TechSpot

Http lop toolbar activity

By smk.bluebird
Jul 20, 2008
Topic Status:
Not open for further replies.
  1. hi dear friends,

    for past 1 months i am recieving this message whenever i am online ,

    my nortan says "a recent attempt to attack your computer wa blocked"

    when look for detail it says the following,

    "An intrusion attempt by { my computer name } was blocked"

    RISK NAME - HTTP LOP TOOL BAR ACTIVITY

    RISK LEVEL - HIGH

    ATTACKING COMPUTER - { MY COMPUTER NAME}

    DESTINATION ADDRESS - Ads.dns-look-up.com(64.34.228.126,80)


    i had also attached my hijack this log .


    kindly look into this and help me
  2. raybay

    raybay TS Evangelist Posts: 10,716   +6

    No big worries sighted.
    How much memory is installed?
  3. jobeard

    jobeard TS Ambassador Posts: 13,412   +316

    Hum; beg to differ.
    Your system is making an outbound connection on port 80 (an port that is naturally opened for all browser access) to a site at 64.34.228.126

    I would be concerned. If you did not click a link and immediately get this message,
    then something on your system (including an ActiveX program) made the request.

    Which browser and OS version are you running?
  4. smk.bluebird

    smk.bluebird TS Rookie Topic Starter Posts: 28

    thanks for your reply Mr.Ray bay,
    my memory installed is 128 gb , with 1 gb ram
  5. smk.bluebird

    smk.bluebird TS Rookie Topic Starter Posts: 28

    thanks for your reply Mr.Jobeard, my os is windows xp media center edition , verison 2002 , i use exporer 7 ,
  6. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    hey there are somethings we have to do but first looks like you have 2 antivirus apps installed do you

    norton
    mcafee

    also do you know these IP's

    125.22.47.125
    202.56.250.5
  7. smk.bluebird

    smk.bluebird TS Rookie Topic Starter Posts: 28

    thanks for your reply daniel , i am using only nortan , but when i took hijack log , the superantispyware was running ( used to check for ).

    as far as this 2 ADResses , both of them are not useful to me , but one belong to service provider to my ex company and other my companys allotted id ( i found so).
  8. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    McAfee Uninstaller


    -----------------------------------------------

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    ------------------------------------------------------

    Please go HERE to run Panda's TotalScan
    • Select the bubble for Full scan
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Then the scan will begin
    • When the scan completes, click the Save button on the right of Scan details
    • Save it to a convenient location. Post the contents of the TotalScan report
  9. smk.bluebird

    smk.bluebird TS Rookie Topic Starter Posts: 28

    dear daniel ,

    thank you for the reply , i had uninstalled the mcafee.

    also had run the malware and panda scan , the following is the log file of teh same.

    the problem is still there , thank u.
  10. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    make sure to delete everything MBAM found.

    post a fresh hijackthis log
  11. smk.bluebird

    smk.bluebird TS Rookie Topic Starter Posts: 28

    dear daniel ,

    i had deleted as instructed .

    this is my fresh hijack log

    thank you
     
  12. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    We need to get rid of one of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

    Code:
    @echo off
    sc stop McAfee Application Installer Cleanup
    sc delete McAfee Application Installer Cleanup
    del service.cmd and exit
    
    Save it to your desktop as File name: service.cmd
    Save as type: All Files

    Once done, double click service.cmd to run it. A command window will open briefly, then close. This is quite normal.

    run hijackthis and place a check next to the item below

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about blank
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O23 - Service: McAfee Application Installer Cleanup (0092261186264942) (0092261186264942mcinstcleanup) - Unknown owner - C:\DOCUME~1\Udhayam\LOCALS~1\Temp\009226~1.EXE (file missing)
  13. smk.bluebird

    smk.bluebird TS Rookie Topic Starter Posts: 28

    dear daniel

    i had done as instructed , had attached the hijack this log.

