If you want to see what it is doing d/l - http://technet.microsoft.com/en-us/s...rnals/bb897437 tcpview will tell you what process is being envoked and by what IP address.


Yes sir, it is from Czech... Definetly bad. These guys get paid for email working email addresses, bank info, SSN, etc.. its a business to them. Some do it to gain notoriety in the space and that is how they prove themselves to join an organized crime unit of h4ckz0rz. (like being jumped into a gang)



Trying RIPE lookup...
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '31.31.73.0 - 31.31.73.255'

inetnum: 31.31.73.0 - 31.31.73.255
netname: WEDOS-HOSTING
descr: WEDOS hosting services
country: CZ
admin-c: PS10635-RIPE
tech-c: PS10635-RIPE
status: ASSIGNED PA
mnt-by: WEDOS-MNT
mnt-lower: WEDOS-MNT
mnt-routes: WEDOS-MNT
remarks: INFRA-AW
source: RIPE # Filtered

person: Petr Stastny
address: WEDOS Internet, a.s.
address: Masarykova 1230
address: Hluboka nad Vltavou
address: 37341
phone: +420 380999775
abuse-mailbox: abuse@wedos.com
nic-hdl: PS10635-RIPE
mnt-by: WEDOS-MNT
source: RIPE # Filtered

% Information related to '31.31.72.0/21AS197019'

route: 31.31.72.0/21
descr: WEDOS Internet, a.s.
origin: AS197019
mnt-by: WEDOS-MNT
source: RIPE # Filtered

I'm on my phone now. I had started a full scan in malwarebytes before i saw this.
I'm working on the scan from safemode.

This is taking a while. I still don't understand why it only happens here, though. Pretty retarded to see what my log in for here is.

Are you using ABP and no-script in ff?

Here is what I wound up with.

Malwarebytes' Anti-Malware 1.51.2.1300


Database version: 8146

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

11/18/2011 10:55:39 AM
mbam-log-2011-11-18 (10-55-39).txt

Scan type: Full scan (C:\|Z:\|)
Objects scanned: 165110
Time elapsed: 18 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

I also didn't get the notice that malwarebytes blocked anything upon opening DFWM this time. I am still in safemodew/ networking, though. We'll see what happens when I reboot.

Can someone submit that ip to virustotal.com to be scanned?

I'm not getting the notice anymore.

Why did my scan have Internet explorer listed as my browser? I use firefox.

I looked through my malwarebytes logs and on 11-16-11 I got these two IP addresses. 31.31.75.215 & 31.31.75.216 hit me 9 times.

Then on 11-17-11 I got 31.31.75.215 again for 5 hits.

Today I got hit with the one above 16 times.

All were blocked.

I'm gonna say it's a false positive.

So, what does it all meeeaaaaaannn Basil?

Since you're a paid MBAM user, submit a request to them w/a link to this thread. Are there any funky symptoms w/your puter aside from what's been stated?

No. It's a really old laptop that I use here at work. The processor would overheat when I gave it too much to do, so I used the thermal compound that I regularly use for trolling motors and have never had a heat issue since. However, it's still too weak to handle a whole lot. I keep my programs on the thin side. It will lock up if I've got too many websites open that have streaming information, but that has been normal.

Sent the request. Hopefully it's not something too terribly bad.

Maybe it's just Stanleytweedle fishing for some new identity.

Is the ram maxed out? Specs of said turd?

Presario 2100
Mobile Intel Celeron 1.6 GHz
1.59 GHz, 704MB RAM