Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: DDoS Attack, Changed IPs Still Under Attack

17 Jun 2013   #11
Nitsua

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
Download DDS from one of these links:
DDS.com
DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.21.2
Run by Austin at 7:53:38 on 2013-06-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.546 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\RaidCall\raidcall.exe
C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{30C147D2-8A63-43D8-BA4E-CF758CE187DF} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{59413365-E53B-45CA-81E7-E42CDC310CBF} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{59413365-E53B-45CA-81E7-E42CDC310CBF}\74F6C64656E6D25374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A5C1DD3B-AB74-4EFF-B83E-7AB395E18404} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C3735A72-7AA5-43AB-8664-BCCB2116F392} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Cm108Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\rcitsew8.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Austin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Austin\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Users\Austin\AppData\Roaming\RCKR\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-1-1 25312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2013-1-1 272864]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-1-1 838136]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2012-11-11 131072]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2012-10-15 38016]
R3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\System32\drivers\CM10864.sys [2010-8-12 1310720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-7 25928]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2012-10-9 25600]
S3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-9-18 112640]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2012-10-9 23040]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-7 399432]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-7 676936]
S4 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
.
=============== Created Last 30 ================
.
2013-06-14 23:27:11 -------- d-----w- C:\ProgramData\Sophos
2013-06-14 23:27:02 73728 ----a-r- C:\Users\Austin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-06-14 23:27:02 73728 ----a-r- C:\Users\Austin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-06-14 23:27:02 73728 ----a-r- C:\Users\Austin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-06-14 23:27:01 -------- d-----w- C:\Program Files (x86)\Sophos
2013-06-13 21:00:49 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-06-11 20:55:18 -------- d-----w- C:\Program Files (x86)\Aeria Games
2013-05-30 01:32:33 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-28 21:21:52 -------- d-----w- C:\Downloads
2013-05-28 21:19:35 -------- d-----w- C:\Users\Austin\AppData\Roaming\FlashgetSetup
2013-05-28 21:19:35 -------- d-----w- C:\Users\Austin\AppData\Roaming\BITS
2013-05-28 19:42:55 -------- d-----w- C:\Users\Austin\AppData\Local\TERA
2013-05-28 06:28:31 -------- d-----w- C:\ProgramData\HappyCloud
2013-05-28 05:56:13 -------- d-----w- C:\Users\Austin\AppData\Local\Google
2013-05-28 00:31:48 -------- d-----w- C:\Program Files (x86)\Three Rings Design
2013-05-24 14:36:03 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-21 22:31:44 -------- d-----w- C:\Program Files\Speccy
.
==================== Find3M ====================
.
2013-05-30 01:32:29 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-30 01:32:29 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-28 00:16:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-28 00:16:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 7:54:07.85 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/7/2012 12:17:07 PM
System Uptime: 6/17/2013 6:09:53 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1436
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 271 GiB total, 164.397 GiB free.
D: is FIXED (NTFS) - 27 GiB total, 1.156 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Network Controller
Device ID: PCI\VEN_8086&DEV_4239&SUBSYS_13118086&REV_35\4&868B5B4&0&00E1
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_8086&DEV_4239&SUBSYS_13118086&REV_35\4&868B5B4&0&00E1
Service:
.
Class GUID:
Description:
Device ID: ACPI\HPQ0004\3&11583659&0
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0004\3&11583659&0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_1436103C&REV_03\4&352F8BD7&0&00E0
Manufacturer: Realtek
Name: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_1436103C&REV_03\4&352F8BD7&0&00E0
Service: RTL8167
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&3EF6CBB&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&3EF6CBB&0&2
Service: BthPan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (RFCOMM Protocol TDI)
Device ID: BTH\MS_RFCOMM\7&3EF6CBB&0&0
Manufacturer: Microsoft
Name: Bluetooth Device (RFCOMM Protocol TDI)
PNP Device ID: BTH\MS_RFCOMM\7&3EF6CBB&0&0
Service: RFCOMM
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\8&1C9B64FD&2&06
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #6
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\8&1C9B64FD&2&06
Service: vwifimp
.
==== System Restore Points ===================
.
RP67: 6/11/2013 3:52:39 PM - Scheduled Checkpoint
RP68: 6/13/2013 4:22:29 PM - avast! Free Antivirus Setup
RP69: 6/13/2013 5:00:25 PM - avast! Free Antivirus Setup
RP70: 6/14/2013 7:26:43 PM - Installed Sophos Virus Removal Tool.
RP71: 6/14/2013 8:20:30 PM - ??? 籩սTF
RP72: 6/14/2013 8:22:27 PM - Removed osu!
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Aeria Ignite
AMD Catalyst Install Manager
CCleaner
Counter-Strike: Global Offensive
Diablo II
Diablo III
Dropbox
Google Chrome
Google Update Helper
Java 7 Update 21
Java Auto Updater
League of Legends
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
Paint.NET v3.5.10
Path of Exile
Puzzle Pirates
RaidCall
Razer Game Booster
Razer Synapse 2.0
Skype 6.1
Soldier Front 2
Sophos Virus Removal Tool
Speccy
Steam
SteelSeries Engine
swMSM
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Synaptics Pointing Device Driver
TeamSpeak 3 Client
TERA
Unity Web Player
USB PnP Sound Device
Ventrilo Client for Windows x64
.
==== Event Viewer Messages From Past Week ========
.
6/12/2013 12:21:27 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/12/2013 12:21:27 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
6/12/2013 12:21:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================


My System SpecsSystem Spec
.
17 Jun 2013   #12
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Malwarebytes' Anti-malware is out dated. Uninstall the old version, then download (free version) Malwarebytes' Anti-Malware to your desktop
Malwarebytes : Malwarebytes Anti-Malware removes malware including viruses, spyware, worms and trojans, plus it protects your computer
* Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
My System SpecsSystem Spec
17 Jun 2013   #13
Nitsua

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
Malwarebytes' Anti-malware is out dated. Uninstall the old version, then download (free version) Malwarebytes' Anti-Malware to your desktop
Malwarebytes : Malwarebytes Anti-Malware removes malware including viruses, spyware, worms and trojans, plus it protects your computer
* Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.06.17.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Austin :: AUSTIN-PC [administrator]

6/17/2013 2:39:19 PM
mbam-log-2013-06-17 (14-39-19).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328544
Time elapsed: 37 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
My System SpecsSystem Spec
.

17 Jun 2013   #14
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Let's flush the DNS cache and restore MS's Host file:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Tell me if you're still being attacked.
My System SpecsSystem Spec
18 Jun 2013   #15
Nitsua

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
Let's flush the DNS cache and restore MS's Host file:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Tell me if you're still being attacked.
I believe I am still being attacked. I logged in and saw this on the logs right after my log in:
[DoS attack: ACK Scan] from source: 108.168.142.11:8448, Monday, June 17,2013 23:20:45

We have 3 computers and 1 tablet...I used this computer to do the above (which is my laptop that is connected to the router wireless) not sure if that matters or not. I'll keep an eye on the logs to see if anything else pops up but so far only that line above showed

EDIT: Yeah, the attacks are still showing up
My System SpecsSystem Spec
18 Jun 2013   #16
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
18 Jun 2013   #17
Nitsua

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
Yes. Over the past few months I've been playing TERA, Soldier Front 2, Path of Exile, Diablo 3, Tornado Force (Chinese Version of SF2), and League of Legends. Don't believe I'm missing anything. But I'm not really sure what that link above tells me..

Attacks still showing up, many different ips here's a few:
[DoS attack: ACK Scan] from source: 173.252.73.52:80, Tuesday, June 18,2013 18:16:25
[DoS attack: ACK Scan] from source: 173.252.73.52:80, Tuesday, June 18,2013 18:15:51
[DoS attack: ACK Scan] from source: 173.252.73.52:80, Tuesday, June 18,2013 18:15:19
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Tuesday, June 18,2013 17:45:34
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Tuesday, June 18,2013 17:44:44
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Tuesday, June 18,2013 17:44:19
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Tuesday, June 18,2013 17:41:41
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Tuesday, June 18,2013 17:41:20
[DoS attack: RST Scan] from source: 17.167.135.76:443, Tuesday, June 18,2013 17:41:06
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Tuesday, June 18,2013 17:40:52
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Tuesday, June 18,2013 17:40:27
[DoS attack: RST Scan] from source: 38.122.62.228:80, Tuesday, June 18,2013 17:39:10
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Tuesday, June 18,2013 17:36:34
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Tuesday, June 18,2013 17:35:53
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Tuesday, June 18,2013 17:35:32
[DoS attack: ACK Scan] from source: 17.167.135.76:443, Tuesday, June 18,2013 17:27:38
My System SpecsSystem Spec
18 Jun 2013   #18
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

The only thing I can think of is the game "server" is being attacked, which in turn is affecting you. Sorry, I can't be of more help.
My System SpecsSystem Spec
18 Jun 2013   #19
Nitsua

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
The only thing I can think of is the game "server" is being attacked, which in turn is affecting you. Sorry, I can't be of more help.
So I'm not being attacked directly? I'm safe?

Seems as if I'm fine on everything except for "TERA" .. sounds like others are having lag spikes also

a friend said something about something going on in the est area??

thank you for your time anyways!

Edit: What would you suggest I could say in a thread on TERA forums that would get their attention?
My System SpecsSystem Spec
Reply

 DDoS Attack, Changed IPs Still Under Attack




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Am I under attack?
Computer has been running a little strangely, lately. Seems that after I manually shut it down, it won't restart unless I toggle the on/off switch of one of the surge suppressors I have it attached to. So I ran Norton 360 to see what it has been doing to protect me. Below is a screen shot of...
System Security
Help Want Ask about DDoS Attack Characteristic at Windows 7
Excuse Me , i want ask about , what characteristic if my our pc using DDoS Attack or not (i mean Become Zombie to do DDoS Attack or not), i accidently click the link lookslike is anonymous using for DDoS Attack, i afraid that will harm my Notebook , and i don't want do criminal thing too, can...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:03.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App