Inbound traffic from a specific domain appears to be unblockable - General Security (2024)

TanyaC

• 
• Members
• 75 posts
• OFFLINE

• Gender:Female
• Location:Australia
• Local time:01:18 AM

I was recently looking at my usage at my ISPs website and it's showing insane upload amounts, like 20GB.

I installed Net Limiter 5.3.8.0 to monitor the traffic.

I use a VPN, always.

I am only interested in traffic uploaded via the Internet, not local LAN traffic.

I see a strange entry on Net Limiter, inbound traffic at a constant 6B/s from naj.sk, which appears to be a swiss women's fashion site that I've never visited.

I updated the ACL on my router to block naj.sk's IP address 185.64.219.37.

I added a Windows firewall rule to block the IP address

naj.sk was already in my hosts file (hence the addresses of 127.0.0.1).

I added an inbound and outbound block rule in Net Limiter.

But the traffic persists.

Why is it not being blocked?

Why would this site be trying to connect to my PC?

How can I stop it?

Edited by TanyaC, 06 March 2024 - 05:48 AM.

JohnC_21

• 
• Members
• 35,093 posts
• OFFLINE

• Gender:Male
• Local time:10:18 AM

If you add shoptet-lb-prot.vshosting.cz to the hosts file does it change anything?

https://whatismyipaddress.com/ip/185.64.219.37

You may want to start a thread in the malware removal forum.

0lds0d

• 
• Members
• 5,322 posts
• OFFLINE

• Gender:Male
• Location:Winnipeg
• Local time:09:18 AM

Place185.64.219.37 into the host file as 127.0.0.1 block instead of only using the domain.

As for domains hosted on a single IP, that could be hundreds, not just one such as seen in a lookup.

https://myip.ms/view/ip_addresses/3108035360/185.64.219.32_185.64.219.255

Also the Net Limiter is blocking TCP, but what is the Protocol that is used?

Same as the router - is it blocking both TCP and UDP and any mail Protocol?

Add the entire block into the Windows Firewall as185.64.216.0/22 for Any Protocol and for both ingress and egress.

If the unwanted traffic is established over the VPN, then the connection could even bypass the firewall or the host file as it is tunneled.

Oh wait IT is blocked.

Process Explorer may help locate this.

Logging a netstat output could help track it down.

Ran the antivirus and something like MBAM scans?

Edited by 0lds0d, 06 March 2024 - 11:36 AM.

cryptodan

Bleepin Madman



• 
• Members
• 35,863 posts
• OFFLINE

• Gender:Male
• Location:USA
• Local time:02:18 PM

Download and install min-toolbox from here:https://www.bleepingcomputer.com/download/minitoolbox/



With the following:

Flushdns
Hosts
Last 10 error messages from the logs
Installed Application
Problematic Devices
List users and partitions

Edited by cryptodan, 06 March 2024 - 11:29 AM.

US Navy Veteran from 2002 to 2006

Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015

Arch Desktop -https://termbin.com/epij

Arch Laptop - https://www.termbin.com/dnwk

Ubuntu Server -https://termbin.com/zvra

Dominique1

Bleepin Funny



• 
• Members
• 1,109 posts
• OFFLINE

• Gender:Not Telling
• Local time:09:18 AM

I updated the ACL on my router to block naj.sk's IP address 185.64.219.37.

TanyaC

• Topic Starter


• 
• Members
• 75 posts
• OFFLINE

• Gender:Female
• Location:Australia
• Local time:01:18 AM

Thanks all for the feedback. Haven't got though all the suggestions yet.

Adding shoptet-lb-prot.vshosting.cz or the IP address to the hosts file did not stop the traffic.

The router is an ASUS RT-AC88u running the latest Merlin firmware. I have ingress and egress blocks in the network services firewall filter for both TCP and UDP.

Added 185.64.216.0/22 to the firewall for both in and out.

Lol, I managed to crash Netlimiter. I added a rule to block the connection in netlimiter and it crashed the program. When I restarted it I am no seeing traffic from a different domain.

It's now lh-hl.snssdk.com.w.kunluncan.com

I think I should follow the malware path.

Will get back to you soon

cryptodan

Bleepin Madman



• 
• Members
• 35,863 posts
• OFFLINE

• Gender:Male
• Location:USA
• Local time:02:18 PM

Run minitoolbox

Also the hosts file is for outbound checks not for inbound.

US Navy Veteran from 2002 to 2006

Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015

Arch Desktop -https://termbin.com/epij

Arch Laptop - https://www.termbin.com/dnwk

Ubuntu Server -https://termbin.com/zvra

Dominique1

Bleepin Funny



• 
• Members
• 1,109 posts
• OFFLINE

• Gender:Not Telling
• Local time:09:18 AM

I think I should follow the malware path.

EDIT:

However, running a custom router firmware may not help you. Perhaps bad actors are exploiting a Merlin vulnerability (zero day type) to get into your system.

Edited by Dominique1, 06 March 2024 - 08:34 PM.

cryptodan

Bleepin Madman



• 
• Members
• 35,863 posts
• OFFLINE

• Gender:Male
• Location:USA
• Local time:02:18 PM

US Navy Veteran from 2002 to 2006

Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015

Arch Desktop -https://termbin.com/epij

Arch Laptop - https://www.termbin.com/dnwk

Ubuntu Server -https://termbin.com/zvra

TanyaC

• Topic Starter


• 
• Members
• 75 posts
• OFFLINE

• Gender:Female
• Location:Australia
• Local time:01:18 AM

I ran minitoolbox. Nothing in there that I can see. Other than things I expect to see, such as devices without drivers (eg I will never install IME. I don't run thunderbolt, so I don't install the drivers). The only even log errors were from netlimiter.There were no unexpected programs installed.

My hosts file is 26,000 lines long. minitoolbox only lists the first 20 lines.

Netlimiter is thrashing my CPU.

Yes, I ran MBam, it found nothing. I tried to run Kaspersky offline but it just gives me a black screen.

As MBAM is an absolute mess I'm restoring my system from a back up image.

My entire windows installation is scripted, so I am going to reinstall Windows from scratch and then install all programs one at a time until the problem presents. That will tell me which program is the culprit.

With the exception of MS Office and my Macrium home license, pretty much everything I run is FOSS

Will report back when I'm done.

cryptodan

Bleepin Madman



• 
• Members
• 35,863 posts
• OFFLINE

• Gender:Male
• Location:USA
• Local time:02:18 PM

US Navy Veteran from 2002 to 2006

Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015

Arch Desktop -https://termbin.com/epij

Arch Laptop - https://www.termbin.com/dnwk

Ubuntu Server -https://termbin.com/zvra

TanyaC

• Topic Starter


• 
• Members
• 75 posts
• OFFLINE

• Gender:Female
• Location:Australia
• Local time:01:18 AM

Not really fond up publishing this much personal information, but anyway, see below...

awwww... damn I ran it again. It overwrote the results from the previous run.

MiniToolBox by Farbar Version: 13-05-2022Ran by Tanya (administrator) on 07-03-2024 at 13:57:35Running from "E:\"Microsoft Windows 10 Enterprise LTSC (X64)Model: MS-7D86 Manufacturer: Micro-Star International Co., Ltd.Boot Mode: Normal***************************************************************************========================= Hosts content: =================================127.0.0.1 www.bing.com127.0.0.1 bing.com127.0.0.1 skimads.com127.0.0.1 liveramp.com127.0.0.1 forums.whirlpool.net.au127.0.0.1 triller.co127.0.0.1 tinder.com127.0.0.1 bereal.com127.0.0.1 bereal.fans127.0.0.1 line.me127.0.0.1 help.line.me127.0.0.1 omtrdc.net 0.0.0.0 pipe.aria.microsoft.com0.0.0.0 assets.msn.com0.0.0.0 web.vortex.data.microsoft.com0.0.0.0 browser.events.data.msn.com0.0.0.0 www.msn.com0.0.0.0 sb.scorecardresearch.com127.0.0.1 netflix.com127.0.0.1 www.netflix.com127.0.0.1 nflxvideo.net127.0.0.1 nflximg.net127.0.0.1 nflxext.com127.0.0.1 www.lemon8-app.com127.0.0.1 www.lemon8.cyou127.0.0.1 www.google.com/chrome127.0.0.1 support.google.com/chrome127.0.0.1 techviral.net/google-chrome-offline-installers127.0.0.1 www.askvg.com/official-link-to-download-google-chrome-standalone-offline-installer127.0.0.1 chrome.google.com0.0.0.0 plus.l.google.com0.0.0.0 plus.sandbox.google.com0.0.0.0 plusone.google.com127.0.0.1 plus.google.com127.0.0.1 play.google.com127.0.0.1 store.google.comThere are 25239 entries.========================= Event log errors: ===============================Application errors:==================Error: (03/03/2024 11:23:48 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..Error: (03/03/2024 11:23:48 PM) (Source: VSS) (EventID: 13) (User: )Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]System errors:======================================== Installed Programs ============================7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)ASUS XG-C100C 10G Adapter Driver version 5.0.3.5 (HKLM-x32\...\{F73D1A61-01DF-4D32-9581-5663C6FB3232}_is1) (Version: 5.0.3.5 - ASUSTek Company, Inc.)BDtoAVCHD 3.1.2 (HKLM-x32\...\{A9D1A625-19AE-44D0-8BB8-5EEE6B204A85}) (Version: 3.1.2 - Joel Gali)Calculator (HKLM\...\{FC211C17-798B-4E74-BE2D-D179B0FC316A}_is1) (Version: 10.0.14393.0 - )Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - Canon Inc.)Canon TS8300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS8300_series) (Version: 1.02 - Canon Inc.)CPUID CPU-Z 2.09 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.09 - CPUID, Inc.)DVDFab 12 (x64) (26/01/2022) (HKLM-x32\...\DVDFab 12 (x64)) (Version: 12.0.6.0 - DVDFab Software Inc.)FileBot (HKLM\...\{687EEB60-0A61-4800-804F-C83CBC195114}) (Version: 5.1.3 - Point Planck Limited)Guitar Hero III (HKLM-x32\...\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}) (Version: 1.3 - Aspyr)HandBrake 1.7.3 (HKLM-x32\...\HandBrake) (Version: 1.7.3 - )Icaros (HKLM\...\Icaros_is1) (Version: 3.3.2.0 - Tabibito Technology)ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)Intel(R) Chipset Device Software (HKLM-x32\...\{e6ecf35a-b1bb-4e59-9d90-4c98fde2ffa8}) (Version: 10.1.19199.8340 - Intel(R) Corporation)Java 8 Update 401 (64-bit) (HKLM\...\{71024AE4-039E-4CA4-87B4-2F64180401F0}) (Version: 8.0.4010.10 - Oracle Corporation)Macrium Reflect Home Edition (HKLM\...\{409F3D44-EDA2-4BFE-86BD-2BC70DD9C198}) (Version: 6.3.1865 - Paramount Software (UK) Ltd.) HiddenMacrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)MakeMKV v1.17.5 (HKLM-x32\...\MakeMKV) (Version: v1.17.5 - GuinpinSoft inc)MediaInfo 24.01 (HKLM\...\MediaInfo) (Version: 24.01 - MediaArea.net)Microsoft DirectX End-User Runtime (HKLM\...\DirectX End-User Runtime) (Version: 9.29.1974 - Microsoft Corporation)Microsoft DirectX Managed Assemblies (HKLM\...\DirectX Managed Assemblies) (Version: 1.1 - Microsoft Corporation)Microsoft Office LTSC Standard 2021 - en-us (HKLM\...\Standard2021Volume - en-us) (Version: 16.0.14332.20481 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33126 (HKLM\...\{F80D0C4E-7BA7-4B7B-9B81-CECFB5601EE8}) (Version: 14.38.33126 - Microsoft Corporation)Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33126 (HKLM\...\{14DDB43F-B11B-47D7-B118-F8EC25D52606}) (Version: 14.38.33126 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{C931A1C6-A7BF-3737-874A-818881A37E1B}) (Version: 10.0.60915 - Microsoft Corporation)MKVToolNix 82.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 82.0.0 - Moritz Bunkus)Mozilla Firefox ESR (x64 en-US) (HKLM\...\Mozilla Firefox 102.15.1 ESR (x64 en-US)) (Version: 102.15.1 - Mozilla)Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)MSI Afterburner 4.6.5 (HKLM-x32\...\Afterburner) (Version: 4.6.5 - MSI Co., LTD)MySQL Workbench 8.0 CE (HKLM\...\{06687940-C076-4E1C-BDF9-0707DCB3ED28}) (Version: 8.0.25 - Oracle Corporation)Need For Speed Underground (HKLM-x32\...\{A99968BE-C155-474C-0089-33239DEE1CE2}) (Version: - )Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6.4 - Notepad++ Team)NVIDIA Graphics Driver 551.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 551.23 - NVIDIA Corporation)Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20481 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20481 - Microsoft Corporation) HiddenOpen-Shell (HKLM\...\{FA86549E-94DD-4475-8EDC-504B6882E1F7}) (Version: 4.4.191 - The Open-Shell Team)OpenVPN 2.6.9-I001 amd64 (HKLM\...\{F8F0FB6A-DC3A-45C3-9A5E-88BCCDA5DF71}) (Version: 2.6.901 - OpenVPN, Inc.)PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 231113 - Kakao Corp.)Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.2353 - Realtek Semiconductor Corp.)SimCity 3000 compatibility fixes (HKLM\...\{a11069d5-5b77-4c3e-9640-5b8415af52e1}.sdb) (Version: - )SmartControlCenter (HKLM-x32\...\{63CE935C-03E3-4EB4-B194-792CB2F91C87}) (Version: 1.1.3.4 - Netgear)Subtitle Edit (HKLM\...\SubtitleEdit_is1) (Version: 4.0.3.0 - Nikse)Subtitle Workshop (HKLM-x32\...\{03754E1D-48F1-4935-898E-34753081BAF9}_is1) (Version: 6.2.9 - Kameleon Software)SureThing Disc Labeler Gold (HKLM-x32\...\SureThing Disc Labeler Gold_is1) (Version: 7.0.77.0 - MicroVision Development, Inc.)The Settlers II - 10th Anniversary (HKLM-x32\...\S2TNG) (Version: - )WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - http://winaero.com)WinRAR 6.24 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.24.0 - win.rar GmbH)Packages:=========MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2024-03-03] (Microsoft Corporation)NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2024-03-03] (NVIDIA Corp.)Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.50.323.0_x64__dt26b99r8h8gj [2024-03-03] (Realtek Semiconductor Corp)========================= Devices: ================================Name: Intel(R) Ethernet Controller I226-VDescription: Intel(R) Ethernet Controller I226-VClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService: e2fexpressDevice ID: PCI\VEN_8086&DEV_125C&SUBSYS_7D861462&REV_04\047C16FFFF4E29EF00Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Intel(R) Ethernet Controller I226-V #2Description: Intel(R) Ethernet Controller I226-VClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService: e2fexpressDevice ID: PCI\VEN_8086&DEV_125C&SUBSYS_7D861462&REV_04\047C16FFFF4E29F000Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Base System DeviceDescription: Base System DeviceClass Guid:Manufacturer:Service:Device ID: PCI\VEN_8086&DEV_A74F&SUBSYS_7D861462&REV_01\3&11583659&0&40Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: PCI Simple Communications ControllerDescription: PCI Simple Communications ControllerClass Guid:Manufacturer:Service:Device ID: PCI\VEN_8086&DEV_7A68&SUBSYS_7D861462&REV_11\3&11583659&0&B0Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: Universal Serial Bus (USB) ControllerDescription: Universal Serial Bus (USB) ControllerClass Guid:Manufacturer:Service:Device ID: PCI\VEN_8086&DEV_1137&SUBSYS_44761462&REV_00\C9128491D1E9070000Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: Network ControllerDescription: Network ControllerClass Guid:Manufacturer:Service:Device ID: PCI\VEN_8086&DEV_7A70&SUBSYS_00948086&REV_11\3&11583659&0&A3Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.========================= Memory info: ===================================Percentage of memory in use: 4%Total physical RAM: 65367.27 MBAvailable physical RAM: 62132.98 MBTotal Virtual: 74583.27 MBAvailable Virtual: 69810.71 MB========================= Partitions: =====================================3 Drive c: (Windows 10 ) (Fixed) (Total:96.01 GB) (Free:75.65 GB) NTFS4 Drive d: (Games ) (Fixed) (Total:1907.71 GB) (Free:1884.89 GB) NTFS5 Drive e: (Downloads ) (Fixed) (Total:1907.71 GB) (Free:1697.97 GB) NTFS6 Drive f: (Authoring ) (Fixed) (Total:1811.12 GB) (Free:1726.73 GB) NTFS7 Drive g: (Data ) (Fixed) (Total:9313.87 GB) (Free:9179.63 GB) NTFS8 Drive h: (Development ) (Fixed) (Total:1907.71 GB) (Free:1451.47 GB) NTFS9 Drive m: (Applications) (Network) (Total:2560.01 GB) (Free:995.3 GB) NTFS10 Drive n: (Games) (Network) (Total:4096.01 GB) (Free:1799.14 GB) NTFS11 Drive o: (Images ) (Network) (Total:768.01 GB) (Free:308.78 GB) NTFS12 Drive p: (Music) (Network) (Total:128 GB) (Free:66.23 GB) NTFS13 Drive q: (Windows 2012 R2) (Network) (Total:96.01 GB) (Free:71.04 GB) NTFS14 Drive r: (Users) (Network) (Total:384.01 GB) (Free:318.94 GB) NTFS15 Drive s: (Users) (Network) (Total:384.01 GB) (Free:318.94 GB) NTFS16 Drive t: (TV-1) (Network) (Total:14901.87 GB) (Free:6594.21 GB) NTFS17 Drive u: (Movies-1) (Network) (Total:11175.87 GB) (Free:4487.97 GB) NTFS18 Drive v: (Documentaries) (Network) (Total:6311.86 GB) (Free:4419.64 GB) NTFS19 Drive w: (Photos) (Network) (Total:128.01 GB) (Free:122.94 GB) NTFS20 Drive x: (Backup) (Network) (Total:9313.87 GB) (Free:3466.64 GB) NTFS21 Drive y: (WinImages ) (Network) (Total:9313.87 GB) (Free:3814.51 GB) NTFS========================= Users: ========================================User accounts for \\TANYA-PCAdministrator DefaultAccount Guest Tanya WDAGUtilityAccount **** End of log ****

Edited by TanyaC, 06 March 2024 - 10:03 PM.

cryptodan

Bleepin Madman



• 
• Members
• 35,863 posts
• OFFLINE

• Gender:Male
• Location:USA
• Local time:02:18 PM

I see in your hosts file that sites that are used to search for and find potential information regarding the tactics, techniques, and procedures are blocked something on your machine likely planted or created that hosts file

Some of these sites include but are not limited to

bing.com
google.com
foruns.whirlpool.net.au

Continue pursuing the malware removal help. You'll be posting more information than in the above

US Navy Veteran from 2002 to 2006

Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015

Arch Desktop -https://termbin.com/epij

Arch Laptop - https://www.termbin.com/dnwk

Ubuntu Server -https://termbin.com/zvra

TanyaC

• Topic Starter


• 
• Members
• 75 posts
• OFFLINE

• Gender:Female
• Location:Australia
• Local time:01:18 AM

Nope. I put them there.

I don't believe there is anything in there that I did not intentionally add.

I'd have another 30,000 lines in there if I could, but as it stands, adding chunks of entries now results in a massive slow down of my browser

They say the hosts file size is unlimited, but I've found once it gets close the 1mb things slow to a crawl.

I'm going to be offline now for a day or so whilst I install from scratch

Edited by TanyaC, 06 March 2024 - 10:32 PM.

cryptodan

Bleepin Madman



• 
• Members
• 35,863 posts
• OFFLINE

• Gender:Male
• Location:USA
• Local time:02:18 PM

You really shouldn't be using a hosts file you'll essentially going to stop the internet from working on your computer.

The hosts file is greatly depreciated as it was primarily used for computers to do name to ip and ip to host name lookups prior to the invention of the Domain Name System and does not block incoming requests at all.

What is that you are trying to do and prevent from happening?

US Navy Veteran from 2002 to 2006

Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015

Arch Desktop -https://termbin.com/epij

Arch Laptop - https://www.termbin.com/dnwk

Ubuntu Server -https://termbin.com/zvra