07-06-2012 11:45 AM - edited 07-06-2012 11:47 AM
Hello Norton community,
I am using Norton Security Suite 2012. I have been getting a lot of intrusion attempts (every ten minutes; sometimes every hour). Here are all of the details.
Activity: An intrustion attempt by api.ipinfodb.com was blocked.
Recommended Action: No action required
IPS Alert Name: System Infected: Worm W32.VBNA.b Activity
Attacking Computer: api.ipinfodb.com (18.104.22.168, 80)
Can anyone please advise how I can fix this?
This is the text when I copy this alert to the clipboard:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-07-06 13:33:17,High,An intrusion attempt by api.ipinfodb.com was blocked.,Blocked,No Action Required,System Infected: Worm W32.VBNA.b Activity,No Action Required,No Action Required,"api.ipinfodb.com (22.214.171.124, 80)",api.ipinfodb.com/v2/ip_query_country.php?key=
Network traffic from <b>api.ipinfodb.com/v2/ip_query_country.php?key=e4
07-06-2012 05:29 PM
ANY other user other than the thread starter is not to use any instructions, scripts or proceedures, The work though in cleaning a system is individual and only for that system due to a number of factors.
Please do not run any tools unless instructed to do so.
4. Cleanup (including system as a whole)
Please read every post completely before doing anything.
Please read carefully
1. Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT / Yes
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back, Don't have the program fix anything.
07-06-2012 08:37 PM
Thank you for replying.
I have attached the aswMBR.txt file.
Just a question, I noticed that the MBR.dat file was also created. Since you have not told me anything about this file, I assume I should just leave it alone?
07-06-2012 09:05 PM
Download OTL http://www.bleepingcomputer.com/download/otl/
Disable Norton for say 30 minutes
Click the Scan All Users checkbox.
Change file age to 90 days
An OTL.txt and extras.txt will be created.
07-06-2012 09:20 PM - edited 07-06-2012 09:29 PM
The scan finished. Here are the .txt files.
Please, sir. I do not know what to do after running the scan. There does not appear to be any notifications regarding the results of the scan, but this is probably in the two .txt files that have been generated. Please, I need your help to work through this.
07-06-2012 09:42 PM
Ok, a user that uses VM and sandboxie with files like test, a handful of programs for security torrenting, toolbars that are iffy, and it looks like Malware leftovers.
You should know how to remove the malware yourself.
07-06-2012 10:08 PM - edited 07-06-2012 10:12 PM
Sir, I downloaded sandboxie TODAY and I have not used it because I didn't know how to get it to work. Please, I'm begging you, tell me how to remove the malware. How would I know the source? Just remove all of these toolbars? I really need your help. All I ask is for a little of your time.
I will be honest with you. I do NOT know how to remove the malware.
07-06-2012 10:24 PM
I will let you keep installing programs and using them including VM, I can see some of the malware objects and what appears that you also had or have as well as the programs.
"How would I know the source" that is what the programs are for and the use other the likes of VM, but I don't use VM like software.
Good luck with all the programs, items VM, Sandboxie and the Malware.