Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected NOD32 Constant blocked address popups


  • Please log in to reply
2 replies to this topic

#1 Jish

Jish

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 08 February 2011 - 05:21 AM

Hello,
All of the sudden my ESET NOD32 is going nuts with these popups apparently blocking some virus or rootkit from phoning home. I ran a full scan with Nod32 and didnt find anything. Right before the popups started Nod32 quarantined a program locaed at \Temp\kZ2wu2QP.sys. Since then the constant popups from eset are blocking the following two things

Address has been blocked
URL address:
77.79.9.191/service/scripts/files/aff_50006.dll
IP address
77.79.9.191:80

URL address
75.143.193.138/xxxx_4/emxkcjEwMDB8NTAwMDZ8MnwxMTY2MjE3MzY3
IP address
67.192.232.82:80


Every few seconds these popup with the first one being the most common. What is going on here? How can I rid my system of this? Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 ATGUNWAT

ATGUNWAT

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:09 AM

Posted 08 February 2011 - 11:10 AM

This is an unofficial response and the advice given is mine, not that of bleepingcomputer.com or it's representatives...

Did you recently install "Fraps.exe"?

Search your computer for "aff_50006.dll" (or "*_50006.dll") and upload it (if found) to "www.virustotal.com" and be sure to choose "reanalyze" when prompted, not view last report.

You should always get a second opinion on any malware alert.
Nod32/eset is a very good product, but I would recommend scanning with another (any other) product too.
Try SuperAntiSpyware or Malwarebytes Anti-Malware, or better yet, BOTH.
(you may need to adjust the default scan settings in SuperAntiSpyware, to get a thorough scan)

If 2 out of 3 products (or 3/3) tell you, you are infected... You are probably infected.

Once you have corroborating evidence for an infection, further steps will become clearer.

Just my personal opinion

ATGUNWAT B)

Edited by ATGUNWAT, 08 February 2011 - 12:52 PM.


#3 Jish

Jish
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 08 February 2011 - 05:35 PM

I havent heard of Fraps.exe and a search of my system didnt turn anything up. Nod32 didnt find anything either in a scan. I also did a search for the aff_50006.dll file and also turned up nothing. I will try running those other scans now and see what happens.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users