Something wrong with my system

[Anupam]

Hi all,

Though looking into the subject you might guess that my system is not working fine, but that's not true. I could not find anything wrong with my system.

But not sure why emsisoft sometimes thowing pop-up saying my system is trying to connect to malicious host.

Any idea why I am getting this? Yesterday I plugged in one infected USB stick. Now I am afraid that something might be wrong.

 

[nissimezra]

view details or upload the log to see where it run from

 

[Paul Lee]

Only Emsisoft detects that site as malicious. View the following Virustotal results.

https://www.virustotal.com/en/url/d...143a8aac2db7aa69b7ce0d91/analysis/1420140797/

 

[Tani]

it's a sub domain of 4shared.com. Someone may have uploaded any file on 4shared.com & that sub domain might have been used by that user & emsisoft thought it's a malicious site.

 

[viktik]

some vbs scripts can get through without being detected.

show the process list using process hacker.

 

[cruelsister]

This is really not good. Quite a few malware types use connections to places like dropbox, 4shared, etc in order to either download other malicious files or to download and update the original malware file to something more recent (zero-day every day) in order to fool definition based security solutions.

What you need to do:
1). As suggested above go into the Emsisoft further details link to see what is asking for the outbound connection. Upload this file to VT and see what the results are (if you can't find it, it may have installed itself with hidden attributes).
2). Go into MSCONFIG to see what is autostarting on your computer. If you are getting these Firewall alerts without you doing anything you without doubt have an auto-starting baddie.
3). If you have Comodo Cleaning Eessentials on your computer (everyone really should), open up Killswitch to see if Comodo finds anything running that is either bad or unknown.

Please get back to us with your findings.

New Year- New Malware

 

[nissimezra]

This is really not good. Quite a few malware types use connections to places like dropbox, 4shared, etc in order to either download other malicious files or to download and update the original malware file to something more recent (zero-day every day) in order to fool definition based security solutions.

What you need to do:
1). As suggested above go into the Emsisoft further details link to see what is asking for the outbound connection. Upload this file to VT and see what the results are (if you can't find it, it may have installed itself with hidden attributes).
2). Go into MSCONFIG to see what is autostarting on your computer. If you are getting these Firewall alerts without you doing anything you without doubt have an auto-starting baddie.
3). If you have Comodo Cleaning Eessentials on your computer (everyone really should), open up Killswitch to see if Comodo finds anything running that is either bad or unknown.

Please get back to us with your findings.

New Year- New Malware

it could be schedule task the trigger it as well.

OP did you play with malwae packs, do you have VM running?

 

[kiric96]

well in this case... remember that user uses third party websites to upload photos or media... many sites as 4shared uses many subdomain to give /distribute / their contents, so, at some point in time this site could be used to upload malware and that is why you receive the alert... and dont worry you dont have to go to emsi forum... moderators can tell you that this site has nothing to do with 4share, so dont panic... i am custom to see this...

you are not infected this is normal at least with emsi... but... is not a good idea to blacklist the whole subdomain just because only one page is distributing malware.

of course you wont lose any function of the forum....

 

[jamescv7]

Well seems there could be an application trying to connect on that sub domain and the behavior itself may be malicious. Does the alert appeared once only?

 

[Anupam]

Ok Guys.

I checked my system witm MBAM free, Hitman Pro and herdprotect. System is clean.

This popup I was getting yesterday each time I was trying to open a new tab for Google Chrome. But today I am not getting any pop-ups.
Thought the reason is unknown, but seems like today I don't have the problem anymore.

 

[frogboy]

Well that is very good to hear that your system is all good now.

 

[nissimezra]

Ok Guys.

I checked my system witm MBAM free, Hitman Pro and herdprotect. System is clean.

This popup I was getting yesterday each time I was trying to open a new tab for Google Chrome. But today I am not getting any pop-ups.
Thought the reason is unknown, but seems like today I don't have the problem anymore.

thats why i used MSE for years, 0 FALSE\POSITIVE
thats why i dont like BD engine

 

[darko999]

Emsisoft has always been a bit more paranoid about domain filtering, not bad since I don't remember it giving me any issues with regular surfing more than seeing a couple of possible false positive warnings about third party domains. But it was so long ago IDK how emsisoft works on nowadays.

 

[Behold Eck]

If it looks like a FP,walks like an FP and sounds like an FP it`s probably an FP.

I`d still do a full system scan with Eset online scanner,just incase.

Regards Eck

 

[MalwareT]

That's why i'm using Avast!, Bitdefender has many false positives.

 

[Jaspion]

Guys I don't think this FP has anything to do with Bitdefender's engine.

 

[nissimezra]

That's why i'm using Avast!, Bitdefender has many false positives.

avast was and still is one of the best free AV.

 

[MalwareT]

avast was and still is one of the best free AV.

Proudly 7 years