Solved

askmen.com a threat?

  • 13 August 2013
  • 6 replies
  • 28 views

Userlevel 2
Has anyone else had trouble with askmen.com? I hadn't had any before, but this time when I went the first time the screen flickered like something was appearing before I could view it, like a split second flash. Then I tried going to the site again and I got a VERY fleeting glimpse of webroot saying "This site has a known..." something. I didn't get to read any past that as it dissappeared before I could read it. How do I find out what it blocked? If I do the save logs thing under scan log  all I get is gibberish that I don't understand and the execution history doesn't tell me anything.
icon

Best answer by DanP 14 August 2013, 00:20

View original

6 replies

Userlevel 7
Badge +6
Right click the Webroot icon > save log > scroll down to the bottom of the log.
 
Likely one of their ad networks was compromised by a malicious ad and the entire page was blocked as a safeguard. Or something else made it freak out.
 
Can you post the lines of your log that show the blocking?
Userlevel 2
There are so many lines of blocking in the log that I likely can't post them all. It has been blocking stuff from Askmen.com for quite a while, but for some reason I was just notified of this by it last night. Strange.
 
Also, I have not been changing my configuration, so I don't know why it keeps saying that it saved a configuration.
 
Here is a VERY small portion of the sections where blocking occurred.
 
 
Mon 2013-08-12 23:07:15.0743    Blocked website: http://www.askmen.com/top_10/entertainment/iphone-5s-rumors.html
Mon 2013-08-12 23:07:15.0743    Closed network connection: [0100007F.1472 - 0100007F.1728]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [0100007F.1728 - 0100007F.1472]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [C558A8C0.40384 - 6BA00D17.20480]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [C558A8C0.41152 - D442C442.20480]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [C558A8C0.41920 - 63BAD040.20480]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [C558A8C0.42176 - 6BD03617.47873]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [C558A8C0.43456 - 6ABAD040.20480]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [C558A8C0.43968 - 58BAD040.20480]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [C558A8C0.44224 - 58BAD040.20480]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [C558A8C0.44480 - 58BAD040.20480]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [C558A8C0.44736 - 5F41C2AD.20480]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [C558A8C0.44992 - 68BAD040.20480]
Mon 2013-08-12 23:07:15.0743    Closed network connection: [C558A8C0.45248 - 68BAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.45504 - 5F41C2AD.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.46272 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.46528 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.46784 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.47040 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.47296 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.47552 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.48576 - 68BAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.48832 - 68BAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.49344 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.49600 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.49856 - 6722C2AD.47873]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.50112 - 78BAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.50368 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.50624 - 5ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.50880 - 79BAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.51136 - 68BAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.52160 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.52416 - 14EDAB45.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.52928 - 78BAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.53184 - 78BAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.53440 - 78BAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.53696 - 78BAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.53952 - 78BAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.54208 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.54464 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.54720 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.54976 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.55744 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.56000 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.56256 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.56512 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.56768 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.57024 - 17460D1F.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.57280 - A290D340.20480]
Mon 2013-08-12 23:07:15.0744    Closed network connection: [C558A8C0.57536 - A290D340.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.57792 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.58048 - 7ABAD040.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.60096 - 8F29C2AD.47873]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.60352 - 7922C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.61120 - B371C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.61888 - 7B886626.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.63424 - 581964D0.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.3009 - 8529C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.3265 - 8529C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.3521 - 4622C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.6593 - 6BBAD040.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.7105 - 8E22C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.7361 - 8E22C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.7873 - 58BAD040.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.8641 - 4622C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.8897 - 4622C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.9153 - 4622C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.9409 - 4622C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.9665 - 4622C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.9921 - 4622C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.10177 - 7BBAD040.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.10433 - 7BBAD040.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.12993 - 6922C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.13249 - 6922C2AD.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.14273 - BF38BECE.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.14529 - BF38BECE.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.15297 - A274C442.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.15553 - A274C442.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.15809 - E8C98962.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.16065 - E8C98962.47873]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.16321 - 9C42C442.47873]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.16577 - 3AEF064A.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.16833 - 78BAD040.20480]
Mon 2013-08-12 23:07:15.0745    Closed network connection: [C558A8C0.17089 - 61BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.17345 - 61BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.17601 - 869181AE.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.17857 - 71BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.18113 - 71BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.18369 - 71BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.18625 - 61BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.18881 - 58BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.19137 - 58BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.19393 - 71BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.19649 - 71BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.19905 - 71BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.20161 - 71BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.20417 - 71BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.20673 - 71BAD040.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.20929 - 869181AE.20480]
Mon 2013-08-12 23:07:15.0746    Closed network connection: [C558A8C0.21185 - 869181AE.20480]
Mon 2013-08-12 23:08:01.0176    Blocked website: http://www.askmen.com/top_10/celebrity/traits-of-a-secret-service-member.html
Mon 2013-08-12 23:08:01.0177    Closed network connection: [0100007F.21953 - 0100007F.22209]
Mon 2013-08-12 23:08:01.0177    Closed network connection: [0100007F.22209 - 0100007F.21953]
Mon 2013-08-12 23:08:01.0177    Closed network connection: [C558A8C0.22465 - 61BAD040.20480]
Mon 2013-08-12 23:08:01.0177    Closed network connection: [C558A8C0.22721 - 7B886626.20480]
Mon 2013-08-12 23:08:01.0177    Closed network connection: [C558A8C0.24769 - E8C98962.20480]
Mon 2013-08-12 23:08:01.0177    Closed network connection: [C558A8C0.25281 - D442C442.47873]
Mon 2013-08-12 23:08:01.0177    Closed network connection: [C558A8C0.27073 - 63BAD040.20480]
Mon 2013-08-12 23:08:01.0177    Closed network connection: [C558A8C0.27329 - 71BAD040.20480]
Mon 2013-08-12 23:08:01.0177    Closed network connection: [C558A8C0.28097 - 71BAD040.20480]
Mon 2013-08-12 23:08:01.0177    Closed network connection: [C558A8C0.34241 - A274C442.20480]
Mon 2013-08-12 23:08:01.0177    Closed network connection: [C558A8C0.35009 - 3AEF064A.20480]
Mon 2013-08-12 23:08:01.0177    Closed network connection: [C558A8C0.35521 - 483607C7.20480]
Mon 2013-08-12 23:10:38.0377    Saved the product log to C:UsersqDesktoplogs.log
Mon 2013-08-12 23:10:38.0447    Monitoring process C:WindowsSysWOW64otepad.exe [D378BFFB70923139D6A4F546864AA61C]. Type: 3 (6582)
Mon 2013-08-12 23:10:38.0447    Monitoring process C:WindowsSysWOW64otepad.exe [D378BFFB70923139D6A4F546864AA61C]. Type: 4 (6582)
Mon 2013-08-12 23:10:38.0447    Monitoring process C:WindowsSysWOW64otepad.exe [D378BFFB70923139D6A4F546864AA61C]. Type: 5 (6582)
Mon 2013-08-12 23:10:38.0448    Monitoring process C:WindowsSysWOW64otepad.exe [D378BFFB70923139D6A4F546864AA61C]. Type: 7 (6582)
Mon 2013-08-12 23:10:38.0450    Monitoring process C:WindowsSysWOW64otepad.exe [D378BFFB70923139D6A4F546864AA61C]. Type: 8 (6582)
Tue 2013-08-13 02:35:20.0909    Monitoring process c:program fileswindows defenderMpCmdRun.exe [6BD4D7F68924301051C22E8A951AECBA]. Type: 3 (6583)
Tue 2013-08-13 02:35:20.0909    Monitoring process c:program fileswindows defenderMpCmdRun.exe [6BD4D7F68924301051C22E8A951AECBA]. Type: 4 (6583)
Tue 2013-08-13 02:35:20.0909    Monitoring process c:program fileswindows defenderMpCmdRun.exe [6BD4D7F68924301051C22E8A951AECBA]. Type: 5 (6583)
Tue 2013-08-13 02:35:20.0909    Monitoring process c:program fileswindows defenderMpCmdRun.exe [6BD4D7F68924301051C22E8A951AECBA]. Type: 7 (6583)
Tue 2013-08-13 02:35:20.0909    Monitoring process c:program fileswindows defenderMpCmdRun.exe [6BD4D7F68924301051C22E8A951AECBA]. Type: 8 (6583)
Tue 2013-08-13 02:35:21.0089    Monitoring process c:program fileswindows defenderMpCmdRun.exe [6BD4D7F68924301051C22E8A951AECBA]. Type: 3 (6583)
Tue 2013-08-13 02:35:21.0089    Monitoring process c:program fileswindows defenderMpCmdRun.exe [6BD4D7F68924301051C22E8A951AECBA]. Type: 4 (6583)
Tue 2013-08-13 02:35:21.0089    Monitoring process c:program fileswindows defenderMpCmdRun.exe [6BD4D7F68924301051C22E8A951AECBA]. Type: 5 (6583)
Tue 2013-08-13 02:35:21.0099    Monitoring process c:program fileswindows defenderMpCmdRun.exe [6BD4D7F68924301051C22E8A951AECBA]. Type: 7 (6583)
Tue 2013-08-13 02:35:21.0099    Monitoring process c:program fileswindows defenderMpCmdRun.exe [6BD4D7F68924301051C22E8A951AECBA]. Type: 8 (6583)
Tue 2013-08-13 02:50:00.0566    System shutting down.
Tue 2013-08-13 02:50:01.0674    Configuration Saved: CSCS3241EBB9F1727F04FC1FDA8932ACC298,00011,00021,00031,00040,00050,00061,00070,00081,00091,000A1,000B1,000C0,000D0,000E1,000F0,001018,001157,00120,00130,00140,00151,00161,00171,00181,00191,001A0,001B1,001C1,001D1,001E1,001F1,00201,00211,00221,00231,00241,00251,00260,00270,00280,00290,002A1,002B0,002C0,002D1,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00520,00530,00541,00551,00561,00571,00581,00591,005A2,005B1,005C0,005D0,005E0,005F0,00601,00614,00624,00634,00641,00654,00664,00674,00681,00694,006A4,006B4,006C1,006D4,006E4,006F4,00701,00714,00724,00734,00741,00754,00764,00774,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00890,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B10,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,
Tue 2013-08-13 02:50:01.0674    <<< Service shut down successfully. Uptime: 250 minute(s)
Tue 2013-08-13 15:19:39.0315    >>> Service started [v8.0.2.167]
Tue 2013-08-13 15:20:33.0965    User process connected successfully from PID 732, Session 1
Tue 2013-08-13 15:20:36.0413    Connecting to 29 - 29
Tue 2013-08-13 15:21:13.0481    Saved updated configuration
Tue 2013-08-13 15:22:05.0414    Scan Started:  [ID: 20 - Flags: 551/0]
Tue 2013-08-13 15:22:19.0734    Scan Results: Files Scanned: 19591, Duration: 14s, Malicious Files: 0
Tue 2013-08-13 15:22:19.0750    Scan Finished: [ID: 20 - Seq: 20]
Tue 2013-08-13 16:31:33.0866    Begin passive write scan (4 file(s))
Tue 2013-08-13 16:31:34.0516    End passive write scan (4 file(s))
Tue 2013-08-13 16:36:38.0471    Saved the product log to C:UsersqDesktopscan long now.log
Userlevel 7
Badge +35
Cloud,
Thanks for the log. I'm working on clearing this up right now, and you should no longer be seeing the blocks shortly.
 
-Dan
Userlevel 2
What was the deal? Was it a threat?
Userlevel 7
Badge +56
No it looks good as it's not being blocked now and DanP said he would remove the detection!
 
Daniel ;)
Userlevel 7
Still running Windows defender on that PC.. Tut Tut 😃

Reply