Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I was attacked again!


  • Please log in to reply
1 reply to this topic

#1 Mighttuss

Mighttuss

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BEREA KY
  • Local time:06:51 AM

Posted 13 April 2011 - 12:59 PM

At 12:48 Am April 13,2011

I was attacked by a Trojan virus. At the time this virus attacked me I was not on the computer. I was down in my kitchen getting something to eat. I came back and notice McAfee said a virus scan had 1 virus. I looked and it was in Quarantined. I then email windstream twice. Tried to get McAfee some how threw support, witch took me to Avert® Labs

Once I got to Avert® Labs I found the quarantined Folder and sent them the file the virus was in. I then took McAfee software were you see logs of incoming and outgoing of events, and found found the IP address numbers close to were the attack came from. Their was 3 of them IP Address number close to the attack time.

161.69.13.33 as well this name with that address data hacker watch .org

I did a whois search of this address it went to McAfee. The whois search on the other two I was shocked. It went to Microsoft!This as well is how I got all of Microsoft email address.This is not the first time I seen this virus. It took my pc off line about a week ago.So could someone please tell me what the hell is going on here?

whois report!

65.55.53.190

65.55.53.190

Querying whois.arin.net]
[whois.arin.net]
#
# Query terms are ambiguous. The query is assumed to be:
# "n 65.55.53.190"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=65.55.53.190?showDetails=true&showARIN=false
#

NetRange: 65.52.0.0 - 65.55.255.255
CIDR: 65.52.0.0/14
OriginAS:
NetName: MICROSOFT-1BLK
NetHandle: NET-65-52-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Assignment
RegDate: 2001-02-14
Updated: 2004-12-09
Ref: http://whois.arin.net/rest/net/NET-65-52-0-0-1


OrgName: Microsoft Corp
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2009-11-10
Ref: http://whois.arin.net/rest/org/MSFT

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@msn.com
OrgAbuseRef: http://whois.arin.net/rest/poc/MSNAB-ARIN

OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: noc@microsoft.com
OrgNOCRef: http://whois.arin.net/rest/poc/ZM23-ARIN

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@hotmail.com
OrgAbuseRef: http://whois.arin.net/rest/poc/HOTMA-ARIN

OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com
OrgTechRef: http://whois.arin.net/rest/poc/MSFTP-ARIN

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@msn.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE231-ARIN

RTechHandle: ZM23-ARIN
RTechName: Microsoft Corporation
RTechPhone: +1-425-882-8080
RTechEmail: noc@microsoft.com
RTechRef: http://whois.arin.net/rest/poc/ZM23-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html



Been attacked again by another Virus, McAfee has it in Quarantined. I was not at the computer at the time of the Attack.All I no about the virus is what McAfee is telling me! Will be waiting for your reply on this matter and how to take care of this Virus! Cause I am just about sure if I shut down, game over!

Date 4/13/2011 Time of Attack was 12:48 am

Exploit-CVE2010-0840 Trojan, Exploit-CVE2010-0840 Trojan, Exploit-CVE2010-0840 Trojan, Exploit-CVE2010-0840 Trojan, Exploit-CVE2010-0840 Trojan, Exploit-CVE2010-0840 Trojan, Exploit-CVE2010-0840

 

Proff I have a virus!!!!!



AS I said I have been attacked by virus,I have been trying to get a
hold of someone at Windstream and McAfee.This Virus was not download
in any way!Was not open from any emails.The question is then how was I
infected?
Mcafee site took me to Avert Labs, you should see the report!
Still waiting for help here!

Avert® Labs WebImmune
Welcome: Michael hurley
Account: hurley40403@windstream.net
View Analysis


. Log out
. Change password
. Submit a file
. Update registration
. My Account
. Frequently Asked Questions
. Instructions For Use



McAfee Labs - Beaverton
Current Scan Engine Version:5400.1158
Current DAT Version:6314.0000
Thank you for your submission.

Analysis ID: 6597395
Name Findings Detection Type Extra
4f5380a5-7d2f326b current detection exploit-cve2010-0840 Trojan
no

current detection [ 4f5380a5-7d2f326b ]
The file received is infected and can be detected and removed with our
current DAT files and engine. It is recommended that you update your DAT and
engine files and scan your computer again.
If you are not seeing this with the product you are using, please
speak with technical support so that they can help you determine the cause
of this discrepancy.


Regards,






I have still not been able to get any help with this matter from McAfee or Windstream


BC AdBot (Login to Remove)

 


#2 Mighttuss

Mighttuss
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BEREA KY
  • Local time:06:51 AM

Posted 13 April 2011 - 01:22 PM

I njust found a phone number to call McAfee support! I was amazed,they want $89.00 more to take care of the virus.I give them $4.00 a month,that is $48.00 a year.And still got infected!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users