Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My antivirus keeps blocking access to sites I never try to visit. Including j00k877x.cc


  • Please log in to reply
6 replies to this topic

#1 Zgrund

Zgrund

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 08 June 2010 - 11:12 PM

Hello dear bleepingcomputer helpers. I registered here because you might be my last hope of ridding my computer from some nasty malware that has plagued me since a couple of hours ago. I'll try and explain the situation as detailed as I can.

In what it seems to be random time intervals I get several messages from my NOD32 antivirus, that it has blocked access to a site. This happens whenever my Opera browser is running, which is almost all of the time, since I use it to get all my RSS Feeds.

I noted down some of the addresses:
j00k877x.cc/... , n1mo661s6cx0.com/... and 30xc1cjh91.com/...

I ran an operating memory scan with NOD but nothing was detected. I googled around and read that I might be infected with a rootkit. Is this true? And if so... Help... Please?

Regards,

Zgrund.

P.S.: I noticed that this ALWAYS happens when I do a google search from the browser search engine. Additionally, although the page has obviously finished loading Opera displays the current status as: "Sending request to clients1.google.com..." or simply to www.google.com...

Edited by Zgrund, 08 June 2010 - 11:32 PM.


BC AdBot (Login to Remove)

 


#2 Zgrund

Zgrund
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 09 June 2010 - 12:12 PM

Bump for getting desperate.... Sorry to bother.

Meanwhile I ran an In Depth Scan of my whole computer with nod and spybot S&D. Both didn't find anything.

#3 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:12:55 AM

Posted 09 June 2010 - 03:13 PM

Please download Malwarebytes from Here or Here
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the log please

#4 Zgrund

Zgrund
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 09 June 2010 - 10:18 PM

Hello trollocks and thank you for the assistance. Here is the scan log from MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4183

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

10/06/10 5:10:15 AM
mbam-log-2010-06-10 (19-24-15).txt

Scan type: Quick scan
Objects scanned: 140684
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


However after removing all found infections, my situation has actually worsened. I still get the constant warnings from NOD but worse still, now every time they pop up, my browser stops responding (IE) or downright closes (opera). I am now using my laptop to post this, since browsing is almost impossible on the infected machine.

Hopefully this will get better with the next steps.

Regards and again thanks for being the first to answer,

Zgrund.

#5 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:12:55 AM

Posted 10 June 2010 - 04:43 AM

Follow these instructions and run TDSSKiller
http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

#6 Zgrund

Zgrund
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 10 June 2010 - 07:45 AM

And the patient is cured! :thumbsup:

Or so it seems at least. Let's hope it lasts.

Any ideas how i got infected and how to avoid getting infected again in the future? I thought I was pretty safe with nod and Spybot S&D but I guess not.

In any case... Thanks, trollocks! :flowers:

Edited by Zgrund, 10 June 2010 - 07:46 AM.


#7 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:12:55 AM

Posted 10 June 2010 - 10:38 AM

Any ideas how i got infected and how to avoid getting infected again in the future?

Difficult for me to say how you got infected,usually it is through the use of p2p software or opening dodgy attachments.
Anyway glad it seems fixed now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users