    ( the problem is still there)

    thank you
  14. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    ComboFix

    • Download ComboFix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
  15. smk.bluebird

    smk.bluebird TS Rookie Topic Starter Posts: 28

    dear daniel,

    as instructed had done the combofix , here is the log attached . for your kind info teh same problem persists.
    thank you
  16. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Post a fresh hijackthis log
  17. smk.bluebird

    smk.bluebird TS Rookie Topic Starter Posts: 28

    dear daniel , this is fresh hijack this log .
    thank you
  18. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Your java is out of date please update it this is an easy way to get infected how is your computer running I do not see anything bad in your log,

    Update your Java Runtime Environment

    First try going to Start -> Control Panel -> double click Java
    Select the Update Tab at the top of the Java console
    Click the Check for Updates button at the bottom
    If it finds the newer version (Java 6 Update 7) Follow the on screen instructions (uncheck the yahoo toolbar option)
    After it installs the newest version Go back to Control Panel -> Add/remove programs (programs and features in vista)
    Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    Update your Java Runtime Environment
    Click the following link
    Java Runtime Environment 6 Update 7
    The 5th option down is the one you want (click Download)
    Check the box to agree to terms of service
    Check the box for your operating system and click 'Download selected'at the bottom
    After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_07 folder

    -----------------------------------------

    TrendMicro™ HouseCall Java Scan
    • Please go HERE to run the Trend Micro™ HouseCall Scan.
    • Click Scan now. It's free!
    • Read and put a Check next to Yes I accept the terms of use.
    • Click the Launching HouseCall>> button.
    • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
    • You may receive a Security Warning about the TrendMicro Java applet, click YES.
    • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
    • Please be patient while it installs, updates, and scans your system.
    • Once the scan is complete, it will take you to the summary page.
    • Under Cleanup options, choose clean all detected infections automatically.
    • Click the Clean now>> button.
    • If anything was found you may be prompted to run the scan again, you can just close the browser window.
  19. smk.bluebird

    smk.bluebird TS Rookie Topic Starter Posts: 28

    dear daniel,

    thanks , i am sorry for the delayed reply.

    i had done as instructed . teh problem still persists.
    thank you
  20. raybay

    raybay TS Evangelist Posts: 10,716   +6

    Could you please restate your configuration, particularly the memory statement: "...memory installed is 128 gb , with 1 gb ram..." Does this mean you have a 128 GB hard drive with one or two memory modules totalling 1 GB?

    Now that the infestation removal didn't change things, perhaps we need to take another look at the problem. Can you restate it, please?
    Do you use Internet Explorer, Firefox, Safari, or Opera? Have you blocked popups in whatever you use?
    It is possible that you are receiving a marketing attack that could be blocked by using Firefox 2.0 or 3.0?
  21. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    by problem you mean infection or you can not run the online scan and if you did run the scan can you post a fresh hijackthis.

    right click on hijackthis and look at the location it is installed go to that location and rename hijackthis to bobo then copy and past a shortcut to your desktop then run and post a fresh hijackthis log
  22. smk.bluebird

    smk.bluebird TS Rookie Topic Starter Posts: 28

    thank you mr.ray ,
    mine is having a C drive of 99 gb , d drive (hp recovery ) 11.6 gb , ram of .99 gb.

    as as ram i dont know whether it is one module or two one.

    i use windows xp media centre edition, ie 7 , and firefox . i had always used pop up blockers(in fact very strictly).

    please let me know if anymore info is needed.

    as far as my problem, here goes it,

    my nortan says "a recent attempt to attack your computer wa blocked"

    when look for detail it says the following,

    "An intrusion attempt by { my computer name } was blocked"

    RISK NAME - HTTP LOP TOOL BAR ACTIVITY

    RISK LEVEL - HIGH

    ATTACKING COMPUTER - { MY COMPUTER NAME}

    DESTINATION ADDRESS - Ads.dns-look-up.com(64.34.228.126,80)
  23. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Download Findlop. Unzip it to your desktop.
    Double click findlop.bat. It will open a notepad file.
    Copy the content of that file and paste it here in your reply.
  24. smk.bluebird

    smk.bluebird TS Rookie Topic Starter Posts: 28

    dear daniel,

    i had done teh java correction , the trend micro scan was also completed. nothing was found by the scan.

    please see the attached hijack this log ( did as instructed by you).

    also the findlop notepad.

    thank you
  25. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    open hijackthis and place a check next to the item below

    O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\settings amok.exe

    =========================================

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      [b] C:\Documents and Settings\All Users\Application Data\Long slow road itch [/b]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.