Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV blocked Blackhole Toolkit Website Attack, but...


  • Please log in to reply
No replies to this topic

#1 MML

MML

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 24 May 2011 - 03:08 PM

Hi - I'm sorry for bugging you guys again, but:

I received a warning upon connecting to the internet that my computer immediately had blocked a Blackhole Toolkot Website Attack (I'd only automatically connected to yahoo, my homepage, thus far).

I'm scanning with GMER as we speak.

GMER Result:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-05-24 16:25:30
Windows 6.1.7601 Service Pack 1
Running: roxte676.exe

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\CmnClnt\_lck\_LUE_SESSIONG 0 bytes

ETA: It's now happening every single time I log onto my computer - different attacking URLs, same attempted infection, same attacking IP.

From my virus protection:

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
5/25/2011 2:19 PM,High,An intrusion attempt by 193.105.154.238 was blocked.,Blocked,No Action Required,Web Attack: Blackhole Toolkit Website,No Action Required,No Action Required,"193.105.154.238, 80", (URL redacted so no one will follow it),"ASHANDSHEILA (10.0.0.2, 49438)",193.105.154.238,"TCP, www-http"

Edited by MML, 25 May 2011 - 01:34 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users