Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes is constantly blocking "malicious websites"


  • Please log in to reply
1 reply to this topic

#1 mlaw31

mlaw31

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 23 October 2014 - 02:10 PM

Hello all, I am having a computer meltdown.  This morning, I came to my desktop and noticed that my Microsoft Security Essentials had flagged a "Win32/Zbot.gen!/plock".  I removed the files from the prompts in MSE and downlowded malwarebytes.  At that point MwB began blocking several malicious websites:

 

fff5e.com

IP Address 31.184.192.90 (out of Russia)

searchnet.blinkxcore.com

95.215.1.57 (also out of Russia)

88.214.193.72 (out of the UK)

 

I also had red flags for Anogre.E, Java/CVE-2013-2460, Java/Obfuscator.W, Win32/Crowti.A, and TrojanPoweliks

 

These came from scans through Adware and MWB.  I also ran CCleaner, HitmanPro, Junkware Removal, RogueKiller, and TDSSKiller.  No solution. 

 

Now when I run scans in MSE and MwB there is nothing found, but I still get the "Malicious Website Blocked" about everything 2 seconds. 

 

I did google searches for the fff5e and searchnet terms for possible viruses, but the free removal tools promising to remove the attached viruses haven't worked.

 

Any help would be much appreciated. I'm extremely new to this.

 

I have the first MBAM .txt log and the FRST .txt and addition.txt


Edited by mlaw31, 23 October 2014 - 02:54 PM.


BC AdBot (Login to Remove)

 


m

#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,588 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:52 AM

Posted 23 October 2014 - 05:40 PM

G'day mlaw31, and Welcome to BC !

 

Exploit:Java/Anogre.A is a detection for an obfuscated Java class component associated with the exploit kit called SweetOrange. Similar to any other exploit kit, such as Blacole, it first determines information about your browser. This includes the browser you use (for example, Internet Explorer or Mozilla Firefox), its version, and what plug-ins are installed.

SweetOrange can exploit vulnerabilities in Java, specifically the vulnerability discussed in CVE-2013-0422.

Exploit:Java/Anogre.A usually comes bundled with another file detected as Exploit:Java/CVE-2013-0422.

 

 

Please follow the instructions in ==>This Guide<== starting at Step 6.

 

Once the proper logs are created, then make a NEW TOPIC and post it ==> HERE<==

 

Do not run ComboFix. Just include the requested logs from the guide above. Please be sure to include a description of your computer issues and what you have done to try to resolve them.

 

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why along with a description of your computer issues.

 

Please post the link to your new topic back here so we can lock this one, and then only the Malware Response Team should handle your problem.

 

 

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible.  I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users