delphinium wrote:
I have had some intrusion blocked and bloodhound exploit 387 blocked, which makes me wonder if I have anything on this computer that is bad. I
________________________________________________________________________________
You are right to be concerned about this sort of notification. Can you click on that notification or one like it, and then click "More Details." It would be very useful to have a screen print of the results. Paste the screen print into Paint, save as a JPEG to your desktop. You will then be able to insert it using the little green tree in the menu bar of the reply editor.
Quite a few of the usual rootkit scans do not find them.
I probably had some other notification of the intrusion, but the picture I was able to come up with was from Norton 360's logs.
As I assumed from the community rules that possibly bad sites should not be posted and that personal information should not be posted either, i have "blackened out" the url and changed my user information to "user name". I am posting the jpg of the Security History Advanced details for the MSIE Java Deployment Toolkit Input Invalidation.
As for the Bloodhound Exploit 387, I got the number wrong: it is Bloodhound Exploit 337. I don't know how I mistook a '3' as an '8'. The info on that exploit is:
c:\users\User name\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\09854aju\exemple[1].htm
____________________________
____________________________
On computer as of
7/11/2010 at 1:14:41 AM
Last Used:
7/11/2010 at 1:14:41 AM
Startup Item: No
Launched: No
____________________________
____________________________
Very Few Users
Fewer than 10 users in the Norton Community have used this file.
____________________________
High
This file risk is high.
____________________________
Threat Details
Detection of a potential threat based on its behavior.
____________________________
Origin
Downloaded from Not Available
____________________________
URL Not Available
UNTESTED
Source
exemple[1].htm
____________________________
File Actions
File: c:\users\user name\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\09854aju\exemple[1].htm
Blocked
____________________________
File Thumbprint:
19b75641d48ee18044fa60e762fe132b2d2209617c1595a28da38ca1ea920c9e
____________________________
I will post the picture of the log for this one as well.
The check for rootkit was a bit before these events occurred and I changed from Avast to Norton 360 The event of concern then was "network unknown" message and inability to connect to internet or get mail via Windows Mail.
I was double checking how Norton was working when I ran MBAM in safe mode and it found Malware trace:
The log is below:
:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4293
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928
7/20/2010 10:37:26 PM
mbam-log-2010-07-20 (22-37-26).txt
Scan type: Quick scan
Objects scanned: 126215
Time elapsed: 4 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\User Name\list.txt (Malware.Trace) -> No action taken.
I hope you can easily follow what I have posted.
Calamity Susan
.