Under attack.

Hey guys, im on my phone so limited text.

the last 20h i've been pinged and scaned by 216.240.157.88 (safarel.com) since this started my cpu is at 100%

my firewall and antivirus have removed one threat after another. What should i do? any advice is appreciated!

http://security.thejoshmeister.com/

That site goes into it. Do a ctrl+ F to find where that domain is mentioned (safarel.com).

I looked that site up on the WOT site and here's the result, probable connections to malicious software:

http://www.mywot.com/en/scorecard/www.safarel.com

Just based on what you said, definitely don't think that it's something to brush off. Try to remove any malware from your system is about all that I can offer (which you've tried already).

Hopefully someone else can offer a bit more on this than I can. I'm a newcomer to this site but hopefully this points you in the right direction.

You got jacked big time, It on a threat list already: http://www.threatexpert.com/report.aspx?md5=202808483a9f8447d5dec38677593ff9

Best advise is to remove these files manually, If not try running malwarebytes it should get rid of it.

I now have just slightly more info. The exakt adress of what is attacking me is safarel.com/oms.php I´ve found some of the malware but not all, any tip of a good malware remover? Thanks guys this is appreciated :)

I'd recommend both AVG and TrendMicro's Housecall, as they are both free.

Depending on what you use that computer for, it may just be best to backup your files and re-install the OS. Malware is quite tricky and even if you remove everything you (or the AV scanners) find, you may still have an infection. The only way to be sure is to completely rebuild the box and then move your data back over (after giving it a virus scan or two, you don't want to rebuild the box and then copy the malware back over.)

If you use this computer for any sort on online banking or the like, definitely change those passwords.

~samurai

I Think that i´ve solved it for now. Installed norton 2010 instead of eset smart secutiry and it found a great deal of infected files. Since the only thing i use that computer for is games and the likes i don´t think that is that big problem.

Thank you :)

if I get someone scanning or trying to bruteforce my ftp or something (usually from china :/) I just restart my router so i get a new ip.

wolfmankurd wrote: if I get someone scanning or trying to bruteforce my ftp or something (usually from china :/) I just restart my router so i get a new ip.

wat

Just add them to the blacklist. Or better, reroute to fbi.gov.

#wolfmankurd: I have a fixed ip :(

#spyware: said and done :D all trafic from the specified ip will rerout through my vpn to fbi.gov :D

U re-routed all malicious traffic going into your i.p back out from ur i.p to Fbi.gov!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! hmm i wonder which i.p will show up in the logs yours or the attackers :o

:/

yihoshi wrote: U re-routed all malicious traffic going into your i.p back out from ur i.p to Fbi.gov!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! hmm i wonder which i.p will show up in the logs yours or the attackers :o I suspect those logs are long gone since this happened more than half a year ago.

ynori7 wrote: [quote]yihoshi wrote: U re-routed all malicious traffic going into your i.p back out from ur i.p to Fbi.gov!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! hmm i wonder which i.p will show up in the logs yours or the attackers :o I suspect those logs are long gone since this happened more than half a year ago.[/quote] Lawl.

goluhaque wrote: [quote]ynori7 wrote: [quote]yihoshi wrote: U re-routed all malicious traffic going into your i.p back out from ur i.p to Fbi.gov!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! hmm i wonder which i.p will show up in the logs yours or the attackers :o I suspect those logs are long gone since this happened more than half a year ago.[/quote] Lawl.[/quote] Laughing and wielding longsword?

MoshBat wrote: This was a dead topic, before it was bumped with some atrocious English. We don't particularly need a discussion on how badly a thread was bumped, or what "lawl" may or many not stand for, or mean.

Lock and let die.

Good idea.