I am a member of a PTP site (won't mention the name) and some time the day before yesterday my IP got hi-jacked and has been bombarding this site with traffic as a result both Google and this site have blocked me.

I tried a few thing and then got in contact with the owner of the site who recommended using Spybot to rectify the situation and I have downloaded Spybot but to no affect I am still blocked. Not sure where to put this post, can someone please help me - I am a mod there and they need me, HELP!

I am not all that computer savvy so please go gently with me... softly, softly does it!

Thank you :)

Hello WickedE.

I am a member of a PTP site (won't mention the name)
What is a PTP site please?

and some time the day before yesterday my IP got hi-jacked and has been bombarding this site with traffic as a result both Google and this site have blocked me.

Goggle banned your IP? :spider:

Is this a personal computer?

Also what is the operating system and which security programs are installed. :)

Best regards.

Hi there Tashi, so sorry a PTP (paid to post) site.

Yes it is my personal computer (in fact I have two and what they call in the UK a dongle - which is a usb stick from a provider that allows me to gain internet connection wherever I happen to be).

The computer I am using is about two years old now (I think) or just over a year and is a Toshiba.. it crashed completely - the hard drive became destroyed (please don't ask me the ins and outs as I have no idea, all I know is that a friend of mine who is computer savvy had to reinstall everything and in the end I think he used his wife's hard drive from one of their own computers)...

I also bought a Netbook (Assus Eeec Seashell) last November and I use the same 'dongle' with that as this machine. That still has all the original hardware and software on it...

I started to investigate why I couldn't get on to the particular site (have no problems with any other site)... and this is the message I got from Google....

Our systems have detected unusual traffic from your computer network. Please try your request again later. Why did this happen?
This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service. The block will expire shortly after those requests stop.

This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests. If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible. Learn more

Sometimes you may see this page if you are using advanced terms that robots are known to use, or sending requests very quickly.

IP address:
Time: 2011-06-18T22:59:35Z
URL: http://webcache.googleusercontent.com/search?q=cache:http://morachat.com/forum/

Now I am not computer savvy so me being a robot is totally hilarious.

Sorry for the long response and nice to talk to you, by the way!

Gosh, forgot the last bit of your question, both computers are on Windows I think this was orginally Windows Vista but that changed to Windows, not sure exactly what version, not brand new.

The Netbook is the newest version of Windows (7)... if you wish to carry on with this investigation using that machine as I am using the original soft and hardware then I am happy to close this down and open up and use that one... whatever is easier for you.

Tashi,

I know you are off line right now but thought to let you know that when I did a check with Spybot I got two cookies that came up red...

(1) Double Click: Tracking cookie (Chrome:Chrome).doubleclick.net/ (id)

(2) Right Media: Tracking cookie (Internet Explorer: Lana) Cookie:Lana@ad.yieldmanager.com/ ()

I don't think either of these two are the problem but thought you should be aware that these are the only two items that came up in red.

Right now it is 11.04am in the Dominican Republic (where I am posting from and will have to leave around 12.30pm-1pm to go out for lunch with the family... just in case you answer and don't get one back from me, not due to rudeness...

Hello WickedE,

The IP address you gave is mentioned in The Project Honey Pot.


Honey Pot System commented...
WHITELIST NOTICE: This IP has been REMOVED from Project Honey Pot whitelists; bad activity was encountered.
August 17 2010
Honey Pot System commented...
WHITELIST NOTICE: This IP has been whitelisted. Future bad activity will result in automatic removal.
August 15 2010
Honey Pot System commented...
WHITELIST NOTICE: This IP has been marked to be included on Project Honey Pot whitelists. The whitelist is scheduled with a delay of 00:00:05. Documented reason for whitelist: Other
August 15 2010

Someone can take a look at the machine in the malware removal forum but first,


which security programs are installed.


For instance do you have an anti virus installed. :)

Best regards.

AVG on the Toshiba laptop and embarassingly enough just windows defender and firewall on the Asus - I thought I had downloaded AVG on the Asus but I can't see it...

Hello WickedE,

AVG on the Toshiba laptop and embarassingly enough just windows defender and firewall on the Asus - I thought I had downloaded AVG on the Asus but I can't see it...
Likely the Windows Defender is actually Microsoft Security Essentials. Does this clarify: http://answers.microsoft.com/en-us/protect/forum/protect_start/windows-defender-and-microsoft-security-essentials/5309cb8d-02e1-40e8-974f-0dcedb9ab9fd

MSE is a good product which includes an AV so you wouldn't want to install another anti virus program on that machine.

Rule of thumb is one firewall/one anti virus program resident to avoid conflicts, loss of program efficiency and system lock up due to both software products attempting to access the same file at the same time.


both computers are on Windows I think this was orginally Windows Vista but that changed to Windows, not sure exactly what version, not brand new.

Please take a look and see which operating system you have installed on that computer. http://windows.microsoft.com/en-US/windows7/help/which-version-of-the-windows-operating-system-am-i-running

Best regards.

Yes, that clarifies for the Asus.. I checked to see what has been updated automatically on the Asus and this is what I have got, the successful are:

Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Windows 7 (KB2536275)
Security Update for Windows 7 (KB2503665)
Security Update for Windows 7 (KB2476490)
Update for Microsoft Office 2007 System (KB2539530)

These failed:
Security Update for Windows 7 (KB2535512)
Installation date: ‎15/‎06/‎2011 5:47 PM
Installation status: Failed
Error details: Code 800F0902
Update type: Important
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft.com/fwlink/?LinkId=215838

Security Update for Windows 7 (KB2544893)
Installation date: ‎15/‎06/‎2011 5:47 PM
Installation status: Failed
Error details: Code 800F0902
Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

Update for Windows 7 (KB2488113)
Installation date: ‎15/‎06/‎2011 5:47 PM
Installation status: Failed
Error details: Code 800F0902
Update type: Recommended

This is a reliability update. This update resolves some performance and reliability issues in Windows. By applying this update, you can achieve better performance and responsiveness in various scenarios. For more information please see the Knowledge Base article. After you install this item, you may have to restart your computer.

More information:
http://support.microsoft.com/kb/2488113

Does this help?
I am now turning on the Toshiba to see what version of windows it is.... be right back

The Toshiba laptop is using Windows Vista...

By the way my Bank insists that I have downloaded Trusteer so some pages have this and some don't. And I have just remembered that I was trying to protect MoraChat with this programme and not long afterwards, same day at least that this hi-jack occurred.

Hi WickedE,

Please start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise when available.

First see that forum's FAQ which also includes instructions in post #2 on how to provide a preliminary DDS log, which is used for analysis.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

That topic should contain the preliminary logs from one computer only, along with a short description of the issue.

Helpers look for topics with a zero response so you should not add additional posts until requested. :)

Therefore provide a link to this thread so that they are aware of the bigger picture.

Cheers.

Thanks Tashi,
I must admit that I already went to that part of the forum and took one look at all that DDS stuff and flew over here as it was already going over my head...

But I will try my best and will most certainly add a link to this one as I don't wish to go through all this again...
Thanks again for your help :bigthumb:

http://forums.spybot.info/showthread.php?t=63133