Address has been blocked

Discussion in 'ESET NOD32 Antivirus' started by djackino, Oct 28, 2010.

Thread Status:
Not open for further replies.
  1. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    Starting today, ESET caught several trojan variants while I was on the Internet and cleaned them (according to the log). Since then at random times, a message is coming up about "Address Has been blocked" with the address being some sort of game website trying to place a jpg on my computer.

    I did a full scan of my computer and ESET found nothing new. Is this some sort of an attack coming from the game website (like a denial of service attack) and am I going to be stuck seeing these messages pop up from time to time or is there something I can do on my end?

    Edit: Sopohs is aware of this issue and is documented at
    http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentpdu.html?_log_from=rss

    ESET is blocking the addresses but can't seem to remove the trojan. Any ideas?
     
    Last edited: Oct 28, 2010
  2. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    sound like the machine is still compromised by something connecting to a malicious website, latter recognized by NOD and thus blocked or the http scanner catching it - that assuming NOD is blocking it and not the Eset firewall (in case you use Smart Security)

    try NOD full scan in safe mode and/or Hitman Pro and/or Kaspersky TDSSKiller, perhaps in a reverse order as stated and see whether anything gets traced/cleaned. if your machine is up-to-date you may also run the malicious software removal tool from MS.

    and eventually post here a log with what was caught by NOD. if the files in quarantine you may submit them to Eset for analysis
     
    Last edited: Oct 28, 2010
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    If running a scan with the Online scanner doesn't reveal anything suspicious, generate a SysInspector log and check it for suspicious files. If you find some, submit them to ESET per the instructions here. If you don't dare to analyze it yourself, you can contact customer care and supply them with the log for perusal.
     
  4. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    I have sent the log to ESET. This looks like a new variant seeing the info on Sophos was dated 10/27/2010.

    Kaspersky TDSSKiller - did not find any problems
    Hitman Pro - found the problems and removed it (required a reboot). As of now I am not getting any more "Address Blocked" messages. Keeping my fingers crossed.

    Thanks
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    By the way, detection for the variant you referred to on Sophos website was added yesterday. According to the MD5, only PrevX and ESET detected it before other AVs.
     
  6. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    I am current with virus defintions, but why did ESET not completely remove the affected files? The trojan was still active and I had defs 5570 on at the time.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Unfortunately, I have no clue as to what kind of malware is running on your computer. The malware in question might have downloaded other kind of malware that no one knows. A log from SysInspector might shed more light. Also run a full scan with ESET Online scanner as suggested above.
     
  8. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    Things are running clean. I have run 2 online scans and all is well. Thanks for the quick response.
     
Thread Status:
Not open for further replies.