Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website times out


  • Please log in to reply
2 replies to this topic

#1 Ali45

Ali45

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 28 September 2010 - 08:53 AM

Hi, I have no idea what is happening, but I am hoping that someone can point me in the right direction.

I have a website which was hacked about 2 weeks ago (in fact the whole server was compromised) and ever since then, I am unable to access any of the websites hosted with that web host. In FF it shows as a website time out and in IE as a DNS server not found. This would not be quite so much of a problem if it was just a normal website, but I have a shop running at the site.

I have run both AVG free and Malwarebytes software. AVG is finding infections, but Malwarebytes did not find any.

My laptop is running Windows 7 (32bit) and I connect to the internet via a wireless connection through an Asus RT-N16 Router and the connection has been rather flaky recently (although apparently this is due to the lastest release firmware which I installed and now need to downgrade from). I also have another notebook running windows XP

I was initially wondering if this was a problem with my ISP or my ip address, however I have a mobile broadband usb key from a different isp and I have just tried to access the same sites on that - initially it showed the sites and I was able to log in, however as I tried to move to my cpanel, the timeout error occurred again and now I can no longer access the sites. I am able to access all other sites.

I would really appreciate your assistance.

Cheers
Ali

BC AdBot (Login to Remove)

 


#2 Ali45

Ali45
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 03 October 2010 - 12:15 AM

Hi, I just wanted to update the details of what I have done and post results.

I have run MBAM on a few occasions and had no threats found.

I then ran SAS a number of times and here are the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/01/2010 at 00:44 AM

Application Version : 4.43.1000

Core Rules Database Version : 5609
Trace Rules Database Version: 3421

Scan type : Complete Scan
Total Scan Time : 00:13:44

Memory items scanned : 376
Memory threats detected : 0
Registry items scanned : 9605
Registry threats detected : 0
File items scanned : 21686
File threats detected : 70

Adware.Tracking Cookie
C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Cookies\Low\alina@bs.serving-sys[1].txt
C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Cookies\Low\alina@statse.webtrendslive[1].txt
C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Cookies\Low\alina@tribalfusion[2].txt
C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Cookies\Low\alina@doubleclick[1].txt
C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Cookies\Low\alina@imrworldwide[2].txt
C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Cookies\Low\alina@serving-sys[1].txt
C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Cookies\Low\alina@atdmt[2].txt
C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Cookies\Low\alina@msnportal.112.2o7[1].txt
.doubleclick.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
media.sensis.com.au [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
media.sensis.com.au [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
media.sensis.com.au [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
media.sensis.com.au [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.traffictravis.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.traffictravis.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.kontera.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.xiti.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.kontera.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.kontera.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.xpmediacentre.com.au [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.xpmediacentre.com.au [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.microsoftwindows.112.2o7.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.microsoftwga.112.2o7.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
bottomupstats.com.au [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.interclick.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.interclick.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.kontera.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.cba.122.2o7.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.revsci.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.revsci.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.revsci.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.revsci.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
counter.hitslink.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.allstreamingmedia.disqus.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.allstreamingmedia.disqus.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.clickbank.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.kaspersky.122.2o7.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.chitika.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]

then

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/01/2010 at 01:39 AM

Application Version : 4.43.1000

Core Rules Database Version : 5506
Trace Rules Database Version: 3421

Scan type : Complete Scan
Total Scan Time : 00:48:00

Memory items scanned : 412
Memory threats detected : 0
Registry items scanned : 8773
Registry threats detected : 0
File items scanned : 115348
File threats detected : 1

Trojan.Agent/Gen-FakeAlert[Local]
C:\USERS\ALINA\APPDATA\LOCAL\TEMP\TEMP1_GRAPHICSWIZARD_COOLTOOL_RR.ZIP\GRAPHICSWIZARD_COOLTOOL\GRAPHICSWIZARD_COOLTOOL.EXE

then

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/01/2010 at 11:05 AM

Application Version : 4.43.1000

Core Rules Database Version : 5506
Trace Rules Database Version: 3421

Scan type : Complete Scan
Total Scan Time : 00:54:07

Memory items scanned : 445
Memory threats detected : 0
Registry items scanned : 8744
Registry threats detected : 0
File items scanned : 112696
File threats detected : 1

Adware.Tracking Cookie
.ehg-eset.hitbox.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]

then

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/02/2010 at 03:36 PM

Application Version : 4.43.1000

Core Rules Database Version : 5618
Trace Rules Database Version: 3430

Scan type : Complete Scan
Total Scan Time : 00:41:53

Memory items scanned : 383
Memory threats detected : 0
Registry items scanned : 8776
Registry threats detected : 0
File items scanned : 115696
File threats detected : 13

Adware.Tracking Cookie
.collective-media.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\0miw1rqg.default\cookies.sqlite ]

then

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/02/2010 at 05:41 PM

Application Version : 4.43.1000

Core Rules Database Version : 5618
Trace Rules Database Version: 3430

Scan type : Complete Scan
Total Scan Time : 01:33:51

Memory items scanned : 387
Memory threats detected : 0
Registry items scanned : 8776
Registry threats detected : 0
File items scanned : 96723
File threats detected : 41

Adware.Vundo/Variant-X32[Header]
F:\OLD C DRIVE CONTENTS\PENSOFT\FCODE32.DLL
F:\OLD C DRIVE CONTENTS\PENSOFT\FWHOOK32.DLL
F:\OLD C DRIVE CONTENTS\PENSOFT\FWTOOL32.DLL

Adware.Tracking Cookie
acvs.mediaonenetwork.net [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
cdn.insights.gravity.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
cdn4.specificclick.net [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
cdn5.specificclick.net [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
content.oddcast.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
l.content.oddcast.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
media.mtvnservices.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
media.strategicprofits.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
media1.break.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
s0.2mdn.net [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
squeezepagetrafficsecrets.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
track.cirtex.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
trafficultimatum.s3.amazonaws.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
www.eztrafficmastery.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
www.toptrafficmyths.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
www.trafficvoodoo.com [ F:\backup 20100907\alirei\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CFH2PY7S ]
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@2o7[2].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@a1.interclick[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@atdmt[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@doubleclick[2].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@imagexmedia[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@in.getclicky[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@interclick[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@media6degrees[2].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@msnportal.112.2o7[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@perf.overture[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@revsci[2].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@socialmedia[2].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@specificclick[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@statcounter[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\alirei@toptrafficmyths[2].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\Low\alirei@3mobile.112.2o7[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\Low\alirei@atdmt[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\Low\alirei@doubleclick[2].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\Low\alirei@imrworldwide[2].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\Low\alirei@microsoftwga.112.2o7[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\Low\alirei@microsoftwindows.112.2o7[1].txt
F:\backup 20100907\alirei\AppData\Roaming\Microsoft\Windows\Cookies\Low\alirei@statse.webtrendslive[1].txt


I hope someone can point me in the right direction as to how to get rid of these completely.

I think I have 2 laptops both infected. These are the logs from the one running windows 7. The other laptop is running Windows XP, but I am finding out the administrator password so that I can run the checkers as the administrator. The laptops were linked via an external usb drive connected to the wireless router. There were viruses found on this drive also.

Thanks
Alina

#3 Ali45

Ali45
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 08 October 2010 - 04:44 AM

Hi,
I have had these problems fixed. The tech used smitfraud fix and spybot to clean my laptops up.

Cheers
Ali




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users