Logs

Hey guys! Two points if you can:

1. I browse extremely safely and did nothing today but open 3 PSDs for work, all of which checked out in every scan type I tried. Is there a way for you, from these logs, to tell when the infection happened, even roughly, and ideally what the vector/file was? Will help us greatly in reducing any further spread and nailing down the culprit!

2. You have helped me out tremendously over the years. Is there a way for me to donate to show my appreciation for all you do?

Thanks so much guys- logs below!

 

Well, here's what happened- I went to MBAW scan a file as I always do, and it stopped working- would crash. Then I noticed a lot of my web services stopped working- dropbox, things like that. At a friend's suggestion, I tried various websites- certain ones like CNN would load, but others that were more security-focused wouldn't (like microsft.com, majorgeeks, etc.) However, now that I try again, I notice I have terrible internet to virtually all sites. Perhaps this was a red herring all along. Any advice for when router reboot, machine reboot, ipconfig /release & /renew don't seem to give good connectivity back?

Gotta say, am pretty relieved nothing showed up. It's at least consistent with my activity (that being none that should've caused an infection). Perhaps just a wonky network adapter issue.

 

No, something screwy is definitely going on. Some sites load instantaneously- like google (with search results) and slashdot. Other sites, like microsoft, twitter, youtube, and facebook can't even be reached. And then others still load but *extremely* slowly (like cnn and evilavatar).

Not saying it's malicious necessarily, but I've never seen something be inconsistent to this degree.

 

Also, I should mention- every other device on our network (computers, iPhones, iPads) has zero problem connecting to everything.

 

Thanks- will do that!!

 

Well, I *finally* solved it. This one was a real doozy-

- All machines on connection (Time Warner) fine except for problem machine.
- Problem machine fine when tethered to iPhone (Verizon), not fine when connected to Time Warner via wifi, directly to modem, etc.
- Further diagnosing determined problem machine, on Time Warner, failing on IPv6 sites but not IPv4 ones (for example, purple.com vs. notpurple.com).
- Every manner of DNS changing, clearing, IPv6 disabling, etc. tried- nothing.
- Just now came across a posting online where it was someone's antivirus (though on OSX) causing similar issues.
- So on a lark decided to look at MBAW, aka the only protector I have running besides Windows Defender, and disabling all realtime protection.
- TADAAAA!!!! All sites now working. WTF, MB, seriously.. WTF?