Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cdn.skim.gs 72.21.92.20 Firefox.exe


  • Please log in to reply
3 replies to this topic

#1 Birdseed

Birdseed

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 10 September 2015 - 01:53 PM

Starting at 2:10AM this morning, I have a log of 15 attempts every 10 minutes or so that are triggering my malewarebytes.org.  Shows that it's an OUTBOUND attempt to cdn.skim.gs @ 72.21.92.20 at various ports--none duplicated, just running them methodically--and that it's coming from my browser (firefox) and is being blocked.  Ran a malwarebytes.org scan, no issues noted.

 

I googled and am not finding anything that is helpful.  Searched this site as well.

 

Windows 8, up to date.  No other virus protection running on this box as I use programs for programming/design purposes that routinely get messed up with Norton or others.

 

Log file from Malwarebytes looks like this...repeated many many times with the port varying:

 

Detection, 9/10/2015 2:22 PM, SYSTEM, GATEWAYLAPTOP, Protection, Malicious Website Protection, Domain, 72.21.92.20, cdn.skim.gs, 59972, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

 

Thoughts on next steps?

 

Browser is working just fine.  Not doing anything wonky.  All other programs are working well.

 



BC AdBot (Login to Remove)

 


m

#2 Birdseed

Birdseed
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 10 September 2015 - 02:45 PM

Just now got a new one....

 

Trying to hit a different site.  This is the first time it's been a different site. 



#3 wobblerlorri

wobblerlorri

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 10 September 2015 - 09:42 PM

I'm getting periodic notices from Malwarebytes that skim.gs has been blocked when I access LiveJournal. Never on any other site. The popup box says:

 

Malicious Website Blocked

Domain: skim.gs

IP: 162.159.245.235

Port: 51213

Type: Outbound

Process: F:\Firefox\firefox.exe

 

I'm running Windows 7 Professional 64 bit SP1, with F-Secure Security Suite 16.0 Common Component Framework 2.44 Build 135. I have Malwarebytes Anti-Malware v2015.09.10.07 running. AMD FX-4100 Quad-core processor, 3.6 GHz, 8 GB RAM.

 

The most recent Malwarebytes scan log shows this line repeatedly:

 

Detection, 9/10/2015 12:01 AM, SYSTEM, LORRI-PC, Protection, Malicious Website Protection,

Domain, 162.159.246.235, skim.gs, 58080, Outbound, F:\Firefox\firefox.exe

 

I run Malwarebytes every day on my system, and a full scan using F-Secure once a week. What the heck is going on here? What is skim.gs? And why is my computer trying to contact them?


 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:59 PM

Posted 11 September 2015 - 10:07 AM

Hello, also run these and we can review those logs.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users