Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Bytes Reporting Malicious Sites being blocked


  • This topic is locked This topic is locked
15 replies to this topic

#1 trg

trg

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 12 December 2014 - 12:16 AM

Hello,

 

I googled some of the sites being blocked and noticed you had some users you had helped previously with the same type of issue.

 

I have the following websites being blocked by Malware Bytes Premium.

Malicious Website Protection, IP, 67.212.88.10, kickass.to, 0, Outbound,
Malicious Website Protection, IP, 119.145.147.181, mama.cn, 0, Outbound,
Malicious Website Protection, IP, 5.150.195.167, 0427d7.se, 0, Outbound,
Malicious Website Protection, IP, 91.202.63.7, cy-pr.com, 0, Outbound,
Malicious Website Protection, IP, 91.202.63.160, movie4k.to, 0, Outbound,

 

I am running Avast! as well along side Comodo Firewall

The alerts come up randomly and I have scanned the system completely with nothing showing infection but I find that hard to believe else I wouldn't see these popups.

Any help is greatly appreciated.

As per the people who have had the same issues, I have attached the Farbar Recovery Scan Tool logs already.

Posted log from TDSSKiller

 

Attached Files


Edited by trg, 12 December 2014 - 12:24 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 17 December 2014 - 12:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559509 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 trg

trg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 19 December 2014 - 10:29 AM

Still requesting assistance.

 

Updated Logs

 

Attached Files



#4 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 19 December 2014 - 10:24 PM

Hi trg,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================
 

I have the following websites being blocked by Malware Bytes Premium.

 

Your security software has classified these websites as potentially harmful to your computer, and has blocked access to them.
Isn't that what you want your security software to do, protect you from malware?

Have you googled the IP addresses or the domain names to find out more about the sites that are being blocked?

67.212.88.10, -- kickass.to >> P2P torrents
119.145.147.181, -- mama.cn >> https://www.xssposed.org/incidents/48993/
5.150.195.167, -- 0427d7.se >> http://google.cn/safebrowsing/diagnostic?site=0427d7.se/
91.202.63.7, -- cy-pr.com >> the IP address is out of the British Virgin Islands, while the domain registration is out of Australia. Meanwhile the site appears to be in Russian.
91.202.63.160, -- movie4k.to >> P2P Movie torrents, most likely illegally obtained copies, and distributed without the proper consent.

 

What are your thoughts on the information provided?


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#5 trg

trg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 20 December 2014 - 10:07 AM

Good morning OCD and thank you for your response and assistance.

The listed sites/ip addresses show in a series of pop ups from malwarebytes in succession at random times even when the PC is idle.  This is leading me to believe that there is something that is collecting and attempting to transmit data to these sites.
 

Scans by Avast!, Malwarebytes, and Kaspersky Online do not detect any infections or rootkit installations.

I saw this post here with someone who had the same issue.
http://www.bleepingcomputer.com/forums/t/537610/malwarebytes-blocking-outgoing-connection-from-firefoxexe/

So yes, Malwarebytes is blocking the sites but something is setting it off randomly while even idle and in succession.

 



#6 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 20 December 2014 - 10:28 AM

Hi trg ,

Please run fresh scans for me to review.

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Save this file at this time, do not delete.
=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • aswMBR.txt
  • FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#7 trg

trg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 20 December 2014 - 01:39 PM

As requested

 

Attached Files



#8 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 20 December 2014 - 10:33 PM

Hi trg,

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 

Start
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Download Malwarebytes' Anti-Malware to your desktop.

  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

MBAMDashboard_zpsddef9b5f.gif

  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes

=========================

In your next post please provide the following:

  • Fixlog.txt
  • MBAM.txt
  • Any change in performance?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#9 trg

trg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 21 December 2014 - 04:59 PM

As requested.  I will watch to see if those pop ups appear again.

 

Attached Files



#10 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 21 December 2014 - 11:52 PM

:thumbsup2:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#11 trg

trg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 23 December 2014 - 04:46 PM

Update:  Worked on it yesterday and today.
 

Yesterday, received a pop up for 5.150.195.167, -- 0427d7.se
Today I received a pop up for all 5 again.

 

Thinking I'll need to rebuild.



#12 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 23 December 2014 - 05:22 PM

Hi trg,
 

Thinking I'll need to rebuild.


I wouldn't do that just yet. We still have a few more options available to us.

bullseye_zpse9eaf36e.gif RogueKiller

Download to your desktop RogueKiller (by tigzy)

RogueKiller_zps5799200f.gif
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan, Do Not Fix Anything at this point.
  • Click the Report button, save the report to your desktop
=========================

bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
MBAMAnti-Rootkit1_zps4613be8c.png
  • Please click by the introduction screen on the Next button to continue.
MBAMAnti-Rootkit2update_zpsf85fca28.png
  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
MBAMAnti-Rootkitupdatecomplete_zpscf9f4c
  • When the update has finished, click on the Next button.
MBAMAnti-Rootkitscan_zps9b346fe7.png
  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
MBAMAnti-Rootkitscan-results_zps9f0fdf8e
  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================

In your next post please provide the following:
  • RogueKiller log
  • system-log.txt
  • mbar-log

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#13 trg

trg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 27 December 2014 - 02:49 AM

Hi OCD,

Hope you had a good holiday.  The following logs are attached as requested.

 

Attached Files



#14 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 27 December 2014 - 07:19 PM

Hi trg,

Yes, I had a nice holiday. I hope you did too as well.

You logs look good.

There is another thread open with the same issue.

This is from the Malwarebytes' website:

There are many applications on your system which have access to the Net and any of these can trigger an alert with no browser open. Most common offenders are P2P applications and IM clients, usually an ad will trigger an alert. An advanced or premium firewall will be able to give you a list of programs which can access the Net.

Open up Comodo and see what programs have access to the net.

These steps haven't helped in the other thread, but I would be remis to not try them here.

1. Turn off your computer
2. Turn off your router by unplugging the power cord on the back of the unit
3. Turn off your Cable / DSL modem by unplugging the power cord on the back of the unit

Leave everything off for about 5 minutes, this lets it all reset

Then

1. Plug in your Cable / DSL modem and wait until all the lights come back on
2. Now do the same thing with your router
3. Turn your computer back on and see if it made a difference

 

Any change in performance?

What programs have acces to the internet through your firewall?


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#15 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 30 December 2014 - 11:18 PM

Hi trg,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users