Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexpolorer and blocking connection to 88.80.7.152


  • Please log in to reply
No replies to this topic

#1 ljmc

ljmc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 15 July 2010 - 10:40 AM

This is frustrating me to no end. My antivirus program gives me that two threats are detected every 1 hour and ten minutes exactly for the past two days, first attempted connection was on 7/13 at 8 pm, and has been attempting to connect. It tells me it is coming from iexplorer, but I do not use IE and do not have it running, Chrome or FF is used. The computer has been running exceptionally slow, for a few days now also.

What I have done so far:
Scanned 5 times with Avast
Multiple runs of CCleaner
Abexo Registry Repair - in attempt to find why slowing down
Smart Defrag - also attempts to find slow down issues
Ran 1 time with Windows Live OnCare Scanner - found nothing
Norman Malware Scanner - This states it found 8 files but only deleted 7, log will be below.
The files Norman removed did not stop the problem, and plan on running Norman again.

I am pretty sure this has to be something in the processes running that is triggering it, I have stopped any processes running that are iexplorer. The link it is blocking is: 88.80.7.152/photo/oood.php?ddd=565<7304x644503x4x4x,5=6x556x

As I said this happens like clockwork at 1 hr 10 min. Next attempted connection should be at 11 am about 20 minutes from posting. I do have multiple hard drives on computer, but only primarily use the C drive, my second drive was named to F. I am unsure of what this actually is, and just really want to remove whatever is triggering it.

Norman Log:
Norman Malware Cleaner
Version 1.6.2
Copyright © 1990 - 2009, Norman ASA. Built 2010/07/13 19:14:28

Norman Scanner Engine Version: 6.05.06
Nvcbin.def Version: 6.05.00, Date: 2010/07/13 19:14:28, Variants: 6308390

Scan started: 14/07/2010 22:30:46

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user: HOME-2B5FECAAD5\Lois

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "" -> ""
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoChangeStartMenu = 0x00000000

Scanning bootsectors...

Number of sectors found: 0
Number of sectors scanned: 0
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 31ms


Scanning running processes and process memory...

Number of processes/threads found: 4715
Number of processes/threads scanned: 4715
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 3m 20s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Documents and Settings\Lois\Local Settings\Temporary Internet Files\Content.IE5\8UW1J1YX\p_1732988958=8[1].txt (Error opening file: Access denied)

C:\Documents and Settings\Lois\Local Settings\Temporary Internet Files\Content.IE5\8UW1J1YX\p_1732988958=8[2].txt (Error opening file: Access denied)

C:\Documents and Settings\Lois\My Documents\LimeWire\Saved\09 Emre Aydin - Son Defa.mp3 (Error opening file: Not found)

C:\Documents and Settings\Lois\My Documents\My Received Files\sevda çiçegi.mp3 (Error opening file: Not found)

C:\Program Files\IObit\IObit SmartDefrag\language\Lietuviu.lng (Error opening file: Not found)

C:\Program Files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll (Infected with W32/180Solutions.AGI)
Deleted file

C:\System Volume Information\_restore{C708587F-07B4-47E7-8BB7-79FA27204BB3}\RP732\A0117167.dll (Infected with W32/180Solutions.AGI)
Deleted file

C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Infected with W32/DLoader.BUQ)
Failed to remove registry key (0x00000005): HKCR\CLSID\ -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Failed to remove registry key (0x00000005): HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Deleted file

Scanning: F:\*.*

F:\WINDOWS\Temporary Internet Files\Content.IE5\HAFLR2O9\WONWebLauncherControl[1].cab/WONWebLauncherControl.ocx (Infected with Suspicious_Gen3.CDFM)

F:\WINDOWS\Temporary Internet Files\Content.IE5\HAFLR2O9\WONWebLauncherControl[1].cab (Empty archive after cleaning)
Deleted file

F:\WINDOWS\Vbox\Common\vboxc430en-us.vboxlm (Infected with W32/Smalltroj.dam)
Deleted file

F:\Program Files\CommonName\Toolbar\BabeIE.dll (Infected with W32/CommonName.CM)
Deleted file

F:\System Volume Information\_restore{C708587F-07B4-47E7-8BB7-79FA27204BB3}\RP732\A0117176.dll (Infected with W32/CommonName.CM)
Deleted file

Scanning: C:\System Volume Information\*.*

Scanning: postscan


Running post-scan cleanup routine:
Failed to locate shared service executable: C:\WINDOWS\System32\appmgmts.dll
Removed service: AppMgmt

Number of files found: 576060
Number of archives unpacked: 4742
Number of files scanned: 576046
Number of files not scanned: 14
Number of files skipped due to exclude list: 0
Number of infected files found: 8
Number of infected files repaired/deleted: 7
Number of infections removed: 7
Total scanning time: 3h 14m 49s

Edited by ljmc, 15 July 2010 - 10:47 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users