Address has been blocked

djackino · #1 October 28th, 2010, 10:50 AM

Starting today, ESET caught several trojan variants while I was on the Internet and cleaned them (according to the log). Since then at random times, a message is coming up about "Address Has been blocked" with the address being some sort of game website trying to place a jpg on my computer.

I did a full scan of my computer and ESET found nothing new. Is this some sort of an attack coming from the game website (like a denial of service attack) and am I going to be stuck seeing these messages pop up from time to time or is there something I can do on my end?

Edit: Sopohs is aware of this issue and is documented at
http://www.sophos.com/security/analy...?_log_from=rss

ESET is blocking the addresses but can't seem to remove the trojan. Any ideas?

vtol · #2 October 28th, 2010, 11:12 AM

sound like the machine is still compromised by something connecting to a malicious website, latter recognized by NOD and thus blocked or the http scanner catching it - that assuming NOD is blocking it and not the Eset firewall (in case you use Smart Security)

try NOD full scan in safe mode and/or Hitman Pro and/or Kaspersky TDSSKiller, perhaps in a reverse order as stated and see whether anything gets traced/cleaned. if your machine is up-to-date you may also run the malicious software removal tool from MS.

and eventually post here a log with what was caught by NOD. if the files in quarantine you may submit them to Eset for analysis

Marcos · #3 October 28th, 2010, 11:20 AM

If running a scan with the Online scanner doesn't reveal anything suspicious, generate a SysInspector log and check it for suspicious files. If you find some, submit them to ESET per the instructions here. If you don't dare to analyze it yourself, you can contact customer care and supply them with the log for perusal.

djackino · #4 October 28th, 2010, 11:29 AM

I have sent the log to ESET. This looks like a new variant seeing the info on Sophos was dated 10/27/2010.

Kaspersky TDSSKiller - did not find any problems
Hitman Pro - found the problems and removed it (required a reboot). As of now I am not getting any more "Address Blocked" messages. Keeping my fingers crossed.

Thanks

Marcos · #5 October 28th, 2010, 12:04 PM

By the way, detection for the variant you referred to on Sophos website was added yesterday. According to the MD5, only PrevX and ESET detected it before other AVs.

djackino · #6 October 28th, 2010, 12:21 PM

I am current with virus defintions, but why did ESET not completely remove the affected files? The trojan was still active and I had defs 5570 on at the time.

Marcos · #7 October 28th, 2010, 12:35 PM

Unfortunately, I have no clue as to what kind of malware is running on your computer. The malware in question might have downloaded other kind of malware that no one knows. A log from SysInspector might shed more light. Also run a full scan with ESET Online scanner as suggested above.

djackino · #8 October 28th, 2010, 12:41 PM

Things are running clean. I have run 2 online scans and all is well. Thanks for the quick response.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search