Not what you were looking for? Ask our experts!
Reply
Newbie
datagod2003
Posts: 1
Registered: ‎04-21-2009

How do i remove an HTTP Malicious Toolkit Variant?

Occasionally upon startup of IE my NIS2009 reports an attempt by my machine, to contact:

 

           jl.chura.pl/rc/

    IP:  218.93.205.30

 

was blocked because the network traffic matches the signature of a known attack.

This is obviously some code that has been injected into my instance of IE, but full system scans and scans of the specific folder do not identify any threats. How could I remove this problem?

 

 

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: How do i remove an HTTP Malicious Toolkit Variant?

Can you provide details on your equipment?  XP or Vista, service packs, any other antimalware on your system?  What have you done so far to attempt removal.  Also check version of Norton in Help & Support>about to make sure it is the latest version.

 

You could download the free version of Hijackthis, update it and run with log.  Post a copy of the log on this site for our more expert analysts to have a look.  That will give us a better idea where to begin.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Bot Obliterator
Quads
Posts: 16,541
Registered: ‎07-21-2008

Re: How do i remove an HTTP Malicious Toolkit Variant?

Hi

 

The Site  "jl.chura.pl" is a known site that once you are infected with the likes of a trojan or Rootkit, once infected, the site is inserted into your "Hosts" file.

 

Then  it attemps or succeeds in sending personal infomation from your PC and also possibly downloading more Malware to your PC.

 

 

Download, install, Update definitions and from Full scans of Both Malwarebytes and SuperAntispyware Free, then go into your "Hosts" file with Notepad to check the entry is not in there for the site.

 

Quads