the same result appeared. I don't understand that if Avast is detecting Malicious Url Connection, then why doesn't it provide the solution for it......??

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: Regarding blocking connection
    « Reply #23 on: June 30, 2012, 04:34:15 PM »
    This is a new element that has only just surfaced, and to date only Avast is detecting the connection attempt.  What I need to do is determine what file/registry entry is starting the connection

    Could you re-run Combofix please and allow it to update then post the resultant log


    Max Bhatia

    • Guest
    Re: Regarding blocking connection
    « Reply #24 on: July 03, 2012, 02:59:11 PM »
    Here is the attached log of combofix you asked to post again.......I re-run it and attached the file........
    I don't think anyone would be able to track this........as i guess all your ammunition used didn't work at all.......  :(

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: Regarding blocking connection
    « Reply #25 on: July 03, 2012, 03:41:28 PM »
    Have just had some success with the other three


    Go start > all programs > accessories
    Right click the command prompt and select run as administrator
    enter the following two commands pressing enter between each

    ipconfig /release
    ipconfig /renew