Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help re: "body4u.diy.myrice.com" Post


  • This topic is locked This topic is locked
3 replies to this topic

#1 stuffandthings

stuffandthings

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:27 AM

Posted 16 June 2014 - 10:22 AM

I understand that post was locked.  However, I hope you will hear me out before removing my post here to add new info and to request help about this.
( post I'm referencing: http://www.bleepingcomputer.com/forums/t/534143/body4udiymyricecom/ )

I am on my partner's computer now because my notebook cannot seem to access the internet anymore.  This is part of the issue here.  Let me explain.

I will preface by saying that my computer is an HP notebook, Windows 7 Home Premium, 64-bit.

1) For the last few years, I have been using a program called Peerblock, which is a free and open source software firewall application.  It blocks incoming and outgoing connections to Internet IP addresses that are included on blacklists which a user selects, but also any addresses manually specified by the user.  I've been frequently monitoring traffic that flows in and out of my Peerblock program in order to keep my VPN service running.

2) For the last few months I have been using Private Internet Access, a VPN service.  I have been using a server in the same country I reside, the US.

3)  About a week ago I downloaded the add-on NoScript for my firefox browser.

Around the same time, I updated my blocklists from iblocklist for peerblock, and added a couple of new ones as well.

I noticed on my peerblock roster that the pings for the "IANA" lists were spamming my computer really badly, as well as my partners, which I had put on there as well. I decided to remove the IANA lists for thinking I was probably doing something wrong.  The spamming was quickly replaced by a stream of pings from the "bogon" lists.  I decided to remove those as well, and that is when I started seeing the malware pings.  Do not attempt to go to these sites, they are dangerous -- body4u.diy.myrice.com and asnbm.myftpsite.net -- I repeat, do not attempt to go to these sites.  It was those two that I began to see.

I noticed my VPN was doing some weird disconnections and reconnections.  It would disconnect after trying to connect, and then when I tried again, it would appear as though it was working again.  However, when I tested it out with http://ipleak.net, it was as though there was no VPN active.

I started to do more research, and came across the post on your site.  I realized there was much more going on here than I at first realized, specifically because far more advanced computer users than myself were having serious trouble with figuring this out.  I did make some attempt to follow the steps that blackbox suggested on that thread - I uninstalled and reinstalled my firefox browser, and the problem persisted.  There were even ping requests happening while I had my wifi "shut off".  Not very comforting considering the basic logistics we're all supposed to believe when it comes to what "wifi disabled" means.

After talking things over with my partner, it was evident that even if I could magically manage to stop the pings from being answered, it was not allowing my VPN service to work, as in messing hardcore with my DNS settings (perhaps among other things, I'm really not sure.)  And in the previous post about this problem, getting a VPN to work in addition to ridding this problem was not included among the dialogue.

At that point, I proceeded to post on the Private Internet Access forums.  Not too much came of it.  I will link it, though, so you can read my description in greater detail -  http://tiny.cc/jp4ghx   Also note that I linked the previous post listed here on bleepingcomputer.

After thinking about things I realized the connection with the other articles I had read talking about "add-ons" being a connection to how this gets into a computer, and remembered that I had recently added NoScript to my add-ons.  I decided to head over to the forums for NoScript and see if I could get more help.  That conversation is now at a stand-still, however so far those who are well-versed with using NoScript claim there has not been any red flags about this malware attached to their add-on.  That conversation can be found here - http://tiny.cc/xhyjhx

So, with all of that being said, I come to my current point.  I took steps to try to put all the data on my notebook that I wanted to save into a zip file, and to transfer that file over my home network to my partners computer, because I lack an external drive to do so at the moment, and the money to acquire said external drive.  (The pings are continuously being blocked by peerblock, but keep coming in a steady stream.)  I managed to make a zip file.  The problem happened when I tried to transfer it.  It got about 5% through - and then my internet connection suspiciously stopped working properly on my notebook, while working fine on my partners computer.

I have a modem, and a wireless router, and I noticed that instead of seeing it trying to connect to the router which has a name we have assigned it, it was saying "unidentified network" as the thing it was trying to connect to.

I went in to try to troubleshoot the problem with Windows Network Diagnostics.  It came back at me with an error message that said, "Wireless Network Connection" doesn't have a valid IP configuration."

This is basically where I'm really starting to panic.  I'm not sure if this malware is intelligent enough to mess up the inherent IP configurations of my computer, and what's more, all of my stuff is still on it.  It's as though I tried to carefully and quietly pack all my stuff up and move it out and the malware decided to block that process from happening.  And now I cannot even connect to the internet on it to maybe try to upload my stuff to a cloud-based service of some kind - which looking back is probably what I should have tried to do!!

I'm hoping this is just a basic setting that needs to be switched on or off or some such thing, but I have a feeling it's not that simple.

The only theory I have is that the "unidentified network" has to do with the VPN service (which I have not had active in over a week now) in some way, as I was connected to one to use the VPN service in addition to my router.

Before you ask, no, I don't have any screenshots.  I could get them if you needed them, but there's not really anything amazing to take a screenshot of.  What I said is what you see.

Thanks for any feedback.  Please have patience with me, as I am not super advanced at this stuff, in case you couldn't already tell.

 

 

EDIT:  Forgot to add that I was trying to move stuff off of my computer in order to use my recovery CDs that I have for it. (Thankfully.)


Edited by stuffandthings, 16 June 2014 - 10:33 AM.

If you are part of the 99%, you are automatically a part of the Occupy movement.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 AM

Posted 16 June 2014 - 02:07 PM

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:27 AM

Posted 17 June 2014 - 02:28 PM

Hello - Just an update about my situation here, specifically about my delay in posting my logs. 
(Logs can be found here: http://www.bleepingcomputer.com/forums/t/538051/regarding-my-body4udiymyricecom-post-post-reformat-logs/ )

I would have had this up sooner, but the virus seemed to have disabled my ability to access the internet - first on my laptop as I have previously stated, but then it also happened on my partners desktop computer as of this morning.  Same error message. 

I had to call my ISP and ask them if it was the modem, because it was doing some really weird stuff with orange lights, etc.  They said that the modem was fine, but after looking into my computer the guy said "Yea, it looks like you have a DDOS malware problem.  This is not good.  You're going to have to delete all of your content on your computer and totally wipe it." 

I told him I had recovery disks and he said I needed to make sure to delete everything first, and then do a full reformat.

After talking things over with my partner I decided that I would try to salvage just the most valuble stuff onto a flash drive, and then I just used the disks to do the reformat and restore. 

I then downloaded firefox, a fresh copy of peerblock, loaded up my blocklists, and when I went to check my email, I instantly noticed the "bogon" lists spamming the roster like crazy.  I did not use any IANA lists.  I have not seen the "body4u" and "asnbm" pings as of yet, but keep in mind that I only saw those after removing the bogon lists the last time. 

As of right now I have not done anything else with the peerblock.  Bogon lists are blocking things apparenty and still streaming through. 

I called back my ISP and the guy did make a point to say that I probably should have left my router and modem off until everything was back up and running on the computer, reset them, and then proceeded to turn them on, since the malware might have just been sitting in the router and modem waiting. 

In the meantime, he said the issue was forwarded onto their investigation department via my emailing about this to them and they might be able to trace where this issue came from somehow. 

I will update further if I need to, but my logs have been posted, so I will wait to see what feedback I receive. 

 


If you are part of the 99%, you are automatically a part of the Occupy movement.


#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,841 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:27 AM

Posted 17 June 2014 - 02:45 PM

Hello,

Now that you have posted a log linked in the above post: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users