CBL says that I have a Conficker

Hieronymus

New Member
Thread author
Jul 6, 2016
8
Hello,

recently, I sent a few e-mails to some people and they didn't receive them. I checked if my IP is on a blacklist. Currently, it's listed on 5 blacklists, mainly Spamhaus and CBL. The CBL says that the IP is making connections to Conficker sinkholes. I've already tried to make a request to delist my IP, but it got relisted after a few days. So I started making steps to find and remove the infection, but I didn't find anything. I used AVAST, MalwareBytes, SUPERAntiSpyware, Microsoft Malicious Software Removal Tool, McAfee Malicious Software Removal Tool and a few other tools. Nothing came up. My laptop is running fine and I'm not seeing any account security breaches or anything like that. I also enabled firewall logs a few days ago. Then I found the website ThreatStop which offers firewall log analysis, so I posted my log there. Their test showed 5604 clean connecting attempts, and 206 infected ones, which are supposedly connecting to Conficker sinkholes. This is the log from ThreatStop:

192.168.1.93

206
2016-07-06 18:00:37 ALLOW TCP 192.168.1.93 5.45.58.100 7005 443 0 - 0 0 0 - - - SEND
2016-07-06 18:00:37 ALLOW TCP 192.168.1.93 5.45.58.100 7006 443 0 - 0 0 0 - - - SEND
2016-07-06 18:00:37 ALLOW TCP 192.168.1.93 63.251.64.137 6999 80 0 - 0 0 0 - - - SEND
2016-07-06 18:00:37 ALLOW TCP 192.168.1.93 63.251.64.137 7000 80 0 - 0 0 0 - - - SEND
2016-07-06 18:00:37 ALLOW TCP 192.168.1.93 63.251.64.137 7002 80 0 - 0 0 0 - - - SEND
2016-07-06 18:00:37 ALLOW TCP 192.168.1.93 63.251.64.137 7001 80 0 - 0 0 0 - - - SEND
2016-07-06 18:00:37 ALLOW TCP 192.168.1.93 63.251.64.137 7003 80 0 - 0 0 0 - - - SEND
2016-07-06 18:00:37 ALLOW TCP 192.168.1.93 63.251.64.137 7004 80 0 - 0 0 0 - - - SEND
2016-07-06 18:00:38 ALLOW TCP 192.168.1.93 69.16.175.42 7007 80 0 - 0 0 0 - - - SEND
2016-07-06 18:02:07 ALLOW TCP 192.168.1.93 77.234.45.43 7021 443 0 - 0 0 0 - - - SEND
2016-07-06 18:02:07 ALLOW TCP 192.168.1.93 77.234.45.43 7022 443 0 - 0 0 0 - - - SEND
2016-07-06 18:02:07 ALLOW TCP 192.168.1.93 77.234.45.43 7023 443 0 - 0 0 0 - - - SEND
2016-07-06 18:02:07 ALLOW TCP 192.168.1.93 69.16.175.42 7024 80 0 - 0 0 0 - - - SEND
2016-07-06 18:03:31 ALLOW ICMP 192.168.1.93 63.251.64.190 - - 0 - - - - 8 0 - SEND
2016-07-06 18:04:54 ALLOW TCP 192.168.1.93 77.234.45.43 7045 443 0 - 0 0 0 - - - SEND
2016-07-06 18:04:54 ALLOW TCP 192.168.1.93 77.234.45.43 7046 443 0 - 0 0 0 - - - SEND
2016-07-06 18:04:54 ALLOW TCP 192.168.1.93 63.251.64.137 7044 80 0 - 0 0 0 - - - SEND
2016-07-06 18:04:54 ALLOW TCP 192.168.1.93 63.251.64.137 7039 80 0 - 0 0 0 - - - SEND
2016-07-06 18:04:54 ALLOW TCP 192.168.1.93 63.251.64.137 7041 80 0 - 0 0 0 - - - SEND
2016-07-06 18:04:54 ALLOW TCP 192.168.1.93 63.251.64.137 7040 80 0 - 0 0 0 - - - SEND
2016-07-06 18:04:54 ALLOW TCP 192.168.1.93 63.251.64.137 7042 80 0 - 0 0 0 - - - SEND
2016-07-06 18:04:54 ALLOW TCP 192.168.1.93 63.251.64.137 7043 80 0 - 0 0 0 - - - SEND
2016-07-06 18:04:55 ALLOW TCP 192.168.1.93 69.16.175.42 7048 80 0 - 0 0 0 - - - SEND
2016-07-06 18:04:55 ALLOW TCP 192.168.1.93 77.234.45.43 7049 443 0 - 0 0 0 - - - SEND
2016-07-06 18:04:55 ALLOW TCP 192.168.1.93 77.234.45.43 7050 443 0 - 0 0 0 - - - SEND
2016-07-06 18:04:55 ALLOW TCP 192.168.1.93 77.234.45.43 7051 443 0 - 0 0 0 - - - SEND
2016-07-06 18:05:02 ALLOW TCP 192.168.1.93 63.251.64.137 7053 80 0 - 0 0 0 - - - SEND
2016-07-06 18:05:02 ALLOW TCP 192.168.1.93 63.251.64.137 7054 80 0 - 0 0 0 - - - SEND
2016-07-06 18:05:04 ALLOW TCP 192.168.1.93 63.251.64.137 7056 80 0 - 0 0 0 - - - SEND
2016-07-06 18:05:04 ALLOW TCP 192.168.1.93 63.251.64.137 7055 80 0 - 0 0 0 - - - SEND
2016-07-06 18:05:04 ALLOW TCP 192.168.1.93 63.251.64.137 7058 80 0 - 0 0 0 - - - SEND
2016-07-06 18:05:04 ALLOW TCP 192.168.1.93 63.251.64.137 7057 80 0 - 0 0 0 - - - SEND
2016-07-06 18:05:05 ALLOW TCP 192.168.1.93 69.16.175.42 7059 80 0 - 0 0 0 - - - SEND
2016-07-06 18:06:13 ALLOW TCP 192.168.1.93 69.16.175.10 7069 80 0 - 0 0 0 - - - SEND
2016-07-06 18:06:13 ALLOW TCP 192.168.1.93 77.234.45.42 7070 443 0 - 0 0 0 - - - SEND
2016-07-06 18:06:13 ALLOW TCP 192.168.1.93 77.234.45.42 7071 443 0 - 0 0 0 - - - SEND
2016-07-06 18:06:13 ALLOW TCP 192.168.1.93 77.234.45.42 7072 443 0 - 0 0 0 - - - SEND
2016-07-06 18:06:25 ALLOW TCP 192.168.1.93 69.16.175.10 7074 80 0 - 0 0 0 - - - SEND
2016-07-06 18:06:25 ALLOW UDP 192.168.1.93 77.234.40.93 62070 53 0 - - - - - - - SEND
2016-07-06 18:06:29 ALLOW TCP 192.168.1.93 69.16.175.10 7076 80 0 - 0 0 0 - - - SEND
2016-07-06 18:06:37 ALLOW TCP 192.168.1.93 69.16.175.10 7078 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:43 ALLOW TCP 192.168.1.93 77.234.45.42 7089 443 0 - 0 0 0 - - - SEND
2016-07-06 18:07:43 ALLOW TCP 192.168.1.93 77.234.45.42 7090 443 0 - 0 0 0 - - - SEND
2016-07-06 18:07:43 ALLOW TCP 192.168.1.93 63.251.64.137 7085 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:43 ALLOW TCP 192.168.1.93 63.251.64.137 7087 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:43 ALLOW TCP 192.168.1.93 63.251.64.137 7086 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:43 ALLOW TCP 192.168.1.93 63.251.64.137 7088 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:43 ALLOW TCP 192.168.1.93 63.251.64.137 7084 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:43 ALLOW TCP 192.168.1.93 63.251.64.137 7083 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:44 ALLOW TCP 192.168.1.93 69.16.175.10 7092 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:52 ALLOW TCP 192.168.1.93 63.251.64.137 7094 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:52 ALLOW TCP 192.168.1.93 63.251.64.137 7096 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:52 ALLOW TCP 192.168.1.93 63.251.64.137 7095 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:52 ALLOW TCP 192.168.1.93 63.251.64.137 7097 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:52 ALLOW TCP 192.168.1.93 63.251.64.137 7098 80 0 - 0 0 0 - - - SEND
2016-07-06 18:07:53 ALLOW TCP 192.168.1.93 69.16.175.10 7101 80 0 - 0 0 0 - - - SEND
2016-07-06 18:08:31 ALLOW ICMP 192.168.1.93 63.251.64.190 - - 0 - - - - 8 0 - SEND
2016-07-06 18:10:55 ALLOW TCP 192.168.1.93 63.251.64.137 7117 80 0 - 0 0 0 - - - SEND
2016-07-06 18:10:55 ALLOW TCP 192.168.1.93 63.251.64.137 7116 80 0 - 0 0 0 - - - SEND
2016-07-06 18:12:51 ALLOW TCP 192.168.1.93 63.251.64.137 7124 80 0 - 0 0 0 - - - SEND
2016-07-06 18:12:52 ALLOW TCP 192.168.1.93 5.45.58.100 7125 443 0 - 0 0 0 - - - SEND
2016-07-06 18:12:52 ALLOW TCP 192.168.1.93 5.45.58.100 7126 443 0 - 0 0 0 - - - SEND
2016-07-06 18:12:52 ALLOW TCP 192.168.1.93 5.45.58.100 7127 443 0 - 0 0 0 - - - SEND
2016-07-06 18:12:52 ALLOW TCP 192.168.1.93 63.251.64.137 7128 80 0 - 0 0 0 - - - SEND
2016-07-06 18:12:52 ALLOW TCP 192.168.1.93 63.251.64.137 7129 80 0 - 0 0 0 - - - SEND
2016-07-06 18:12:52 ALLOW TCP 192.168.1.93 63.251.64.137 7130 80 0 - 0 0 0 - - - SEND
2016-07-06 18:12:52 ALLOW TCP 192.168.1.93 63.251.64.137 7131 80 0 - 0 0 0 - - - SEND
2016-07-06 18:12:52 ALLOW TCP 192.168.1.93 63.251.64.137 7132 80 0 - 0 0 0 - - - SEND
2016-07-06 18:12:53 ALLOW TCP 192.168.1.93 69.16.175.10 7133 80 0 - 0 0 0 - - - SEND
2016-07-06 18:12:53 ALLOW TCP 192.168.1.93 69.16.175.10 7135 80 0 - 0 0 0 - - - SEND
2016-07-06 18:12:58 ALLOW TCP 192.168.1.93 69.16.175.10 7136 80 0 - 0 0 0 - - - SEND
2016-07-06 18:13:32 ALLOW ICMP 192.168.1.93 63.251.64.179 - - 0 - - - - 8 0 - SEND
2016-07-06 18:15:41 ALLOW TCP 192.168.1.93 63.251.64.137 7146 80 0 - 0 0 0 - - - SEND
2016-07-06 18:15:41 ALLOW TCP 192.168.1.93 63.251.64.137 7147 80 0 - 0 0 0 - - - SEND
2016-07-06 18:15:42 ALLOW TCP 192.168.1.93 77.234.45.41 7148 443 0 - 0 0 0 - - - SEND
2016-07-06 18:15:42 ALLOW TCP 192.168.1.93 77.234.45.41 7149 443 0 - 0 0 0 - - - SEND
2016-07-06 18:15:42 ALLOW TCP 192.168.1.93 77.234.45.41 7150 443 0 - 0 0 0 - - - SEND
2016-07-06 18:15:42 ALLOW TCP 192.168.1.93 63.251.64.137 7151 80 0 - 0 0 0 - - - SEND
2016-07-06 18:15:42 ALLOW TCP 192.168.1.93 63.251.64.137 7152 80 0 - 0 0 0 - - - SEND
2016-07-06 18:15:42 ALLOW TCP 192.168.1.93 63.251.64.137 7153 80 0 - 0 0 0 - - - SEND
2016-07-06 18:15:42 ALLOW TCP 192.168.1.93 69.16.175.10 7154 80 0 - 0 0 0 - - - SEND
2016-07-06 18:16:25 ALLOW UDP 192.168.1.93 111.221.77.142 27028 40011 0 - - - - - - - SEND
2016-07-06 18:18:11 ALLOW ICMP 192.168.1.93 63.251.64.190 - - 0 - - - - 8 0 - SEND
2016-07-06 18:18:31 ALLOW ICMP 192.168.1.93 63.251.64.190 - - 0 - - - - 8 0 - SEND
2016-07-06 18:19:09 ALLOW TCP 192.168.1.93 63.251.64.137 7174 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:09 ALLOW TCP 192.168.1.93 63.251.64.137 7176 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:09 ALLOW TCP 192.168.1.93 63.251.64.137 7177 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:09 ALLOW TCP 192.168.1.93 63.251.64.137 7172 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:09 ALLOW TCP 192.168.1.93 63.251.64.137 7173 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:09 ALLOW TCP 192.168.1.93 63.251.64.137 7175 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:09 ALLOW TCP 192.168.1.93 77.234.45.43 7178 443 0 - 0 0 0 - - - SEND
2016-07-06 18:19:09 ALLOW TCP 192.168.1.93 77.234.45.43 7179 443 0 - 0 0 0 - - - SEND
2016-07-06 18:19:10 ALLOW TCP 192.168.1.93 69.16.175.10 7180 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:10 ALLOW TCP 192.168.1.93 69.16.175.10 7181 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:10 ALLOW TCP 192.168.1.93 77.234.45.43 7182 443 0 - 0 0 0 - - - SEND
2016-07-06 18:19:10 ALLOW TCP 192.168.1.93 77.234.45.43 7183 443 0 - 0 0 0 - - - SEND
2016-07-06 18:19:10 ALLOW TCP 192.168.1.93 77.234.45.43 7184 443 0 - 0 0 0 - - - SEND
2016-07-06 18:19:11 ALLOW TCP 192.168.1.93 69.16.175.10 7185 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:11 ALLOW TCP 192.168.1.93 77.234.45.43 7186 443 0 - 0 0 0 - - - SEND
2016-07-06 18:19:18 ALLOW TCP 192.168.1.93 63.251.64.137 7188 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:18 ALLOW TCP 192.168.1.93 63.251.64.137 7189 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:18 ALLOW TCP 192.168.1.93 63.251.64.137 7190 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:24 ALLOW TCP 192.168.1.93 63.251.64.137 7191 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:24 ALLOW TCP 192.168.1.93 63.251.64.137 7193 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:24 ALLOW TCP 192.168.1.93 63.251.64.137 7192 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:24 ALLOW TCP 192.168.1.93 63.251.64.137 7194 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:24 ALLOW TCP 192.168.1.93 63.251.64.137 7195 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:24 ALLOW TCP 192.168.1.93 63.251.64.137 7196 80 0 - 0 0 0 - - - SEND
2016-07-06 18:19:25 ALLOW TCP 192.168.1.93 69.16.175.10 7197 80 0 - 0 0 0 - - - SEND
2016-07-06 18:22:06 ALLOW TCP 192.168.1.93 63.251.64.137 7209 80 0 - 0 0 0 - - - SEND
2016-07-06 18:22:39 ALLOW TCP 192.168.1.93 63.251.64.137 7211 80 0 - 0 0 0 - - - SEND
2016-07-06 18:22:52 ALLOW TCP 192.168.1.93 63.251.64.137 7214 80 0 - 0 0 0 - - - SEND
2016-07-06 18:23:32 ALLOW ICMP 192.168.1.93 63.251.64.190 - - 0 - - - - 8 0 - SEND
2016-07-06 18:23:41 ALLOW TCP 192.168.1.93 63.251.64.137 7218 80 0 - 0 0 0 - - - SEND
2016-07-06 18:23:43 ALLOW TCP 192.168.1.93 5.45.58.100 7220 443 0 - 0 0 0 - - - SEND
2016-07-06 18:23:43 ALLOW TCP 192.168.1.93 5.45.58.100 7219 443 0 - 0 0 0 - - - SEND
2016-07-06 18:23:43 ALLOW TCP 192.168.1.93 5.45.58.100 7221 443 0 - 0 0 0 - - - SEND
2016-07-06 18:23:43 ALLOW TCP 192.168.1.93 63.251.64.137 7222 80 0 - 0 0 0 - - - SEND
2016-07-06 18:23:43 ALLOW TCP 192.168.1.93 63.251.64.137 7223 80 0 - 0 0 0 - - - SEND
2016-07-06 18:23:43 ALLOW TCP 192.168.1.93 63.251.64.137 7224 80 0 - 0 0 0 - - - SEND
2016-07-06 18:23:43 ALLOW TCP 192.168.1.93 63.251.64.137 7225 80 0 - 0 0 0 - - - SEND
2016-07-06 18:23:43 ALLOW TCP 192.168.1.93 63.251.64.137 7226 80 0 - 0 0 0 - - - SEND
2016-07-06 18:23:44 ALLOW TCP 192.168.1.93 69.16.175.10 7228 80 0 - 0 0 0 - - - SEND
2016-07-06 18:24:50 ALLOW TCP 192.168.1.93 63.251.64.137 7236 80 0 - 0 0 0 - - - SEND
2016-07-06 18:24:50 ALLOW TCP 192.168.1.93 63.251.64.137 7233 80 0 - 0 0 0 - - - SEND
2016-07-06 18:24:50 ALLOW TCP 192.168.1.93 63.251.64.137 7234 80 0 - 0 0 0 - - - SEND
2016-07-06 18:24:50 ALLOW TCP 192.168.1.93 63.251.64.137 7235 80 0 - 0 0 0 - - - SEND
2016-07-06 18:24:50 ALLOW TCP 192.168.1.93 63.251.64.137 7237 80 0 - 0 0 0 - - - SEND
2016-07-06 18:24:50 ALLOW TCP 192.168.1.93 63.251.64.137 7238 80 0 - 0 0 0 - - - SEND
2016-07-06 18:24:50 ALLOW TCP 192.168.1.93 5.45.58.100 7239 443 0 - 0 0 0 - - - SEND
2016-07-06 18:24:50 ALLOW TCP 192.168.1.93 5.45.58.100 7240 443 0 - 0 0 0 - - - SEND
2016-07-06 18:24:50 ALLOW TCP 192.168.1.93 5.45.58.100 7241 443 0 - 0 0 0 - - - SEND
2016-07-06 18:24:51 ALLOW TCP 192.168.1.93 69.16.175.10 7242 80 0 - 0 0 0 - - - SEND
2016-07-06 18:24:51 ALLOW TCP 192.168.1.93 69.16.175.10 7244 80 0 - 0 0 0 - - - SEND
2016-07-06 18:25:09 ALLOW TCP 192.168.1.93 63.251.64.137 7247 80 0 - 0 0 0 - - - SEND
2016-07-06 18:25:09 ALLOW TCP 192.168.1.93 63.251.64.137 7249 80 0 - 0 0 0 - - - SEND
2016-07-06 18:25:09 ALLOW TCP 192.168.1.93 63.251.64.137 7246 80 0 - 0 0 0 - - - SEND
2016-07-06 18:25:09 ALLOW TCP 192.168.1.93 63.251.64.137 7248 80 0 - 0 0 0 - - - SEND
2016-07-06 18:25:09 ALLOW TCP 192.168.1.93 63.251.64.137 7250 80 0 - 0 0 0 - - - SEND
2016-07-06 18:25:09 ALLOW TCP 192.168.1.93 63.251.64.137 7251 80 0 - 0 0 0 - - - SEND
2016-07-06 18:25:10 ALLOW TCP 192.168.1.93 69.16.175.10 7252 80 0 - 0 0 0 - - - SEND
2016-07-06 18:25:34 ALLOW TCP 192.168.1.93 69.16.175.10 7257 80 0 - 0 0 0 - - - SEND
2016-07-06 18:25:54 ALLOW TCP 192.168.1.93 40.127.129.109 7261 443 0 - 0 0 0 - - - SEND
2016-07-06 18:25:54 ALLOW TCP 192.168.1.93 40.127.129.109 7262 443 0 - 0 0 0 - - - SEND
2016-07-06 18:25:57 ALLOW TCP 192.168.1.93 69.16.175.10 7269 80 0 - 0 0 0 - - - SEND
2016-07-06 18:26:41 ALLOW TCP 192.168.1.93 63.251.64.137 7278 80 0 - 0 0 0 - - - SEND
2016-07-06 18:26:41 ALLOW TCP 192.168.1.93 63.251.64.137 7276 80 0 - 0 0 0 - - - SEND
2016-07-06 18:26:41 ALLOW TCP 192.168.1.93 63.251.64.137 7277 80 0 - 0 0 0 - - - SEND
2016-07-06 18:26:41 ALLOW TCP 192.168.1.93 63.251.64.137 7274 80 0 - 0 0 0 - - - SEND
2016-07-06 18:26:41 ALLOW TCP 192.168.1.93 63.251.64.137 7275 80 0 - 0 0 0 - - - SEND
2016-07-06 18:26:41 ALLOW TCP 192.168.1.93 63.251.64.137 7279 80 0 - 0 0 0 - - - SEND
2016-07-06 18:26:41 ALLOW TCP 192.168.1.93 69.16.175.10 7281 80 0 - 0 0 0 - - - SEND
2016-07-06 18:28:10 ALLOW TCP 192.168.1.93 63.251.64.137 7286 80 0 - 0 0 0 - - - SEND
2016-07-06 18:28:10 ALLOW TCP 192.168.1.93 63.251.64.137 7287 80 0 - 0 0 0 - - - SEND
2016-07-06 18:28:15 ALLOW TCP 192.168.1.93 77.234.45.43 7289 443 0 - 0 0 0 - - - SEND
2016-07-06 18:28:15 ALLOW TCP 192.168.1.93 77.234.45.43 7290 443 0 - 0 0 0 - - - SEND
2016-07-06 18:28:15 ALLOW TCP 192.168.1.93 77.234.45.43 7295 443 0 - 0 0 0 - - - SEND
2016-07-06 18:28:15 ALLOW TCP 192.168.1.93 63.251.64.137 7292 80 0 - 0 0 0 - - - SEND
2016-07-06 18:28:15 ALLOW TCP 192.168.1.93 63.251.64.137 7294 80 0 - 0 0 0 - - - SEND
2016-07-06 18:28:15 ALLOW TCP 192.168.1.93 63.251.64.137 7293 80 0 - 0 0 0 - - - SEND
2016-07-06 18:28:15 ALLOW TCP 192.168.1.93 63.251.64.137 7291 80 0 - 0 0 0 - - - SEND
2016-07-06 18:28:15 ALLOW TCP 192.168.1.93 192.229.233.16 7297 80 0 - 0 0 0 - - - SEND
2016-07-06 18:28:15 ALLOW TCP 192.168.1.93 192.229.233.16 7298 80 0 - 0 0 0 - - - SEND
2016-07-06 18:28:16 ALLOW TCP 192.168.1.93 69.16.175.10 7299 80 0 - 0 0 0 - - - SEND
2016-07-06 18:28:45 ALLOW ICMP 192.168.1.93 63.251.64.179 - - 0 - - - - 8 0 - SEND
2016-07-06 18:29:49 ALLOW TCP 192.168.1.93 69.16.175.10 7306 80 0 - 0 0 0 - - - SEND
2016-07-06 18:29:49 ALLOW TCP 192.168.1.93 77.234.45.43 7307 443 0 - 0 0 0 - - - SEND
2016-07-06 18:29:49 ALLOW TCP 192.168.1.93 77.234.45.43 7308 443 0 - 0 0 0 - - - SEND
2016-07-06 18:29:49 ALLOW TCP 192.168.1.93 77.234.45.42 7309 443 0 - 0 0 0 - - - SEND
2016-07-06 18:30:22 ALLOW TCP 192.168.1.93 63.251.64.137 7313 80 0 - 0 0 0 - - - SEND
2016-07-06 18:30:22 ALLOW TCP 192.168.1.93 63.251.64.137 7314 80 0 - 0 0 0 - - - SEND
2016-07-06 18:30:23 ALLOW TCP 192.168.1.93 69.16.175.42 7316 80 0 - 0 0 0 - - - SEND
2016-07-06 18:30:38 ALLOW TCP 192.168.1.93 63.251.64.137 7319 80 0 - 0 0 0 - - - SEND
2016-07-06 18:30:38 ALLOW TCP 192.168.1.93 63.251.64.137 7320 80 0 - 0 0 0 - - - SEND
2016-07-06 18:30:38 ALLOW TCP 192.168.1.93 63.251.64.137 7321 80 0 - 0 0 0 - - - SEND
2016-07-06 18:30:38 ALLOW TCP 192.168.1.93 63.251.64.137 7322 80 0 - 0 0 0 - - - SEND
2016-07-06 18:30:38 ALLOW TCP 192.168.1.93 63.251.64.137 7323 80 0 - 0 0 0 - - - SEND
2016-07-06 18:30:38 ALLOW TCP 192.168.1.93 63.251.64.137 7318 80 0 - 0 0 0 - - - SEND
2016-07-06 18:30:38 ALLOW TCP 192.168.1.93 69.16.175.42 7324 80 0 - 0 0 0 - - - SEND
2016-07-06 18:31:11 ALLOW TCP 192.168.1.93 63.251.64.137 7328 80 0 - 0 0 0 - - - SEND
2016-07-06 18:31:11 ALLOW TCP 192.168.1.93 63.251.64.137 7330 80 0 - 0 0 0 - - - SEND
2016-07-06 18:31:11 ALLOW TCP 192.168.1.93 63.251.64.137 7329 80 0 - 0 0 0 - - - SEND
2016-07-06 18:31:11 ALLOW TCP 192.168.1.93 63.251.64.137 7331 80 0 - 0 0 0 - - - SEND
2016-07-06 18:31:11 ALLOW TCP 192.168.1.93 63.251.64.137 7332 80 0 - 0 0 0 - - - SEND
2016-07-06 18:31:11 ALLOW TCP 192.168.1.93 69.16.175.42 7334 80 0 - 0 0 0 - - - SEND
2016-07-06 18:32:34 ALLOW TCP 192.168.1.93 5.45.58.99 7344 443 0 - 0 0 0 - - - SEND
2016-07-06 18:32:34 ALLOW TCP 192.168.1.93 5.45.58.99 7345 443 0 - 0 0 0 - - - SEND
2016-07-06 18:32:34 ALLOW TCP 192.168.1.93 63.251.64.137 7340 80 0 - 0 0 0 - - - SEND
2016-07-06 18:32:34 ALLOW TCP 192.168.1.93 63.251.64.137 7341 80 0 - 0 0 0 - - - SEND
2016-07-06 18:32:34 ALLOW TCP 192.168.1.93 63.251.64.137 7342 80 0 - 0 0 0 - - - SEND
2016-07-06 18:32:34 ALLOW TCP 192.168.1.93 63.251.64.137 7343 80 0 - 0 0 0 - - - SEND
2016-07-06 18:32:34 ALLOW TCP 192.168.1.93 63.251.64.137 7338 80 0 - 0 0 0 - - - SEND
2016-07-06 18:32:34 ALLOW TCP 192.168.1.93 63.251.64.137 7339 80 0 - 0 0 0 - - - SEND
2016-07-06 18:32:35 ALLOW TCP 192.168.1.93 69.16.175.42 7346 80 0 - 0 0 0 - - - SEND
2016-07-06 18:32:35 ALLOW TCP 192.168.1.93 69.16.175.42 7348 80 0 - 0 0 0 - - - SEND
2016-07-06 18:33:31 ALLOW TCP 192.168.1.93 63.251.64.137 7352 80 0 - 0 0 0 - - - SEND
2016-07-06 18:33:31 ALLOW TCP 192.168.1.93 63.251.64.137 7353 80 0 - 0 0 0 - - - SEND
2016-07-06 18:33:31 ALLOW TCP 192.168.1.93 63.251.64.137 7354 80 0 - 0 0 0 - - - SEND
2016-07-06 18:33:31 ALLOW TCP 192.168.1.93 63.251.64.137 7355 80 0 - 0 0 0 - - - SEND
2016-07-06 18:33:33 ALLOW TCP 192.168.1.93 69.16.175.42 7356 80 0 - 0 0 0 - - - SEND
2016-07-06 18:33:33 ALLOW TCP 192.168.1.93 69.16.175.42 7358 80 0 - 0 0 0 - - - SEND
2016-07-06 18:36:22 ALLOW TCP 192.168.1.93 63.251.64.137 7375 80 0 - 0 0 0 - - - SEND
2016-07-06 18:38:48 ALLOW TCP 192.168.1.93 63.251.64.137 7392 80 0 - 0 0 0 - - - SEND
2016-07-06 18:38:49 ALLOW TCP 192.168.1.93 63.251.64.137 7395 80 0 - 0 0 0 - - - SEND
2016-07-06 18:38:49 ALLOW TCP 192.168.1.93 63.251.64.137 7394 80 0 - 0 0 0 - - - SEND
2016-07-06 18:38:49 ALLOW TCP 192.168.1.93 63.251.64.137 7393 80 0 - 0 0 0 - - - SEND

The weird thing is that none of these IPs are sinkholes. As you can see, they belong to legit sites.

I'd like to stress that I don't visit any suspicious websites and I regularly run antivirus scans. I'd say I'm not a complete computer noob, but I'm VERY confused by this.

I could really use some advice with this problem. I hope I understand correctly that this probably isn't a high security danger, but CBL is preventing me from sending e-mails, which is understandably an issue for me. Thanks for your help.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
  • Like
Reactions: Hieronymus

Hieronymus

New Member
Thread author
Jul 6, 2016
8
OK, I've downloaded the Scan and ran it.
I've attached the 2 files you requested.
 

Attachments

  • FRST.txt
    44.6 KB · Views: 3
  • Addition.txt
    54.2 KB · Views: 1

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Okay, let's see if this will help.


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.



adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Cleaning.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 

Attachments

  • fixlist.txt
    5.4 KB · Views: 1

Hieronymus

New Member
Thread author
Jul 6, 2016
8
Hello,

I've run both scans and I've attached the log from Farbar to this reply.
I hope this won't be a problem for you, but the AdwCleaner that I downloaded was automatically in my (Czech) language, and it seemingly attempted to write some words in the log in that language as well, so it came out as nonsense. If this is a problem, please tell me and I'll try to download AdwCleaner in English.

Here are the contents of the AdwCleaner log:
[coode]
# AdwCleaner v5.201 - Log vytvořen 07/07/2016 v 18:13:55
# Aktualizováno 30/06/2016 by ToolsLib
# Databáze : 2016-07-06.1 [Server]
# OperaÄŤnĂ system : Windows 8.1 (X64)
# Uživatelské jméno : Robin - MARSHALL
# Spuštěno z : C:\Users\Robin\Desktop\AdwCleaner.exe
# NastavenĂ : ÄŚištÄ›nĂ
# Podpora : ToolsLib

***** [ SluĹľby ] *****


***** [ SloĹľky ] *****

[-] Složka Smazáno : C:\ProgramData\Trymedia
[#] Složka Smazáno : C:\ProgramData\Application Data\Trymedia
[-] Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\abc
[-] Složka Smazáno : C:\Users\Robin\AppData\Local\VirtualStore\Program Files\abc
[-] Složka Smazáno : C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
[-] Složka Smazáno : C:\Program Files\abc

***** [ Soubory ] *****

[-] Soubor Smazáno : C:\WINDOWS\Reimage.ini

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupci ] *****


***** [ Naplánované úlohy ] *****


***** [ Registry ] *****

[-] KlĂÄŤ Smazáno : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] KlĂÄŤ Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
[-] KlĂÄŤ Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] KlĂÄŤ Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] KlĂÄŤ Smazáno : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] KlĂÄŤ Smazáno : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] KlĂÄŤ Smazáno : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] KlĂÄŤ Smazáno : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] KlĂÄŤ Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] KlĂÄŤ Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
[-] KlĂÄŤ Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] KlĂÄŤ Smazáno : HKCU\Software\smarttweak
[-] KlĂÄŤ Smazáno : HKLM\SOFTWARE\Reimage

***** [ ProhlĂĹľeÄŤe ] *****

[-] [C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\e9hu0vtx.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.alias", "istartsurf");
[-] [C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\e9hu0vtx.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
[-] [C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\e9hu0vtx.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[-] [C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\e9hu0vtx.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.name", "istartsurf");
[-] [C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\e9hu0vtx.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.ptid", "cor");
[-] [C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\e9hu0vtx.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.uid", "WDCXWD7500BPVT-80HXZT3_WD-WXG1E82ULJ55ULJ55");
[-] [C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\e9hu0vtx.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1435084964&z=03d753daede5a87c2c795b6g0z4caw1e6b0zdteq6w&from=cor&uid=WDCXWD7500BPVT-80HXZT3_WD-WXG1E82ULJ55ULJ55[...]
[-] [C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\e9hu0vtx.default\prefs.js] Smazáno : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\e9hu0vtx.default\prefs.js] Smazáno : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

:: "Tracing" klĂÄŤe smazány
:: Nastavenà Winsock vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4000 bytĹŻ] - [07/07/2016 18:13:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [4019 bytĹŻ] - [07/07/2016 18:10:28]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4146 bytĹŻ] ##########[/code]
 

Attachments

  • Fixlog.txt
    13.9 KB · Views: 3
Last edited by a moderator:

Hieronymus

New Member
Thread author
Jul 6, 2016
8
Well, as I said, the computer was and is running completely fine even with the problem and shows no visible signs of an infection, so it's hard to tell. The CBL says that the last time my IP connected to a Conficker sinkhole IP 38.229.184.217 was on 6th July at 19:04:45 (UTC time). I'll post here if it reports another attempt to connect. Until then, thank you for your help.
 

Hieronymus

New Member
Thread author
Jul 6, 2016
8
Hello,

sadly, the CBL again says that my IP is connecting to a Conficker sinkhole. It used to connect a lot, but after your suggested fix it seemingly stopped, so I was just about to request the delisting of my IP from the CBL when I saw that it connected again, this time to a slightly different sinkhole address 38.229.183.199 :(

I'm very frustrated by this. I thought the problem was solved. Do you have any more tips?

My IP connected to the sinkhole on 9th July at 12:41:14 UTC time.
 

Hieronymus

New Member
Thread author
Jul 6, 2016
8
I live in a flat and only have a router at home, the modem is shared between the building inhabitants. I get internet from my ISP.
 

Hieronymus

New Member
Thread author
Jul 6, 2016
8
So I've reset the router, but it keeps connecting to the sinkholes. I just had an idea though - we switched to a different ISP before our contract with the old one expired, so we're getting internet from a new ISP, but we're technically with both of them at the moment. The old ISP got attacked by a wide hacker attack a while ago. Is it possible that it's somehow affecting us, even though we're already getting internet from the new ISP? Nmap reported a clean network, ESET hasn't found anything and the other scans I mentioned also didn't find anything, so I'm pretty positive that we DON'T have Conficker. I just really want to get off the blacklist, that's all....
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
As I've said your computer isn't infected. Conficker is infection almost 10 years old and it is not in the wild anymore. You can probably find it on some old computers but today, there is no way.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top