Help
I received a warning upon connecting to the internet that my computer immediately had blocked a Blackhole Toolkot Website Attack (I'd only automatically connected to yahoo, my homepage, thus far).
I'm scanning with GMER as we speak.
GMER Result:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-05-24 16:25:30
Windows 6.1.7601 Service Pack 1
Running: roxte676.exe
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\CmnClnt\_lck\_LUE_SESSIONG 0 bytes
ETA: It's now happening every single time I log onto my computer - different attacking URLs, same attempted infection, same attacking IP.
From my virus protection:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
5/25/2011 2:19 PM,High,An intrusion attempt by 193.105.154.238 was blocked.,Blocked,No Action Required,Web Attack: Blackhole Toolkit Website,No Action Required,No Action Required,"193.105.154.238, 80", (URL redacted so no one will follow it),"ASHANDSHEILA (10.0.0.2, 49438)",193.105.154.238,"TCP, www-http"
This post has been edited by MML: 25 May 2011 - 01:34 PM
Back to top
