Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website: 95.211.194.79
Type: Outgoing
Port: 53158, Process: svchost.exe
Arestocrat malware takes over! Held hostage [Solved]
Started by
Dadellaad
, May 30 2013 08:19 PM
-
This topic is locked
#16
Posted 04 June 2013 - 01:26 PM
Dadellaad
- Topic Starter
-
- Member
-
- 15 posts
Member
Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website: 95.211.194.79
Type: Outgoing
Port: 53158, Process: svchost.exe
#17
Posted 04 June 2013 - 01:27 PM
Dadellaad
- Topic Starter
-
- Member
-
- 15 posts
Member
Interesting, I've had this window pop up a few times since running Malware Bytes:
Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website: 95.211.194.79
Type: Outgoing
Port: 53158, Process: svchost.exe
Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website: 95.211.194.79
Type: Outgoing
Port: 53158, Process: svchost.exe
#18
Posted 04 June 2013 - 02:09 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Is the computer behaving itself now, any apparent problems ?
#19
Posted 04 June 2013 - 02:13 PM
Dadellaad
- Topic Starter
-
- Member
-
- 15 posts
Member
No it is actually acting strange since running Malwarebytes... Not sure if the program is just working to ward off repeated attacks or what, but my laptop is extremely slow. and that message has popped up no less than 20 times since. I googled the IP address listed in the message and it appears to have something to do with that malware that held my computer hostage.
#20
Posted 04 June 2013 - 02:17 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK that is the MBAM IP alert, generally I find that to be hyper sensitive and have disabled that on my system
MBAM also loads low level drivers, so to be honest you can uninstall and just download it when you need to do a check
So uninstall it and see if the speed reverts to normal
MBAM also loads low level drivers, so to be honest you can uninstall and just download it when you need to do a check
So uninstall it and see if the speed reverts to normal
#21
Posted 04 June 2013 - 07:00 PM
Dadellaad
- Topic Starter
-
- Member
-
- 15 posts
Member
ok that's prob what I'll do. However, I am mildly concerned that if I uninstall MBAM whatever this website is that is trying to gain access may now be successful in doing so. What are your thoughts on this?
#22
Posted 04 June 2013 - 07:43 PM
Dadellaad
- Topic Starter
-
- Member
-
- 15 posts
Member
I ran a full scan on Malware bytes and this is what came up...
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.04.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
scottdangora2 :: SCOTTDANGORA821 [administrator]
Protection: Enabled
6/4/2013 9:02:15 PM
mbam-log-2013-06-04 (21-02-15).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300882
Time elapsed: 34 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\acrobat.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\acrobatreader.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\icq.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\jucheck.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\mstsc.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\rundll32.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.04.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
scottdangora2 :: SCOTTDANGORA821 [administrator]
Protection: Enabled
6/4/2013 9:02:15 PM
mbam-log-2013-06-04 (21-02-15).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300882
Time elapsed: 34 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\acrobat.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\acrobatreader.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\icq.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\jucheck.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\mstsc.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06042013_145106\C_Users\scottdangora2\rundll32.exe (Trojan.Inject.RRE) -> Quarantined and deleted successfully.
(end)
#23
Posted 05 June 2013 - 07:11 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
I had MBAM pro installed for about 6 months and the number of alerts it produced was phenomenal but the last straw was when it stopped my AV updating because it blocked the IP address. As I have Avast with its excellent web shield, from which there was nary as murmur, I ended up uninstalling and only using it when I felt the need. If you need any further info about that please do not hesitate to ask. The latest file detections with MBAM are the files that we quarantined earlier with OTLHowever, I am mildly concerned that if I uninstall MBAM whatever this website is that is trying to gain access may now be successful in doing so. What are your thoughts on this?
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Clear Restore Points
Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
#24
Posted 11 June 2013 - 12:53 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
