sajjadccsp 0 Posted January 28, 2019 Share Posted January 28, 2019 Hi, We are facing issue in windows 7, eset smart security software installed, a notification appeared as below and pic attached. hxxp://newscommer.com/41qilngy38303743/app.exe Blocked by internal blacklist; C:\Windows\explorer.exe; domain\username;212.47.229.211; After the notification, the explorer.exe disappeared and all desktop items are also disappeared. then have to go to task manager and again run the command for explorer exe or logoff the system, It continues after every 5 to 10 minutes. Suggest any solution, Thanks in advance Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted January 28, 2019 Administrators Share Posted January 28, 2019 To start off, please provide logs gathered by ESET Log Collector. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 28, 2019 Share Posted January 28, 2019 Awaiting detail analysis of your logs by Eset once you submit them, it appears that explorer.exe is not the legit Windows one or malware is injecting malicious code into it. Explorer.exe is connecting to IP address,212.47.229.211. This IP address is associated with a legit but low reputation ISP, SAS Online, located in Paris, France. Since you are located in Pakistan, I assume that is not the ISP you are using? Appears Eset is interpreting this as botnet activity and terminating the source which in this case is explorer.exe. To begin with, I would submit C:\Windows\explorer.exe to VirusTotal for a scan and see if a majority of the AV scanners there label it as malware. Link to comment Share on other sites More sharing options...
sajjadccsp 0 Posted January 28, 2019 Author Share Posted January 28, 2019 blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/17/2019 7:05:07 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/17/2019 6:53:21 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/17/2019 2:54:10 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/17/2019 2:53:14 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.5;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/17/2019 2:48:48 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/17/2019 10:51:57 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/17/2019 10:22:17 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/17/2019 10:13:18 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.2;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/17/2019 9:56:51 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.3;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/17/2019 9:13:14 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/16/2019 7:24:03 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/16/2019 6:56:14 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/16/2019 5:56:58 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/16/2019 5:51:18 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/16/2019 11:16:51 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.8;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/16/2019 10:57:01 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 4:51:50 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 4:51:39 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 4:39:20 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 2:08:04 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.17;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 2:05:54 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.16;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 1:52:46 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 1:51:41 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 12:28:58 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.13;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 12:28:15 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.12;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 10:36:01 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.11;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 10:16:07 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.17;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 9:49:27 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.0;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 9:49:11 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.1;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/15/2019 9:38:52 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/14/2019 10:58:44 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/14/2019 9:58:50 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.2;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/14/2019 9:51:37 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/14/2019 5:34:23 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 1/14/2019 5:02:59 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted January 28, 2019 Administrators Share Posted January 28, 2019 Waiting for logs gathered by ESET Log Collector. In your last post you didn't provide any new information. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted January 28, 2019 Administrators Share Posted January 28, 2019 Please do not use the function "Report post" since it's meant to be for reporting inappropriate posts to moderators. You can either drop me a personal message with the logs attached, or post the zip file here (only moderators will have access to it). The ELC logs you've provided are not what is gathered by default; the package contained only ESET logs which is too little for analysis. After running ELC, choose "Threat detection" from the drop-down menu. If the generated archive is too big. upload it to a safe location and provide me with a download link. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted January 28, 2019 Administrators Share Posted January 28, 2019 First of all, please stop using a cracked version of ESET. It could be that you used a crack that had malware enclosed as well. After you purchase a license, remove EEA v6 from the server, install EFSW v7, provide me with fresh ELC logs and then we will continue with investigation. notimportant 1 Link to comment Share on other sites More sharing options...
Recommended Posts