I have a PC that is triggering alarms in my unified threat management system (AlienVault). The directive that causes the alarm is:
AV Malware, the DNS server replied with a sinkhole address, infected host resolving a CnC domain - Anubis Sinkhole.
AlienVault points back to the PC that appears to be infected as well as external IP address 18.104.22.168 (the sinkhole) and my internal DNS address. The payload indicates that the site pghmom.com is involved. The alarm can be triggered at will by going to the the URL. The event is triggered only active when Internet Explorer is loaded.
A URL scan using https://sitecheck.sucuri.net/results/pghmom.com yielded the following negative reports:
All anti-rootkit (MalwareBytes, Kaspersky, SysInternals) antivirus scans (ESET, Webroot, Bitdefender, F-Secure OnlineScanner) and anti-malware scans (MalwareBytes, SuperAntispyware, Zemana) came up negative.
Edited by CrackedPepper, 12 May 2016 - 03:03 PM.