simionov
2014-10-15, 22:09
Hello,
today out of the blue my Antivirus (Avast) had to block several attempts from the SDFSSvc.exe Spybot Background Update process to access (apparently) malicious webpages. I'm a bit confused about how this is possible? Could it be a virus/trojan on my computer that masks itself as a different process?
However, after I removed spybot the attempts and warnings stopped?
Here are the related logs from avast:
15.10.2014 21:36:52 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:52 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:52 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:53 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:53 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:54 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:55 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:55 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:55 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:56 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:57 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:57 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:58 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:58 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:59 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:59 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:00 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:01 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:01 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:02 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:00 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:00 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:02 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:03 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:04 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:05 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:06 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:09 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:35 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:36 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:39 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:40 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:43 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
I would be grateful if anyone could tell me what is going on there?
today out of the blue my Antivirus (Avast) had to block several attempts from the SDFSSvc.exe Spybot Background Update process to access (apparently) malicious webpages. I'm a bit confused about how this is possible? Could it be a virus/trojan on my computer that masks itself as a different process?
However, after I removed spybot the attempts and warnings stopped?
Here are the related logs from avast:
15.10.2014 21:36:52 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:52 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:52 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:53 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:53 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:54 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:55 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:55 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:55 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:56 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:57 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:57 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:58 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:58 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:59 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:59 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:00 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:01 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:01 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:02 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:00 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:00 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:02 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:03 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:04 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:05 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:06 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:09 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:35 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:36 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:39 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:40 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:43 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwgzpw.php?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
I would be grateful if anyone could tell me what is going on there?