TechSpot

213.163.89.X Malware

By Kiteto
Jun 21, 2010
  1. Recently I have encountered Malware originating from Belgium.

    From a fresh boot of my Windows XP machine I get a delay on my Windows Firewall starting with a warning message. Once I start IE a short time later AVG catches a Trojan virus trying to load as svchost.exe.
    After repeated cleaning and scanning with AVG and Malwarebytes the problem persists.

    Running CPorts on the machine showed me a message being sent to one of the following: 213.163.89.104-107 (i106.panamamails.com) and 188.72.230.49.
    Shortly after one of these messages were sent I would receive another notification of virus activity from AVG on the computer.

    I added the following two entries into my computer at the MSDOS prompt:

    C:\>route add 213.163.89.0 mask 255.255.255.0 192.168.111.66 -p
    C:\>route add 188.72.230.0 mask 255.255.255.0 192.168.111.66 -p
    Note: 192.168.111.66 is an unused IP address on my subnet.

    This stopped the trojan virus activity by directing its send messages to a black hole. I sent an email to 188.72.230.49 's ISP, abuse@netdirekt.de.

    This will suspend the virus activity while you continue to clean your machine.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

  3. Kiteto

    Kiteto TS Rookie Topic Starter

    Unable to search for windowsupdate

    I found a second computer in my network was the origin of my virus problem.
    I added another blackhole route to my network for the 213.162.89.X malware:
    - route add 70.42.27.130 mask 255.255.255.255 192.168.111.66 -p

    One problem I did encounter that I see many posts on the internet is the inablility to download Microsoft Updates.

    One of the errors is 80072EFF when downloading updates.

    When you enter 'microsoftupdate' in your internet search or try to navigate to any page which contains the letters 'microsoftupdate' in the url you end up with a Internet Explorer cannot display the webpage screen.
    If you search for 'microsoftupdat' without the e your browser will return with sites.

    I downloaded Microsoft's malicious software removal tool and ran it.
    It discovered win32/alureon.h virus, but could not remove it.
    I downloaded tdsskiller and the problem was fixed.

    My IE now can visit the windows update pages.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Let me know, if you need any further assistance and thank you for posting back :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...