TechSpot - PC Technology News and Analysis

hi dear friends,

for past 1 months i am recieving this message whenever i am online ,

my nortan says "a recent attempt to attack your computer wa blocked"

when look for detail it says the following,

"An intrusion attempt by { my computer name } was blocked"

RISK NAME - HTTP LOP TOOL BAR ACTIVITY

RISK LEVEL - HIGH

ATTACKING COMPUTER - { MY COMPUTER NAME}

DESTINATION ADDRESS - Ads.dns-look-up.com(64.34.228.126,80)


i had also attached my hijack this log .


kindly look into this and help me

Attached Files

hijackthis.log (12.7 KB, 2 views)

No big worries sighted.
How much memory is installed?

Hum; beg to differ.
Your system is making an outbound connection on port 80 (an port that is naturally opened for all browser access) to a site at 64.34.228.126

I would be concerned. If you did not click a link and immediately get this message,
then something on your system (including an ActiveX program) made the request.

Which browser and OS version are you running?

thanks for your reply Mr.Ray bay,
my memory installed is 128 gb , with 1 gb ram

thanks for your reply Mr.Jobeard, my os is windows xp media center edition , verison 2002 , i use exporer 7 ,

hey there are somethings we have to do but first looks like you have 2 antivirus apps installed do you

norton
mcafee

also do you know these IP's

125.22.47.125
202.56.250.5

thanks for your reply daniel , i am using only nortan , but when i took hijack log , the superantispyware was running ( used to check for ).

as far as this 2 ADResses , both of them are not useful to me , but one belong to service provider to my ex company and other my companys allotted id ( i found so).

McAfee Uninstaller

• Download McAfee Uninstaller to your desktop
• Run the Uninstaller
• Reboot computer

-----------------------------------------------

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

------------------------------------------------------

Please go HERE to run Panda's TotalScan

• Select the bubble for Full scan
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• Then the scan will begin
• When the scan completes, click the Save button on the right of Scan details
• Save it to a convenient location. Post the contents of the TotalScan report

dear daniel ,

thank you for the reply , i had uninstalled the mcafee.

also had run the malware and panda scan , the following is the log file of teh same.

the problem is still there , thank u.

Attached Files

	mbam-log-7-26-2008 (11-05-21).txt (1.2 KB, 2 views)
	ActiveScan.txt (30.4 KB, 3 views)

make sure to delete everything MBAM found.

post a fresh hijackthis log

dear daniel ,

i had deleted as instructed .

this is my fresh hijack log

thank you

Attached Files

hijackthis.log (12.1 KB, 3 views)

We need to get rid of one of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

Save it to your desktop as File name: service.cmd
Save as type: All Files

Once done, double click service.cmd to run it. A command window will open briefly, then close. This is quite normal.

run hijackthis and place a check next to the item below

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0092261186264942) (0092261186264942mcinstcleanup) - Unknown owner - C:\DOCUME~1\Udhayam\LOCALS~1\Temp\009226~1.EXE (file missing)

dear daniel

i had done as instructed , had attached the hijack this log.

( the problem is still there)

thank you

Attached Files

hijackthis28.txt (11.7 KB, 1 views)

ComboFix

• Download ComboFix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

dear daniel,

as instructed had done the combofix , here is the log attached . for your kind info teh same problem persists.
thank you

Attached Files

combofixlog.txt (17.6 KB, 1 views)

Post a fresh hijackthis log

dear daniel , this is fresh hijack this log .
thank you

Attached Files

hijackthis31.txt (11.6 KB, 2 views)

Your java is out of date please update it this is an easy way to get infected how is your computer running I do not see anything bad in your log,

Update your Java Runtime Environment

First try going to Start -> Control Panel -> double click Java
Select the Update Tab at the top of the Java console
Click the Check for Updates button at the bottom
If it finds the newer version (Java 6 Update 7) Follow the on screen instructions (uncheck the yahoo toolbar option)
After it installs the newest version Go back to Control Panel -> Add/remove programs (programs and features in vista)
Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
Update your Java Runtime Environment
Click the following link
Java Runtime Environment 6 Update 7
The 5th option down is the one you want (click Download)
Check the box to agree to terms of service
Check the box for your operating system and click 'Download selected'at the bottom
After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_07 folder

-----------------------------------------

TrendMicro™ HouseCall Java Scan

• Please go HERE to run the Trend Micro™ HouseCall Scan.
• Click Scan now. It's free!
• Read and put a Check next to Yes I accept the terms of use.
• Click the Launching HouseCall>> button.
• Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
• You may receive a Security Warning about the TrendMicro Java applet, click YES.
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
• Please be patient while it installs, updates, and scans your system.
• Once the scan is complete, it will take you to the summary page.
• Under Cleanup options, choose clean all detected infections automatically.
• Click the Clean now>> button.
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

dear daniel,

thanks , i am sorry for the delayed reply.

i had done as instructed . teh problem still persists.
thank you

Could you please restate your configuration, particularly the memory statement: "...memory installed is 128 gb , with 1 gb ram..." Does this mean you have a 128 GB hard drive with one or two memory modules totalling 1 GB?

Now that the infestation removal didn't change things, perhaps we need to take another look at the problem. Can you restate it, please?
Do you use Internet Explorer, Firefox, Safari, or Opera? Have you blocked popups in whatever you use?
It is possible that you are receiving a marketing attack that could be blocked by using Firefox 2.0 or 3.0?