Unknown Malware trying to contact 8.15.1.107 [Hijack log incl]

Discussion in 'Malware Help (A Specialist Will Reply)' started by thegipper, Aug 12, 2008.

  1. thegipper

    thegipper Private E-2

    Hello,

    I've been trying to indentify (and ultimately remove) a piece of malware that tries to contact the following ip: 8.15.7.107. (I know because zonealarm continually alerts me). I've scanned my pc with adaware and norton. They find nothing. I searched google for the ip (and of course typed it in myself) and found nothing. Any help would be appreciated. I've posted my hijack log bellow:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:07:57 PM, on 8/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


    Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.


    Thanks!
     
    Last edited by a moderator: Aug 13, 2008
    thegipper, Aug 12, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    That IP Address is for
    Code:
    OrgName:    Level 3 Communications, Inc. 
OrgID:      LVLT
Address:    1025 Eldorado Blvd.
City:       Broomfield
StateProv:  CO
PostalCode: 80021
Country:    US
    Does this look familiar? Is this your ISP?


    If you still believe you have malware, please follow the instructions in the below link and attach the requested logs when you finish these instructions.




    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:

    1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Aug 13, 2008
    #2
  3. thegipper

    thegipper Private E-2

    Thanks, chaslang.

    No, that is certainly NOT my ISP. I am in Toronto, Canada and my ISP is Rogers.

    I've run all the malware detection software as suggeted in the link you provided. I still, however, get the unknown malware attempting to contact that site. I've attached my Hijack log.

    Any guidance would be appreciated.
     

    Attached Files:

    thegipper, Aug 13, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We did not ask for a HijackThis log. Please attach the other logs requested in the READ & RUN ME. And that is the logs from the below:
    • SUPERAntiSpyware
    • Malwarebytes
    • MGtools
     
    chaslang, Aug 14, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds