Banned IP Address, Maybe Trojanss and Worms!

Discussion in 'Anti-Virus' started by dwn, May 19, 2010.

  1. dwn

    dwn Guest

    Hi, this may not be the usergroup to post my problems. However, it involve
    Trojans and worms which infected my computer and may have contribute
    to my problems. Two months ago, I encounter difficulties setting up Eudora.
    Finally I had it up and running smoothly. All of a sudden, AOL and Comcast
    "Block" my email. A week or so later AOL, lifted the blocking. I disregard it
    but took precaution and "CC" email to my other Email.

    Two days ago I found all my email "Banned". I cannot login my paid Web
    mail. I can only receive email from my present ISP using "Personalities"
    from my other email. I run the latest Avest and found Trojans and Worms
    saved in Agents' newsreader archive in zip files long ago. Avest removed it.
    But, the damaged were done I am banned by everyone (I am not sure it if
    it were the archived virus). I learn about the banned when I went to
    wildblueworld.com/forum. "Sorry. The administrator has banned your IP
    address. To contact the administrator click here"

    I called my ISP and they help me, changing Internet Protocol (TCP/IP),
    including flushing my IP address. Still no good. Spamhaus, AOL, Comcast
    and Yahoo banned my email. I never span, nor do I sell or solicits anytime.
    I guard my email never, accept anything free and etc. I email to only a
    handful of people.

    While I download from this Newsgroup, Avest found a Trojans in
    Posting "Subject: wierd html" dated 11/16/2009. I need advice to
    lift the banned and protect myself from further infected.

    Thanks a million. I really need help and advices ASAP.
     
    dwn, May 19, 2010
    #1
    1. Advertisements

  2. Are you using wireless connectivity?
     
    FromTheRafters, May 19, 2010
    #2
    1. Advertisements

  3. dwn

    David Kaye Guest

    This usually means that your system is being used as a zombie. Get a tool
    that checks all your outgoing ports and see where it's connecting. But you
    need to do a thorough malware sweep. Malwarebytes can probably do it for you.
    Download Malwarebytes, get the latest update, and run it in safe mode, which
    I've found helps it find things better and faster.
     
    David Kaye, May 20, 2010
    #3
  4. dwn

    ASCII Guest

    http://www.wireshark.org/
     
    ASCII, May 20, 2010
    #4
  5. dwn

    dwn Guest

    Yes, ADSL wireless modem.
     
    dwn, May 20, 2010
    #5
  6. dwn

    dwn Guest

    Not sure what you mean. I strongly believe I am CLEAN now.
    I am using MS Essential and Avest. Both running and further slowing down my
    laptop. The key question, how do I "UNBANNED" as I am NOT a spanner? I
    am an innocent victim. Thanks
     
    dwn, May 20, 2010
    #6
  7. The reason I asked is because spamming from your IP address is not the
    same thing as spamming from your computer. Someone could possibly have
    been using your wireless access point to send spam from *their* computer
    using your IP address. Your detections seem to be for inactive malware -
    someones post of a script snippet. To get un-banned you will have to
    contact the entities that banned you. Usually, their web pages tell you
    how to do this.

    That said, it is *still* a good idea to run some antimalware scanners to
    be more confident that your machine is clean.
     
    FromTheRafters, May 20, 2010
    #7
  8. From: "dwn" <>


    | Not sure what you mean. I strongly believe I am CLEAN now.
    | I am using MS Essential and Avest. Both running and further slowing down my
    | laptop. The key question, how do I "UNBANNED" as I am NOT a spanner? I
    | am an innocent victim. Thanks


    If you use Wireless and it is NOT secured and you are the victim of WarDriving, you really
    are not that innocent as you are responsible for any/all activity on your subscribed IP.
     
    David H. Lipman, May 20, 2010
    #8
  9. dwn

    Dustin Cook Guest

    (David Kaye) wrote in
    It's really not designed to run in safe mode; You should be using it in
    normal mode windows; so that windows loads all the drivers and provides all
    of the registry keys which are not necessarily online while in safe mode.

    Your findings sadly, are not based on the intended design of the software;
    nor the methodology the researchers and developers used for creating it and
    the definitions. It's truely important for it to get a look at your system
    without interference; ie: safe mode, or just scanning a slave drive.
     
    Dustin Cook, May 20, 2010
    #9
  10. dwn

    David Kaye Guest

    Yes, Wireshark is one of the best out there but can be a bit complicated for
    the average user. One that's easier to use for firsttime users is CurrPorts
    from Nirsoft. It's a freebie, by the way:

    http://www.nirsoft.net/
     
    David Kaye, May 20, 2010
    #10
  11. dwn

    David Kaye Guest

    Oh, in that case you might send an email to abuse at whoever has banned you
    and tell them what you've done to clean your system.
     
    David Kaye, May 20, 2010
    #11
  12. dwn

    David Kaye Guest

    I'm not convinced of that line of reasoning at all. If it were the case,
    companies such as McDonald's and Starbucks wouldn't have open wi-fi hotspots
    as part of their regular business plan.
     
    David Kaye, May 20, 2010
    #12
  13. dwn

    David Kaye Guest

    I have followed the Malwarebytes forums for quite some time and have never
    seen anything from anyone at Malwarebytes telling people not to use it in safe
    mode. I welcome anybody who works for MBAM to write me and tell me that what
    I'm doing in ineffective or violates any intended purpose of the software.

    What makes you think that MBAM will scan differently in safe mode than in
    normal mode? The files that make up the registry haven't changed. The
    drivers haven't changed.

    Meanwhile, I have found that MBAM works much better and faster in safe mode
    when particularly nasty malware has taken over a machine simply because
    Windows is not loading the extra drivers, etc., nor is bogged down by
    excessive CPU use.
     
    David Kaye, May 20, 2010
    #13
  14. It's not so much that it shouldn't be run in safe mode as it is that it
    does a better job in regular mode.
    Some of the detection algorithms might involve having active malware to
    look at. Safe mode might not have loaded some aspects of the malware, so
    there would be no activity to observe. I *have* seen recommendations to
    run it in safe mode and *then* in normal mode.

    [...]

    ....and no, I'm not employed by Malwarebytes and am looking forward to
    you getting your response from a representative. Please share with us
    whatever information they allow you to.
     
    FromTheRafters, May 20, 2010
    #14
  15. dwn

    David Kaye Guest

    My impression is that MBAM does not look at activity but at pieces of code. I
    have a CD with a bunch of hacking tools on it which I use in my business. If
    I happen to have the CD in a machine when I'm doing a MBAM scan, it'll see
    those tools as malware, even though they're not active.
    Will do.
     
    David Kaye, May 20, 2010
    #15
  16. From: "David Kaye" <>


    | I'm not convinced of that line of reasoning at all. If it were the case,
    | companies such as McDonald's and Starbucks wouldn't have open wi-fi hotspots
    | as part of their regular business plan.


    Please take time to read the law and the associated ISP AUP/ToS.
     
    David H. Lipman, May 20, 2010
    #16
  17. I didn't say it was *only* context scanning, I'm sure it has content
    scanning as well.
    Thanks.
     
    FromTheRafters, May 20, 2010
    #17
  18. dwn

    dwn Guest

    Ran the following anti virus:
    Avest full scan - about 2 hrs.
    MS Essential full scan - more than 4 hrs
    Stinger 1001896 - (I stopped it after 45 minute)

    The next day: (with both Avest and MS Essential off).
    First Malwarebytes - about 45 minutes.
    Follow by, SuperAntiSpyware - about 29 minutes

    Found nothing. Earlier, I received so many undelivered mails,
    I did not take the time to find out who is blocking my email.
    I will read each one carefully and contact them. I contact Surewest,
    (paid email server) and wildblueworld administrator neither replied.

    BTW, I am in a different time zone.
     
    dwn, May 21, 2010
    #18
  19. dwn

    dwn Guest

    It is not likely someone hijack my wireless ADSL. There are no wireless network
    within range from my computer, none since I moved into the neighborhood and it
    took more than thee weeks for my ISP to find a "PORT" for me.
     
    dwn, May 21, 2010
    #19
  20. dwn

    dwn Guest

    What do you mean "a zombie"? I am pretty sure I cleaned my computer other than
    clean installing XP PRO after format the HD. I called my ISP and I waiting for
    their finding.
     
    dwn, May 21, 2010
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.