Problems with Adware

Unanswered Question
Jun 20th, 2011
User Badges:


I have a problem with an adware(Blackhole DNS URLs) infecting a lot of machines, and I can't delete this from my network. How can I remove this malware.

Below the adware description:

1308583956.454 12 172.24.X.X TCP_DENIED/403 2993 GET "DOMAIN-BR\372670818@DOMAINBR" NONE/- - BLOCK_AMW_RESP_URL_11-Padrao-Authentication-NONE-NONE-NONE-NONE <IW_adv,-5.8,"13","Blackhole DNS URLs",90,39767,11269,"-","-",-,-,-,"-","-",-,"-","-",-,-,IW_adv,-,"Adware","Adware","Unknown","Unknown","-","-",1995.33,0,-,"-","-"> -

Someone can help me?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
edadios Mon, 06/20/2011 - 17:49
User Badges:
  • Silver, 250 points or more

If PCs are already infected, you will need a host anti virus to have it removed from the PC.



adminseginfo Tue, 06/21/2011 - 06:26
User Badges:

But the antivirus can not find the malware, and cisco website support has no information about the malware.

edadios Tue, 06/21/2011 - 21:33
User Badges:
  • Silver, 250 points or more

Your log shows the traffic is blocked by WSA.

My understanding is that your pc is trying to do this traffic, and that is because it is already infected.

You will need a host anti virus to scan your pc and remove it.

The WSA only deals with traffic it see, to do scan/block, whatever action is configured. It cannot remove Virus on the PC itself.




This Discussion