Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CBL blacklisted my IP and says I am infected with corebot


  • Please log in to reply

#31
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 260 posts

The scan finally finished and here are the results:

 

C:\Downloads\vpsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Downloads\Software\FreeVideoDub.exe    Win32/Toolbar.Conduit.S potentially unwanted application
C:\Downloads\Software\MediaCopeSetupD.exe    a variant of Win32/Toolbar.Babylon.A potentially unwanted application
C:\Downloads\Software\SetupImgBurn_2.5.7.0.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA application
C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA application
C:\Windows.old\Users\owner\AppData\Local\Temp\cpnprt2win32.cid    a variant of Win32/Adware.Coupons.AA application
C:\Windows.old\Users\owner\AppData\Local\Temp\uninst.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Temp\{5F4A7AA6-61BF-4A7F-980D-6ACD4F591632}.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Temp\Low\cpnprt2win32.cid    a variant of Win32/Adware.Coupons.AA application
C:\Windows.old\Users\owner\AppData\Local\Temp\_ir_sf_temp_0\CouponPrinterServiceWin32.exe    a variant of Win32/Adware.Coupons.AA application
C:\Windows.old\Users\owner\AppData\Local\Temp\_ir_sf_temp_0\cpnprt2win32.dll    a variant of Win32/Adware.Coupons.AA application
C:\Windows.old\Users\owner\AppData\Local\Temp\_ir_sf_temp_0\npCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA application
C:\Windows.old\Users\owner\AppData\Local\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA application
C:\Windows.old\Windows\Temp\NAV9BC3.tmp    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
 


  • 0

Advertisements


#32
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Hi my_name,

The majority of what ESET found is located in the windows.old folder. those will go away when you delete that folder, though you do need to clean out the downloads folder. :)

Reset all your browsers. Instructions found >>HERE<.

The fan is revving up nonstop, so should I stop the scan?


Does that happen often? I am hoping that your laptop fans were overworked due to the ESET scan. A good cleaning may remedy the problem if not. Do you have a can of compressed air? If not, you can purchase a can from your local discount store for less than $10. Here's instructions on how to blow the dust out from inside the laptop. I give my laptops a good cleaning at least every other month because I have cats. Dog hair isn't as bad but can still get sucked into the fan vents and cause over heating. Also be careful where you set the laptop when it is running. Always set it on a hard\solid surface so the fan vents aren't blocked and lint from fabrics can not be sucked into the vents. My laptop is about 4 years old as well and recently had to have a fan replaced. Doesn't take long for mechanical components to wear out, especially if they are not maintained.

When you get a moment or two, go to the Device Manager and double click on each device as you go down the list. Go to the Driver tab and click on Update Driver... Choose the Search automatically for updated driver software. If the best driver is already installed, Windows will let you know, otherwise an update will be downloaded and installed for you. This can take some time so your patience will be needed.

Keep me informed to how the laptop is behaving now.

Have a nice day! :)
  • 0

#33
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 260 posts

Thank you for your help, Donna.  I didn't mean to keep you up last night, I hope you got some needed sleep.  The laptop seems to be running much more quietly now and much cooler after cleaning it.  I wasn't able to open up the laptop all the way to clean it completely inside, but I took off the keyboard and saw part of the fan under that and sprayed it with the can of compressed air and also sprayed out the side vents.  We have cats also, 4 of them actually :) .

 

I was going to uninstall some unneeded programs, including the Wise Care registry cleaner that you recommended deleting, (hopefully no damage was done to the registry by using that program in the past).  Do you recommend uninstalling programs through the control panel or should I use a program that more thoroughly uninstalls programs, such as Revo Uninstaller?

 

I am surprised that you didn't find any malware on this computer.  When I looked up our IP address on the CBL blacklist again, it now says it detected the ZeroAccess botnet, also known as Sirefef.

 

The fact that it keeps changing what it has detected coming from our IP address makes me wonder.  I don't know how it is detecting these things or what it means.


  • 0

#34
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 260 posts

With the third computer, that hasn't been cleaned yet, totally shut down, CBL detected botnet activity happening again.


  • 0

#35
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Hi my_name,

Sorry for the delay. I reached out to a friend of mine who is an expert network specialist.

Couple things I would like for you to do...

First of all:

Please save Wireless test to your desktop.
  • Right click on Wireless icon and choose Run as administrator
  • Click OK to begin the scan.
  • Click Ok a second time.
  • A command box will open and a text file named reg will appear on your desktop.
  • The command box will flash a few times. That's normal.
  • Once the scan finishes, the text file will open automatically.
Please post the contents in your next reply.
  • 0

#36
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 260 posts

Does it matter which computer I use to do this test?


  • 0

#37
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Do it on all 3. Rename the files reg1, reg2 and reg3 and attach to your post.
  • 0

#38
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 260 posts

Here are the 3 attached logs:

Attached Files

  • Attached File  reg1.txt   25.08KB   51 downloads
  • Attached File  reg2.txt   29.87KB   56 downloads
  • Attached File  reg3.txt   28.61KB   126 downloads

  • 0

#39
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Do the following for all 3 computers.

Please copy/paste the lines in bold below to Notepad:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.
Right-click flush.bat and select "Run as Administrator". Your computer will reboot.
  • 0

#40
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 260 posts

I followed the instructions for all 3 computers.


  • 0

Advertisements


#41
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Hm? How are you connected to your network? Modem/router? Power cycle them. Unplug the device(s) and allow to clear the memory for several minutes then reconnect and check to see if you have the same IP since that is what the problem is.

The expert is on the other side of the world than I\us. He'll have a look at those logs when he awakens and I'll let you know what he says at that time.
  • 0

#42
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 260 posts

I am connected to a router for wifi.  That's the only connection I have.  I did try unplugging the router before I contacted this forum.  It did not reset my ip address back then.  Actually I tried that a few times before contacting this forum.  Are you thinking this could be a network setting issue instead of malware?


  • 0

#43
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 260 posts

I unplugged my router for a few hours overnight and still have the same IP address.  Since this is a home network, I would be the only one with this IP address though, correct?  Since the malware activity seems to be ongoing, originating from this IP, does that mean it has to be from my devices or router?


  • 0

#44
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Hi my_name,

Sorry about the delay. My family see's my house as the go to house for Holidays and I am catering to several family members who live out of town but I stole away for a moment...

Are you thinking this could be a network setting issue instead of malware?

Yes... Your IP address appears to be the problem here.

Since the malware activity seems to be ongoing, originating from this IP, does that mean it has to be from my devices or router?

That's what I am thinking. Routers are devices that allow multiple computers to "share" a single IP address. Reset your router to default settings and see if that fixes the problem and let me know the results.
  • 0

#45
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 260 posts

Thank you, Donna.  I reset my router and updated the firmware.  I was going to clean up some unneeded stuff on the old laptop.  Should I uninstall programs through the control panel or use something like Revo Uninstaller to clean up the extra stuff?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP