Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1642 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website blocked (new undetected malware)

occadmin

On one PC I am getting constant messages (from the sophos system tray notifier box) that a website is being blocked.  Looking at the console it shows the following websites are being accessed over and over again:

sysmain.cc

store-main.su

e-statistic.cc

e-protections.cc

I assume I have something nasty on the PC and have dealt with it as such.  Any ideas on what is causing it and getting a sample for sophos to examine etc.

:33407


This thread was automatically locked due to age.
  • 0

    Hello occadmin,

    what's the detailed alert - i.e. the reason? Do you have a browser open? Did you receive other alerts besides the website blocked?

    It's hard to tell whether some application makes these attempts "on its own" (BTW: all these names resolve to the same set of addresses) - if you keep getting the messages Sysinternal's TCPView might help to identify the process which tries to connect.

    Christian

    :33413
  • 0

    The web control events just show the same sites being blocked.  Not take off web control to see if anything else happens.

    These attempts only appear when starting a browser (internet explorer, chome and firefox)

    TCPview shows these connections and then being killed off by sophos.  Doesnt give me any more detail as to where this is coming from.  I have tried process explorer too!

    Have got a machine isolated now and running some other venders software to see if that sees anything

    :33429
  • 0

    Hello occadmin,

    perhaps you should give Support a call - SDU collects various information from the machine and it might be possible to identify the odd component from the collected data.

    Christian

    :33431
  • 0

    It was Troj/Agent-YAE in the end and protection was added last night.

    Thank you for your help!

    :33469