Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My system is trying to access clearyfitzgeralddentalpractice.ie


  • Please log in to reply
2 replies to this topic

#1 lrmarker

lrmarker

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 AM

Posted 25 January 2015 - 06:11 PM

Windows 8.1 32 bit up-to-date, Norton Internet Security, IE 11, Firefox 34.0.5.  Homebuilt machine Intel i5-3550, GA-H77M-D3H mobo, 8 GB RAM (yeah, I know it can only use 4 GB).

-------------------------------------------------------------------------

 

I noticed a lot of file activity that didn't seem normal, so I ran Resource Monitor and saw 4 processes accessing the network at location clearyfitzgeralddentalpractice.ie   (I have a screen shot of the RM display, but I don't see how to upload a file to attach here.)
 
I have done the following:
 
1 - I ran MalwareBytes and it found 26 PUPs but no malware. One was a registry entry for MySearchDial and the rest were all Foxfire profiles related to MySearchDial. MWB quarantined all these, but it did not fix the problem.
 
2 - I ran a full system scan in NIS.  It quarantined 3 "suspicious" files -- all are part of NIRtools, so I believe these are false positives.  The problem remains.
 
3 - Google turned up the fact that there are 456 different web sites that are registered for the same IP address, one of which is clearyfitzgeralddentalpractice.ie
 
4 - I next looked in my hosts file and found that that name is directed to 127.0.0.1, which means that my MirageAB utility had already dead-lettered it which means that it is a known bad site.
 
5 - I ran RKill, AdwCleaner, TDSSkiller, and Malwarebytes Anti-Rootkit.  All came up negative.

 

Any recommendations will be appreciated.

 

Larry


Edited by lrmarker, 25 January 2015 - 06:22 PM.


BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:03:26 AM

Posted 25 January 2015 - 07:50 PM

Due to the rules of this section, I (or anyone, really) am unable to help you. Please follow this thread for information on how to request help from a Malware Response Team member.

If you are unable to run FRST due to malware on your system, create a thread anyway stating this. Once you have submitted a thread, do not request help from anyone or attempt to remedy the problem yourself. While the response can take up to three days, it will only be accurate if the system is kept in the same state.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#3 lrmarker

lrmarker
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 AM

Posted 25 January 2015 - 08:12 PM

Thanks.  Will do.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users