Weird IP Anomaly While Viewing GSTwins

[TheGoodGuy]

First off if your computer is saying that "outgoing" ports are blocked, its not from GStwin per se unless we have an SQL Injection hack that is infecting end user computers. I am usually checking the db but I'll take the site down this weekend and run a scan manually to verify.


My feeling is you got something on your computer thats running in the background. I would suggest download a copy of Kaspersky Rescue 10, burn the ISO on a bootable CD using a CD burning program or download ( http://www.cdburnerxp.se ) to burn the ISO you downloaded from below.


http://support.kaspersky.com/viruses/rescuedisk


Once you download, and burn. Reboot computer, let it boot into the CD, update the database from the internet, have it scan the machine. My bet is that its on your machine.


TGG.

[Kijona]

First off if your computer is saying that "outgoing" ports are blocked, its not from GStwin per se unless we have an SQL Injection hack that is infecting end user computers. I am usually checking the db but I'll take the site down this weekend and run a scan manually to verify.


My feeling is you got something on your computer thats running in the background. I would suggest download a copy of Kaspersky Rescue 10, burn the ISO on a bootable CD using a CD burning program or download ( http://www.cdburnerxp.se ) to burn the ISO you downloaded from below.


http://support.kaspersky.com/viruses/rescuedisk


Once you download, and burn. Reboot computer, let it boot into the CD, update the database from the internet, have it scan the machine. My bet is that its on your machine.


TGG.

Thanks TGG, I'll DEFINITELY do that.

[bigfatcat]

This has been a helpful thread ... I took advice of addidasguy and thegoodguy, utilized the eset and kaspersky tools - found a couple of 'infections' including a trojan downloader on my machine.

I'd previously suspected infection of some type, have been meaning to re-format but too busy .

The ShieldsUP! site indicated my system was in total stealth mode, their highest accolade i guess...false sense of security... been several years since I last visited their site. Apparently not an accurate indicator of one's system integrity.

Kaspersky is particularly interesting - hey, a free linux install (?) with the namarokuku (sp?) browser.  And the account of the Duqu virus, on their website, is intriquing ...

I've been using Firefox for several years now, and am careful to websurf only with a limited user account.  Seems that malware makers know how to bypass these measures. Then too, I download quite a lot of media. So there's that.

My opinion - "Nuke it from orbit, it's the only way to be sure."  - iow  Re-format. Periodically. Like once a week. I dunno.

(but a re-format doesn't reliably 'clean' the MBR, does it ?)

[mister]

Reformat the HD weekly and then re-install everything from backup - each week? That's



Shield's Up is only an indication of your susceptibility to fly-by probes from hackers looking for any machine to load something on to. Going to a site and downloading something without scanning the something isn't good either.

Michael

[TheGoodGuy]

I dont use Firefox due to issues with constant patches. Chrome is it at.  Makes sure adobe flash and PDF is updated per browser. Chrome is built I. Flash and PDF.

[Kijona]

Update!

I did as TGG suggested and booted to the Kaspersky Recovery utility. I updated the database, then ran the absolute deepest scan possible - with all the bells and whistles selected. Took a little over 45 minutes and scanned over half a million objects. Nothing was found and nothing was removed. 

I guess I'll wait and see if MWB comes up with that blocked IP again.