Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Skype intrusion attemps. Plesk?


  • Please log in to reply
8 replies to this topic

#1 Slift

Slift

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 18 July 2013 - 11:44 PM

Alright here we go again, I've made threads on Norton forums and Skype forums. Skype wont talk to me at all but norton forums told me that its most likely an ad on skype doing this to me. It all started 7/13/13 when I updated skype to 6.6 but i uninstalled skype and reinstalled 6.5 and it's still happening. Skype is the only thing i installed on this day and the attack originates from programfiles(x86)/skype/phone/skype.exe.

 

At first I was getting a popup in a windows error box saying ActiveX had been disabled and therefore some features could not be displayed and I hit okay and it brought up a survery site: ar.voicefive.com which i closed as soon as I noticed it. Then everytime it popped up I would hit the X instead of hitting okay since there was no cancel option and it never opened my firefox again but Norton would still pop up informing me there was an intrusion attempt from cdn.adnxs.com. Paniced I went to adblockplus and put in a custom filter for adnxs.com and I dont know if that stopped it or it just switched but after that it changed to Web Attack: Plesk Command Injection. Norton pops up warning me of attacks about 3 times a day now. Attacking computer 173.192.9.2, 44399. Ill include a screenshot of the message norton gives me. I'm going to block out my IP.

 

Please tell me how I can fix this, I'm going to be moving in a week and switching ISPs which means I'll lose my free Norton and I'll be temporarily unprotected and don't want to have this infection while that is going on.

 

2nk1jih.png

 

I've ran scans with both Norton Security Suite and Malwarebytes, Norton coming up with tracking cookies it removes and MB detecting nothing.

 

I'm going to go to bed and when I wake up tomorrow I'll try to check this thread every hour to see if I have received any updates and to keep you guys from waiting to long.


Edited by Slift, 18 July 2013 - 11:51 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:29 PM

Posted 19 July 2013 - 07:59 AM

See this discussion thread
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:06:29 AM

Posted 19 July 2013 - 08:13 AM

Do this, download Skype Portable http://portableapps.com/apps/internet/skype_portable and uncompress to a USB drive. It's a standalone Skype. See if it happens on your PC and try on another PC?
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#4 Slift

Slift
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 19 July 2013 - 10:40 AM

yea i saw that thread and im pretty much the same situation but I dont know how to make norton block my open ports i tried looking around in Firewall.

 

EDIT: I ran ShieldsUp and it came back saying unable to reach and that i had no open ports, probably because i have a modem hardwired to my pc and thats it, no router. so now the question is what is causing this if not open ports?

Do this, download Skype Portable http://portableapps.com/apps/internet/skype_portable and uncompress to a USB drive. It's a standalone Skype. See if it happens on your PC and try on another PC?

dont have a usb drive or a second computer


Edited by Slift, 19 July 2013 - 10:52 AM.


#5 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 PM

Posted 19 July 2013 - 11:32 AM

To be sure you are not infected with something, try ESET online scanner. If this came negative there is big change it isn't malware related. 

 

ESET Online Scanner
==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================

 


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#6 Slift

Slift
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 19 July 2013 - 01:54 PM

To be sure you are not infected with something, try ESET online scanner. If this came negative there is big change it isn't malware related. 

 

ESET Online Scanner
==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================

 

With how frequent these attacks are is it safe to disable my antivirus for multiple hours? It seems like that would allow this intrusion to change my settings to allow a url or whatever its trying to say in my pic "allow url safe mode = off". I'm not an expert but that seems like its trying to make an exception to let some url open without my permission and disabling my anti virus seems like if one of these attemps were to happen during the scan it would be successful?



#7 Ammiit

Ammiit

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:29 PM

Posted 19 July 2013 - 02:19 PM

ESET doesn't need an internet connection when scanning, it only needs it when downloading and then after the download where it updates the database then you can disable internet connection and anti-virus and do the scan (If I remember correctly). You might not even have to turn off Nortons... only if ESET scanner gets blocked by it. My anti-virus didn't have an issue with it.

 


 



#8 Slift

Slift
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 19 July 2013 - 04:46 PM

 

ESET doesn't need an internet connection when scanning, it only needs it when downloading and then after the download where it updates the database then you can disable internet connection and anti-virus and do the scan (If I remember correctly). You might not even have to turn off Nortons... only if ESET scanner gets blocked by it. My anti-virus didn't have an issue with it.

 


 

 

I read on another forum the scan wont be done properly if offline while doing it and that even if your anti virus doesnt block the scan itself that it could give false results by having the antivirus enabled. can anyone confirm or deny these things?



#9 Ammiit

Ammiit

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:29 PM

Posted 20 July 2013 - 02:04 PM

Ah, then I would go with their advice. I'm not expert I was just recalling what I did.. that appeared to work  :).






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users