AVAST - media9s.com - Virus - help... [Archive] - Glock Talk

PDA

View Full Version : AVAST - media9s.com - Virus - help...


inthefrey
06-15-2010, 06:42
Okay,

Here's what has done nothing to stop this::steamed:

AVAST
malwarebytes
SpyBot
OldTimer
Norman Malware Cleaner

About to try Emsisoft

Anyone else fighting this ?

AVAST catches it before it can "phone home" but I cannot find out what process is causing it and AVAST (forums) doesn't know either. It hits about every 30-45 minutes no matter if IE is running or not but it's using IE to try and get home with whatever it has collected. AT least Avast is stopping the communications.

Here's what the logs look like:
08.06.2010 03:56:00 Network Shield: blocked access to malicious site 88.80.7.152/cgi/dtiyodt.php?otc=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 856 ) ]
08.06.2010 07:41:52 Network Shield: blocked access to malicious site media9s.com/cgi/ncmm.php?mm=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 212 ) ]
08.06.2010 07:41:52 Network Shield: blocked access to malicious site nopagency.com/cgi/ajj.php?jjj=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 212 ) ]
08.06.2010 07:41:53 Network Shield: blocked access to malicious site 88.80.7.152/cgi/peeuujjz.php?peukz=67340145x044452x<x5x04=2x=1x [ C:\Program Files\Internet Explorer\iexplore.exe ( 212 ) ]
08.06.2010 15:22:22 Network Shield: blocked access to malicious site media9s.com/cgi/zen.php?tiy=67340145x044452x<x5x04=2x=1x


Any help appreciated!

Sgt. Schultz
06-15-2010, 07:07
Okay,

Here's what has done nothing to stop this::steamed:

AVAST
malwarebytes
SpyBot
OldTimer
Norman Malware Cleaner

About to try Emsisoft

Have you run these in safe mode?

inthefrey
06-15-2010, 07:30
Have you run these in safe mode?

Doh! :brickwall:I ran AVAST boot scan but not the others. I will try now.

inthefrey
06-15-2010, 15:19
okay - Ran Malwarebytes in safe mode - found nothing.

Avast is still catching it but not stopping it. Going back to the AVAST forum and see if anyone has found what it is yet.

IndyGunFreak
06-15-2010, 16:19
okay - Ran Malwarebytes in safe mode - found nothing.

Avast is still catching it but not stopping it. Going back to the AVAST forum and see if anyone has found what it is yet.

Did you run Avast in safe mode?

IGF

GIockGuy24
06-15-2010, 16:44
Did you run Avast in safe mode?

IGF

The Avast boot scan is pretty much like safe mode. It scans before any other programs are started.

GIockGuy24
06-15-2010, 16:48
I would try the Avira live CD. It's a pretty big download. Making the CD in Windows is automated. All you need is a blank CD-R. It can even check for updates but usually just downloading the CD the same day you use it will have all of the updates. After making the CD, reboot your PC with the CD.

http://www.free-av.com/en/news/20/avira_presents_a_free_data_recovery_rescue_cd.html

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html

GIockGuy24
06-15-2010, 16:56
It looks like Super Anti Spyware might be able to remove it. It may be called by SAS as "trojan.Dropper/Win-NV".

http://www.superantispyware.com/

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html?part=dl-6281995&subj=dl&tag=button

or portable version

http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE