PDA

View Full Version : Help, Something is calling home.



rubinontheroad
2016-08-12, 22:44
Hi, first post, Malwarebytes Pro has just started "stopping" an item from sending something outbound. (XMl.clk1013.com) I did complete scans and also scanned the folder MB told me that the item lived in. Scans found no threats. I will enclose the MBs log from today for further help. The item originated in the Mozilla Firefox folder at C/Program Files (86)/Mozilla Firefox /Mozilla firefox exe. and the MB warning, shows up whenever FF starts. I looked there and also found nothing but I don't know anything. Google found the item "xml.clk1013.com" and it looks like malware/adware. Something call "UnHackMe" was recommended and it did nothing except confuse me and cause me to uninstall/reinstall FF. it also said that programs I've had and used for years were dangerous. I use a new up to date PC with Win 10 pro and FF as my browser of choice, AV is Win Defender and Malwarebytes Pro and Anti Exploit. I would appreciate any help anyone on this forum can give. Thank you, S Rubin

Here is a Google directed site that came up for xml.clk1013.exe

http://greatis.com/blog/search-redirecting-11/remove-xml-clk1013-com-2.htm



see below for today's MB log:

Malwarebytes Anti-Malware
www.malwarebytes.org (http://www.malwarebytes.org)


Protection, 8/12/2016 5:23 AM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malware Protection, Starting,
Protection, 8/12/2016 5:23 AM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malware Protection, Started,
Protection, 8/12/2016 5:23 AM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, Starting,
Protection, 8/12/2016 5:23 AM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, Started,
Update, 8/12/2016 5:33 AM, SYSTEM, DESKTOP-2DCTIB3, Manual, Domain Database, 2016.8.11.2, 2016.8.11.11,
Update, 8/12/2016 5:33 AM, SYSTEM, DESKTOP-2DCTIB3, Manual, Malware Database, 2016.8.11.9, 2016.8.12.4,
Protection, 8/12/2016 5:33 AM, SYSTEM, DESKTOP-2DCTIB3, Protection, Refresh, Starting,
Protection, 8/12/2016 5:33 AM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, Stopping,
Protection, 8/12/2016 5:33 AM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, Stopped,
Protection, 8/12/2016 5:33 AM, SYSTEM, DESKTOP-2DCTIB3, Protection, Refresh, Success,
Protection, 8/12/2016 5:33 AM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, Starting,
Protection, 8/12/2016 5:33 AM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, Started,
Protection, 8/12/2016 1:09 PM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malware Protection, Starting,
Protection, 8/12/2016 1:09 PM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malware Protection, Started,
Protection, 8/12/2016 1:09 PM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, Starting,
Protection, 8/12/2016 1:09 PM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, Started,
Detection, 8/12/2016 1:10 PM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, IP, 174.137.155.139, xml.clk1013.com, 50126, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 8/12/2016 1:10 PM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, IP, 174.137.155.139, xml.clk1013.com, 50126, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 8/12/2016 1:10 PM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, IP, 174.137.155.139, xml.clk1013.com, 50130, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 8/12/2016 1:17 PM, SYSTEM, DESKTOP-2DCTIB3, Protection, Malicious Website Protection, IP, 174.137.155.139, xml.clk1013.com, 50434, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Scan, 8/12/2016 1:42 PM, SYSTEM, DESKTOP-2DCTIB3, Context, Start:8/12/2016 1:42 PM, Duration:0 min 11 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Scan, 8/12/2016 1:43 PM, SYSTEM, DESKTOP-2DCTIB3, Context, Start:8/12/2016 1:43 PM, Duration:0 min 9 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

tashi
2016-08-13, 08:26
Hello rubinontheroad,

To request assistance in the malware removal forum please see the FAQ which includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Once you provide the logs in this topic I will remove my post and merge yours, unless a helper responds beforehand. :)

Best regards.

rubinontheroad
2016-08-13, 14:35
Hello rubinontheroad,

To request assistance in the malware removal forum please see the FAQ which includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Once you provide the logs in this topic I will remove my post and merge yours, unless a helper responds beforehand. :)

Best regards.

Team Spybot, The first response came from Major Geeks and at present I am following a list of actions and sending the logs back to that (those) guy (s). They asked and I agree, it would not be fair to you or another forum's group of helpers, to not bother you and or duplicate any of the action that I'm working on now. Again thank you and will close this thread until further notice. If problems persist I will again contact you all and ask for your help. Thanks again, S Rubin

tashi
2016-08-13, 22:39
Hello rubinontheroad,

From our FAQ:




Posters who start topics at multiple sites for their PC problem waste valuable volunteer resources as our analysts assist people at several forums. Worse scenario would be to run fixes given at one site unbeknown to the person helping the same user elsewhere. If you have already requested help at another site choose where you wish to continue and advise all parties.



Thank you for informing us. :) Topic archived.