Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


AV blocked Blackhole Toolkit Website Attack, but...

  • Please log in to reply
No replies to this topic

#1 MML


  • Members
  • 241 posts
  • Local time:11:43 PM

Posted 24 May 2011 - 03:08 PM

Hi - I'm sorry for bugging you guys again, but:

I received a warning upon connecting to the internet that my computer immediately had blocked a Blackhole Toolkot Website Attack (I'd only automatically connected to yahoo, my homepage, thus far).

I'm scanning with GMER as we speak.

GMER Result:

GMER - http://www.gmer.net
Rootkit scan 2011-05-24 16:25:30
Windows 6.1.7601 Service Pack 1
Running: roxte676.exe

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\CmnClnt\_lck\_LUE_SESSIONG 0 bytes

ETA: It's now happening every single time I log onto my computer - different attacking URLs, same attempted infection, same attacking IP.

From my virus protection:

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
5/25/2011 2:19 PM,High,An intrusion attempt by was blocked.,Blocked,No Action Required,Web Attack: Blackhole Toolkit Website,No Action Required,No Action Required,", 80", (URL redacted so no one will follow it),"ASHANDSHEILA (, 49438)",,"TCP, www-http"

Edited by MML, 25 May 2011 - 01:34 PM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users