Windows XP, service pack 3
Norton internet security 2010 version 18.104.22.168
Internet explorer 8
So far, All I have done is updated Norton through Liveupdate, and run a full system scan, where all it seemingly finds is tracking cookies (no big deal, I think). I have done this twice, and after both, the same problem is there. I'll post what Norton says below, but the interesting thing (to me, at least) is that Norton is saying the attempt is blocked, and that no action is required, as well that severity is high; other than that;
"An intrustion attempt by m01n83kjf7.com was blocked"
Risk name ; HTTP Tidserv Request
Attacking computer; m01n83kjf7.com (22.214.171.124, 80)
Attacker URL; 7gafd33ja90a.com/ [insert incredibly long string - will post on request]
Destination address; [our IP]
Source adress; 126.96.36.199 (188.8.131.52)
traffic description; TCP www-http
This one states the attack originated from;
\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Getting a similar message from Norton, albeit without the "attacker url", but this time it's from 01n02n4cx00.cc (184.108.40.206, 443)...also it states it's a HTTP Tidserv request 2. The attack originated from;
I would really appreciate some guidance, and thanks ahead of time!
~also, if any other information is needed, i'll post whatever is necessary (maybe I should screen-shot the errors?), thanks in advance!
EDIT; the block does not come up when doing a image search. However, doing a shopping search does trigger it, from a different place;
19js810300z.com (220.127.116.11, 443). It too, comes from \WINDOWS\SYSTEM32\SVCHOST.EXE
Another edit; another block came up, this time not from google, though. Like the last new one, from svchost.exe, but differently, from lj1i16b0.com (18.104.22.168, 443)
wunnerful, wunnerful, another one; n16fa53.com (22.214.171.124, 443) - this one is also in SVCHOST.EXE.
, looked into the IP address, apparently at least one of these is from some place in Bangkok, Thailand...sigh...
And again- sorry for the amount of updates, but man... this is; 19js810300z.com (126.96.36.199, 443), this is from WINDOWS\SYSTEM32\SVCHOST.EXE.
Norton says these are blocked- how would one make sure?
and again, also saying; zz87jhfda88.com, again, at SVCHOST.EXE. Checked online (through a searcher), and it too is a known malware site.
Would malwarebytes be a next step?...hate to add more than one question per post, but before trying a clean, would backing up be advisable, and if so, how would you get only safe files?. Used to think I knew something about computers (ha)...
Edited by 331/3, 24 May 2010 - 10:09 AM.