-
Spybot Background Update Service SDFSSvc.exe causes Antivirus Action
Hello,
today out of the blue my Antivirus (Avast) had to block several attempts from the SDFSSvc.exe Spybot Background Update process to access (apparently) malicious webpages. I'm a bit confused about how this is possible? Could it be a virus/trojan on my computer that masks itself as a different process?
However, after I removed spybot the attempts and warnings stopped?
Here are the related logs from avast:
15.10.2014 21:36:52 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:52 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:52 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:53 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:53 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:54 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:55 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:55 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:55 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:56 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:57 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:57 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:58 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:58 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:59 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:36:59 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:00 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:01 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:01 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:37:02 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:00 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:00 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:02 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:03 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:04 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:05 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:06 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:09 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:35 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:36 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:39 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:40 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
15.10.2014 21:48:43 Network Shield: blocked access to malicious site http://joxidpzd.pornowater.com/snbwg...p?002219D64A44 ([193.105.134.197]:80) [ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ( 9500 ) ]
I would be grateful if anyone could tell me what is going on there?
Last edited by simionov; 2014-10-15 at 22:12.
-
Small Mistake: I actually mean the Spybot Scanner Service which is SDFSSvc.exe not the Update Service
-
Spybot Advisor Team
Hi,there.
There was a similar post about SDFSSvc.exe here:
http://forums.spybot.info/showthread...exe-Gone-Rogue
And possibilities of what might be happening listed here:
http://forums.spybot.info/showthread...l=1#post447427
I'm not sure of the solution,so I'll link you to the Spybot support forms:
http://www.safer-networking.org/support/
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules