Hi,

Last night when I tried to answer in a topic here I got an error... something with can't find DNS/IP Digital Kaos - Cable & Satellite Forum (http://www.digital-kaos.co.uk).

No problem I closed my computer and got to sleep.

Today every time when I access this forum I get notice from Malwarebytes' Anti-Malware protection IP:

Infection detected: 174.132.157.30

Did a quick scan of my computer and nothing it is clean, this error come only from this site.

Any ideas ?

thx
L.

IP address: 174.132.157.30
Host name: 1e.9d.84ae.static.theplanet.com
174.132.157.30 is from United States(US) in region North America


TraceRoute to 174.132.157.30 [1e.9d.84ae.static.theplanet.com]
Hop(ms)(ms)(ms)
IP AddressHost name118176
72.249.0.65 -216138
206.123.64.82 -371415
216.52.189.9border4.te4-4.colo4dallas-4.ext1.dal.pnap.net49812
216.52.191.103core1.tge5-2-bbnet2.ext1.dal.pnap.net5766
144.228.250.125sl-st20-dal-8-1-1.sprintlink.net6766
208.173.178.133pr2-so-0-0-0.dallasequinix.savvis.net78611
204.70.200.170cr1-tengig0-7-5-0.dallas.savvis.net81396
208.172.139.130 -98106
70.87.253.22te9-1.dsr02.dllstx3.theplanet.com10Timed outTimed outTimed out

-111722011
70.87.254.230te6-1.car12.dllstx6.theplanet.com121376
174.132.157.301e.9d.84ae.static.theplanet.comTrace complete


Retrieving DNS records for 1e.9d.84ae.static.theplanet.com...
Attempt to get a DNS server for 1e.9d.84ae.static.theplanet.com failed: 1e.9d.84ae.static.theplanet.com does not exist in the DNS
Whois query for theplanet.com...

Results returned from whois.internic.net:

Try clearing your browsers cache or try another browser.

That IP is located at ThePlanet which is a hosting company that we don't use.

The server security is not flagging up any malware.

I already cleaned cache and all tmp from HDD, deleted all cookies and I tried with Sea Monkey and IE... the same problem, and only at this web.

strange.

Think you may have to dig deeper in your pc with some cleansing/antivirus software..spybot comes to mind?


B

Of course I already scanned with Spyboot - Search & destroy and found nothing.

Any recommendation for other good Anti/virus-spyboot ?

thx

Malwarebytes antimalware.

If you post in the pc section i'm sure somebody will help you with it.

Run a HiJack This Log in safemode and post the results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:33, on 06-08-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\APPLIC\FIREBIRD\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\APPLIC\FIREBIRD\bin\fbserver.exe
C:\Program Files\DUMeter\DUMeter.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Program Files\wincmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 1001 Online Games - Play Free Online Games (http://www.1001onlinegames.com/)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DUMeter\DUMeter.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~2\MICROS~2\INetRepl.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~2\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~2\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\APPLIC\FIREBIRD\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\APPLIC\FIREBIRD\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 3388 bytes

incidently what browser were you using when you got this error and do you get this if you use a different browser...?

It looks like IE is your primary browser, can you try Opera or Firefox 3.5 with the Noscript plugin/addon installed...

My default browser it is SeaMonkey 1.1.17.
I also have IE 6 on laptop... but I not use it.

I seen this error on both browsers ( I specially tested with IE ) and strange error come only to this site, and only from this week.

if you have cleaned out your broswers etc, dont all the routine checks i dont see how youre getting this error... try on another browser?

who knows.... maybe it is a bug in Malwarebytes'.

I get same error when running malware anti on IE8. malicious IP 174.132.157.30 and 218.7.68.210

All our testing show we are clean.

Google Safe Browsing diagnostic page for digital-kaos.co.uk (http://www.google.com/safebrowsing/diagnostic?site=digital-kaos.co.uk)

Not blaming ya DF. I think its a common problem with malware Anti, it does it on most sites I've noticed, so I just turned the IP protection bugger off.

mine only started doing that after l opened a virus last week and clean the system ? lets me view dk tho , just pops up a window now and again


think l know why now

this address is on the same service and this and is blacklisted by malware quantumcontrol.net/ 174.132.157.30 same as here

hi just like to say i get the same ip message when im on here

hi just like to say i get the same ip message when im on here

me also, just disable ip logger, must be somat with malware!:boxing:

My suggestion. Download AnVir Task Manager (http://www.anvir.com/). When you run it, AnVir shows you all startup programs and Windows processes, so you?ll find harmful file in a minute. I always use it when I clean one?s PC. Sorry for the offtopic.

To rule out a software issue, try booting into safe mode with networking. Or create a profile on the pc, and get a clean account, i think its a setting within a program your using.

You could also try renewing your IP address to see if that cures it