Anybody else keep having an IP blocked by their A/V software while browsing the GSTwins.com forum? It happens once in a while but only while I'm looking at or on GSTwins.com.
I looked up the IP and it said it was in the UK somewhere. :dunno_black:
You might have a hijack trojan in your computer.
Run a serious virus/trojan/malware check.
I know someone on GStwins has viruses. Ever since I have been selling to gsTWin people, my paypal email address gets 5 to 15 spams a day. Never happened when I used that email only for paypal on ebay.
People really need to PAY the small fee to keep their virus stuff up to date.
Fortunately, I have Appriver spam filter that all my email goes through and it traps (nearly) all spam and all viruses.
I used ESET's online scanner and it found 5 things...something to do with an exploit of the Java Console. Funny how Malwarebytes, the paid version no less, did not catch it.
I know you're a software guy Adidas...any suggestions on a better A/V software? Currently I just installed Microsoft Security Essentials since it's free.
Eset's NOD32
www.eset.com
Not just AV software. How's your firewall doing?
Ok. Visit "Shields Up" https://www.grc.com/x/ne.dll?bh0bkyd2 and run their test. Your goal is to be impenetrable.
AV. Try Avast or AVG.
Firewall, take at look at Netveda's SafetyNet http://www.netveda.com/consumer/safetynet.htm
Remember, any AV software is only good if it is kept up to date.
Michael
"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."
"Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion."
"Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet."
My guess is there's a virus on this site. The only sites I visit are trusted ones (Google, Gmail, YouTube, GSTwins, E-Bay, Craigslist). Rarely do I stray from the norm.
I have MWB set to remind me every day to update it. I used to use McAfee since it was provided by my ISP. They have since switched to Norton and Norton just plain sucks.
It's a sad day when a Windows 7 64 machine, with a quad-core 3.8Ghz processor, a solid state boot drive, and 6GB of RAM, takes 3 minutes to boot because of anti-virus software slowing it down. This was only a few days after I installed Windows, too. So, it was basically a virgin computer with nothing on it but Firefox, audio/video drivers, and Norton. As soon as I uninstalled Norton, my computer went back to booting up within 30 seconds (that's 30 seconds from the push of the power button to browsing the internet).
Forget Norton.
Edit: I guess I'll be using ESET now. It seems like it's pretty good.
Just got the message again from a different IP address. Outgoing blocked.
I must stress that this is only happening while browsing GSTwins.com and no other site. Seems to me like maybe it's possible there's a virus on the site or something malicious is going on.
I manage a farm of about 75 computers. I have seen it all. I am not seeing anything that would indicate this site is doing anything to cause your issue. This is my suggestion/SOP when one of our user computers get hit:
Download and install malware bytes. When you first install it will ask you of you want to activate the 30 day trial -say no. Just select the basic free version. Get it here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
Next download and run tdsskiller. This will clean any rootkits that you may have picked up. Get it here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button *download link at the bottom of the page
As far as AV goes. I hate Norton. I think it is the absolute worst. I am not enamored with much out there but AVG free version would be my suggestion. http://free.avg.com/us-en/homepage
Firewalls: I personally dislike firewalls. In my business workstation firewalls cause more problems than they solve. But if you like firewalls this one is pretty nice as a free version: http://www.sphinx-soft.com/Vista/order.html
ps. I am running a software firewall on one of my machines. Nothing outbound when I browse this site. No AV alerts. No nothing.
Quote from: john on February 01, 2012, 09:43:34 AM
As far as AV goes. I hate Norton. I think it is the absolute worst. I am not enamored with much out there but AVG free version would be my suggestion. http://free.avg.com/us-en/homepage
I use avg free on my win7 machine and I never have any issues
Granted I also do most of my web browsing on my MacBook
I have run an in-depth scan with MWB (I already had it on my system, it's what's been alerting me to an outgoing IP blocked). I have also run a full system scan with ESET NOD32 as well as Windows Security Essentials.
TDSSKILLER came up all negative for any signs of rootkits or other malware - I even selected the extra options for the scan.
So, considering 3 different scans, on top of the TDSSKILLER, all came up negative...what should I do now? I've also run them in Safe Mode with the same result. Any ideas? I mean, if I've got shizz on my computer, I want to get it off. I really don't think I do though, considering all the scans come up clear...
Microsoft security essentials + malwarebytes + tdsskiller
Quote from: xunedeinx on February 01, 2012, 03:41:37 PM
Microsoft security essentials + malwarebytes + tdsskiller
What are you implying?
What web browser are you using? Does it list the actual IP address? If it does list the actual IP address, share it. I can take a look and see what all I have going on my machine with GSTwins open and compare. Do you know how to check your active connections in Windows using Netstat? That will be more reliable than any 3rd party software will be.
If you don't want to post the IP, you can PM it to me. I've never had my AV complain about stuff while visiting this site though.
Quote from: sveach on February 01, 2012, 07:12:08 PM
What web browser are you using? Does it list the actual IP address? (your AV software, not the browser) If it does list the actual IP address, share it. I can take a look and see what all I have going on my machine with GSTwins open and compare. Do you know how to check your active connections in Windows using Netstat? That will be more reliable than any 3rd party software will be.
If you don't want to post the IP, you can PM it to me. I've never had my AV complain about stuff while visiting this site though.
Multiple IPs, it's usually not the same one twice now. They're all erroneous.
I guess I might've been wrong: I got a notice while browsing malwarebytes' website...although I had GSTwins open in the background.
Edit: Sorry, I'm running Firefox. I posted something on Malwarebytes' site about it, hopefully they can help. It specifically says it blocked an outgoing IP address from "process: firefox.exe". We'll see what they say.
Quote from: Kijona on February 01, 2012, 07:49:13 PM
Multiple IPs, it's usually not the same one twice now. They're all erroneous.
I guess I might've been wrong: I got a notice while browsing malwarebytes' website...although I had GSTwins open in the background.
Edit: Sorry, I'm running Firefox. I posted something on Malwarebytes' site about it, hopefully they can help. It specifically says it blocked an outgoing IP address from "process: firefox.exe". We'll see what they say.
Just out of curiosity, do they have the same first couple octets (groups of numbers, 210.10.3.4 and 210.10.3.24 share the same first 3 octets) , or are they all different?
How do you know it routes to the UK?
Quote from: sveach on February 01, 2012, 07:57:37 PM
Quote from: Kijona on February 01, 2012, 07:49:13 PM
Multiple IPs, it's usually not the same one twice now. They're all erroneous.
I guess I might've been wrong: I got a notice while browsing malwarebytes' website...although I had GSTwins open in the background.
Edit: Sorry, I'm running Firefox. I posted something on Malwarebytes' site about it, hopefully they can help. It specifically says it blocked an outgoing IP address from "process: firefox.exe". We'll see what they say.
Just out of curiosity, do they have the same first couple octets (groups of numbers, 210.10.3.4 and 210.10.3.24 share the same first 3 octets) , or are they all different?
How do you know it routes to the UK?
Nope, nor does it share the same ports. I just googled the IP address and it came up with a UK address. :dunno_black: They're all over the place now. Some are local. I don't know what the HELL this is but it's pissing me off.
Very odd. Random ports or the same few? High or low range ports? Low range is under 1024, high is anything above it.
Quote from: sveach on February 01, 2012, 08:10:14 PM
Very odd. Random ports or the same few? High or low range ports? Low range is under 1024, high is anything above it.
Seems random. High ports, in the 5k range. Never seems to be the same one twice.
First off if your computer is saying that "outgoing" ports are blocked, its not from GStwin per se unless we have an SQL Injection hack that is infecting end user computers. I am usually checking the db but I'll take the site down this weekend and run a scan manually to verify.
My feeling is you got something on your computer thats running in the background. I would suggest download a copy of Kaspersky Rescue 10, burn the ISO on a bootable CD using a CD burning program or download ( http://www.cdburnerxp.se ) to burn the ISO you downloaded from below.
http://support.kaspersky.com/viruses/rescuedisk (http://support.kaspersky.com/viruses/rescuedisk)
Once you download, and burn. Reboot computer, let it boot into the CD, update the database from the internet, have it scan the machine. My bet is that its on your machine.
TGG.
Quote from: TheGoodGuy on February 02, 2012, 12:11:04 PM
First off if your computer is saying that "outgoing" ports are blocked, its not from GStwin per se unless we have an SQL Injection hack that is infecting end user computers. I am usually checking the db but I'll take the site down this weekend and run a scan manually to verify.
My feeling is you got something on your computer thats running in the background. I would suggest download a copy of Kaspersky Rescue 10, burn the ISO on a bootable CD using a CD burning program or download ( http://www.cdburnerxp.se ) to burn the ISO you downloaded from below.
http://support.kaspersky.com/viruses/rescuedisk (http://support.kaspersky.com/viruses/rescuedisk)
Once you download, and burn. Reboot computer, let it boot into the CD, update the database from the internet, have it scan the machine. My bet is that its on your machine.
TGG.
Thanks TGG, I'll DEFINITELY do that.
This has been a helpful thread ... I took advice of addidasguy and thegoodguy, utilized the eset and kaspersky tools - found a couple of 'infections' including a trojan downloader on my machine.
I'd previously suspected infection of some type, have been meaning to re-format but too busy .
The ShieldsUP! site indicated my system was in total stealth mode, their highest accolade i guess...false sense of security... been several years since I last visited their site. Apparently not an accurate indicator of one's system integrity.
Kaspersky is particularly interesting - hey, a free linux install (?) with the namarokuku (sp?) browser. And the account of the Duqu virus, on their website, is intriquing ...
I've been using Firefox for several years now, and am careful to websurf only with a limited user account. Seems that malware makers know how to bypass these measures. Then too, I download quite a lot of media. So there's that.
My opinion - "Nuke it from orbit, it's the only way to be sure." - iow Re-format. Periodically. Like once a week. I dunno.
(but a re-format doesn't reliably 'clean' the MBR, does it ?)
Reformat the HD weekly and then re-install everything from backup - each week? That's
(http://t1.gstatic.com/images?q=tbn:ANd9GcQv0l7D_kwN4MKvtJJdezr-O3bqtwb7OP5vpvLYtUjgpcNAZwcS)
Shield's Up is only an indication of your susceptibility to fly-by probes from hackers looking for any machine to load something on to. Going to a site and downloading something without scanning the something isn't good either.
Michael
I dont use Firefox due to issues with constant patches. Chrome is it at. Makes sure adobe flash and PDF is updated per browser. Chrome is built I. Flash and PDF.
Update!
I did as TGG suggested and booted to the Kaspersky Recovery utility. I updated the database, then ran the absolute deepest scan possible - with all the bells and whistles selected. Took a little over 45 minutes and scanned over half a million objects. Nothing was found and nothing was removed. :dunno_black:
I guess I'll wait and see if MWB comes up with that blocked IP again.