Jump to content
sajjadccsp

Address has been blocked

Recommended Posts

Hi,

We are facing issue in windows 7, eset smart security software installed, a notification appeared as below and pic attached.

hxxp://newscommer.com/41qilngy38303743/app.exe

Blocked by internal blacklist;

C:\Windows\explorer.exe; domain\username;212.47.229.211;

 

After the notification, the explorer.exe disappeared and all desktop items are also disappeared. then have to go to task manager and again run the command for explorer exe or logoff the system, It continues after every 5 to 10 minutes.

Suggest any solution, Thanks in advance

Explorer.exe problem.jpg

Share this post


Link to post
Share on other sites

To start off, please provide logs gathered by ESET Log Collector.

Share this post


Link to post
Share on other sites

Awaiting detail analysis of your logs by Eset once you submit them, it appears that explorer.exe is not the legit Windows one or malware is injecting malicious code into it.

Explorer.exe is connecting to IP address,212.47.229.211. This IP address is associated with a legit but low reputation ISP, SAS Online, located in Paris, France. Since you are located in Pakistan, I assume that is not the ISP you are using? Appears Eset is interpreting this as botnet activity and terminating the source which in this case is explorer.exe.

To begin with, I would submit C:\Windows\explorer.exe to VirusTotal for a scan and see if a majority of the AV scanners there label it as malware.

Share this post


Link to post
Share on other sites

blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/17/2019 7:05:07 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/17/2019 6:53:21 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/17/2019 2:54:10 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/17/2019 2:53:14 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.5;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/17/2019 2:48:48 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/17/2019 10:51:57 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/17/2019 10:22:17 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/17/2019 10:13:18 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.2;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/17/2019 9:56:51 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.3;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/17/2019 9:13:14 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/16/2019 7:24:03 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/16/2019 6:56:14 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/16/2019 5:56:58 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/16/2019 5:51:18 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/16/2019 11:16:51 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.8;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/16/2019 10:57:01 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 4:51:50 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 4:51:39 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 4:39:20 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 2:08:04 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.17;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 2:05:54 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.16;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 1:52:46 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 1:51:41 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;146.112.61.104;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 12:28:58 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.13;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 12:28:15 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.12;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 10:36:01 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.11;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 10:16:07 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.17;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 9:49:27 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.0;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 9:49:11 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.1;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/15/2019 9:38:52 AM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/14/2019 10:58:44 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/14/2019 9:58:50 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;127.42.0.2;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/14/2019 9:51:37 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/14/2019 5:34:23 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255
1/14/2019 5:02:59 PM;hxxp://newscommer.com/41qilngy38303743/app.exe;Blocked by internal blacklist;C:\Windows\explorer.exe;domain\user;212.47.229.211;5A49D7390EE87519B9D69D3E4AA66CA066CC8255

 

eset logs.jpg

Share this post


Link to post
Share on other sites

Waiting for logs gathered by ESET Log Collector. In your last post you didn't provide any new information.

Share this post


Link to post
Share on other sites

Please do not use the function "Report post" since it's meant to be for reporting inappropriate posts to moderators. You can either drop me a personal message with the logs attached, or post the zip file here (only moderators will have access to it). The ELC logs you've provided are not what is gathered by default; the package contained only ESET logs which is too little for analysis. After running ELC, choose "Threat detection" from the drop-down menu. If the generated archive is too big. upload it to a safe location and provide me with a download link.

Share this post


Link to post
Share on other sites

First of all, please stop using a cracked version of ESET. It could be that you used a crack that had malware enclosed as well. After you purchase a license, remove EEA v6 from the server, install EFSW v7, provide me with fresh ELC logs and then we will continue with investigation.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×